Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for emc_xc_core_6420_firmware by dell

    CVE-2024-0161 (GCVE-0-2024-0161)

    Vulnerability from nvd – Published: 2024-03-13 16:04 – Updated: 2024-08-12 13:56
    VLAI
    Summary
    Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell PowerEdge Platform Affected: N/A , < 1.1.1 (semver)
    Affected: N/A , < 1.13.2 (semver)
    Affected: N/A , < 1.14.1 (semver)
    Affected: N/A , < 1.9.1 (semver)
    Affected: N/A , < 2.21.2 (semver)
    Affected: N/A , < 2.21.1 (semver)
    Affected: N/A , < 2.21.0 (semver)
    Affected: N/A , < 2.19.0 (semver)
    Affected: N/A , < 2.14.0 (semver)
    Affected: N/A , < 1.19.0  (semver)
    Affected: N/A , < 2.20.0 (semver)
    Create a notification for this product.
    Date Public
    2024-03-12 06:30
    Credits
    Dell would like to thank codebreaker1337 as well as schur of BUPT, Dubhe Lab for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T17:41:15.986Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000222979/dsa-2024-006-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0161",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-12T13:56:13.395413Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-12T13:56:29.418Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PowerEdge Platform",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "1.1.1",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.13.2",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.14.1",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.9.1",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.21.2",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.21.1",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.21.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.19.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.14.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.19.0\u00a0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.20.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dell would like to thank codebreaker1337 as well as schur of BUPT, Dubhe Lab for reporting this issue."
            }
          ],
          "datePublic": "2024-03-12T06:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM."
                }
              ],
              "value": "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-13T16:04:12.678Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000222979/dsa-2024-006-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2024-0161",
        "datePublished": "2024-03-13T16:04:12.678Z",
        "dateReserved": "2023-12-14T05:30:39.766Z",
        "dateUpdated": "2024-08-12T13:56:29.418Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32460 (GCVE-0-2023-32460)

    Vulnerability from nvd – Published: 2023-12-08 05:37 – Updated: 2024-08-02 15:18
    VLAI
    Summary
    Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell PowerEdge Platform Affected: Versions prior to 1.6.6
    Affected: Versions prior to 1.3.6
    Affected: Versions prior to 1.1.2
    Affected: Versions prior to 1.12.1
    Affected: Versions prior to 1.8.1
    Affected: Versions prior to 1.13.3
    Affected: Versions prior to 2.13.3
    Affected: Versions prior to 2.20.1
    Affected: Versions prior to 2.20.0
    Affected: Versions prior to 2.15.1
    Affected: Versions prior to 1.21.0
    Affected: Versions prior to 2.18.1
    Affected: Versions prior to 2.13.0 
    Affected: Versions prior to 2.18.2
    Affected: Versions prior to 1.18.1 
    Affected: Versions prior to 2.19.1 
    Create a notification for this product.
    Date Public
    2023-12-07 06:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:18:37.251Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000219550/dsa-2023-361-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerability"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BIOS"
              ],
              "product": "PowerEdge Platform",
              "vendor": "Dell",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions prior to 1.6.6"
                },
                {
                  "status": "affected",
                  "version": "Versions prior to 1.3.6"
                },
                {
                  "status": "affected",
                  "version": "Versions prior to 1.1.2"
                },
                {
                  "status": "affected",
                  "version": "Versions prior to 1.12.1"
                },
                {
                  "status": "affected",
                  "version": "Versions prior to 1.8.1"
                },
                {
                  "status": "affected",
                  "version": "Versions prior to 1.13.3"
                },
                {
                  "status": "affected",
                  "version": "Versions prior to 2.13.3"
                },
                {
                  "status": "affected",
                  "version": "Versions prior to 2.20.1"
                },
                {
                  "status": "affected",
                  "version": "Versions prior to 2.20.0"
                },
                {
                  "status": "affected",
                  "version": "Versions prior to 2.15.1"
                },
                {
                  "status": "affected",
                  "version": "Versions prior to 1.21.0"
                },
                {
                  "status": "affected",
                  "version": "Versions prior to 2.18.1 "
                },
                {
                  "status": "affected",
                  "version": "Versions prior to 2.13.0\u202f "
                },
                {
                  "status": "affected",
                  "version": "Versions prior to 2.18.2 "
                },
                {
                  "status": "affected",
                  "version": "Versions prior to 1.18.1\u202f "
                },
                {
                  "status": "affected",
                  "version": "Versions prior to 2.19.1\u202f "
                }
              ]
            }
          ],
          "datePublic": "2023-12-07T06:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.\u003c/span\u003e\n\n"
                }
              ],
              "value": "\nDell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306: Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-08T05:37:52.680Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000219550/dsa-2023-361-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerability"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2023-32460",
        "datePublished": "2023-12-08T05:37:52.680Z",
        "dateReserved": "2023-05-09T06:05:24.994Z",
        "dateUpdated": "2024-08-02T15:18:37.251Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-25537 (GCVE-0-2023-25537)

    Vulnerability from nvd – Published: 2023-05-22 10:48 – Updated: 2025-01-21 15:07
    VLAI
    Summary
    Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell PowerEdge Platform Affected: Versions prior to 2.18.1
    Create a notification for this product.
    Date Public
    2023-05-15 06:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:25:18.634Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000213550/dsa-2023-098-security-update-for-dell-poweredge-14g-server-bios-for-an-out-of-bounds-write-vulnerability"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-25537",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-21T15:06:34.370163Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-21T15:07:54.481Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BIOS",
                "PowerEdge R740",
                "PowerEdge R740XD",
                "PowerEdge R640",
                "PowerEdge R940",
                "PowerEdge R540",
                "PowerEdge R440",
                "PowerEdge T440",
                "PowerEdge XR2",
                "PowerEdge R740xD2",
                "PowerEdge R840",
                "PowerEdge R940xa",
                "PowerEdge T640",
                "PowerEdge C6420",
                "PowerEdge FC640",
                "PowerEdge M640",
                "PowerEdge M640 (for PE VRTX)",
                "PowerEdge MX740c",
                "PowerEdge MX840c",
                "PowerEdge C4140",
                "DSS 8440",
                "PowerEdge XE2420",
                "PowerEdge XE7420",
                "PowerEdge XE7440",
                "Dell EMC Storage NX3240",
                "Dell EMC Storage NX3340",
                "Dell EMC XC Core 6420 System",
                "Dell EMC XC Core XC640 System",
                "Dell EMC XC Core XC740xd System",
                "Dell EMC XC Core XC740xd2",
                "Dell EMC XC Core XC940 System",
                "Dell EMC XC Core XCXR2"
              ],
              "product": "PowerEdge Platform",
              "vendor": "Dell",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions prior to 2.18.1 "
                }
              ]
            }
          ],
          "datePublic": "2023-05-15T06:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.\u003c/span\u003e\n\n"
                }
              ],
              "value": "\nDell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-22T10:48:45.847Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000213550/dsa-2023-098-security-update-for-dell-poweredge-14g-server-bios-for-an-out-of-bounds-write-vulnerability"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2023-25537",
        "datePublished": "2023-05-22T10:48:45.847Z",
        "dateReserved": "2023-02-07T09:35:27.079Z",
        "dateUpdated": "2025-01-21T15:07:54.481Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-0161 (GCVE-0-2024-0161)

    Vulnerability from cvelistv5 – Published: 2024-03-13 16:04 – Updated: 2024-08-12 13:56
    VLAI
    Summary
    Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell PowerEdge Platform Affected: N/A , < 1.1.1 (semver)
    Affected: N/A , < 1.13.2 (semver)
    Affected: N/A , < 1.14.1 (semver)
    Affected: N/A , < 1.9.1 (semver)
    Affected: N/A , < 2.21.2 (semver)
    Affected: N/A , < 2.21.1 (semver)
    Affected: N/A , < 2.21.0 (semver)
    Affected: N/A , < 2.19.0 (semver)
    Affected: N/A , < 2.14.0 (semver)
    Affected: N/A , < 1.19.0  (semver)
    Affected: N/A , < 2.20.0 (semver)
    Create a notification for this product.
    Date Public
    2024-03-12 06:30
    Credits
    Dell would like to thank codebreaker1337 as well as schur of BUPT, Dubhe Lab for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T17:41:15.986Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000222979/dsa-2024-006-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0161",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-12T13:56:13.395413Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-12T13:56:29.418Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PowerEdge Platform",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "1.1.1",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.13.2",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.14.1",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.9.1",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.21.2",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.21.1",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.21.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.19.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.14.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.19.0\u00a0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.20.0",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dell would like to thank codebreaker1337 as well as schur of BUPT, Dubhe Lab for reporting this issue."
            }
          ],
          "datePublic": "2024-03-12T06:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM."
                }
              ],
              "value": "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-13T16:04:12.678Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000222979/dsa-2024-006-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2024-0161",
        "datePublished": "2024-03-13T16:04:12.678Z",
        "dateReserved": "2023-12-14T05:30:39.766Z",
        "dateUpdated": "2024-08-12T13:56:29.418Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32460 (GCVE-0-2023-32460)

    Vulnerability from cvelistv5 – Published: 2023-12-08 05:37 – Updated: 2024-08-02 15:18
    VLAI
    Summary
    Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell PowerEdge Platform Affected: Versions prior to 1.6.6
    Affected: Versions prior to 1.3.6
    Affected: Versions prior to 1.1.2
    Affected: Versions prior to 1.12.1
    Affected: Versions prior to 1.8.1
    Affected: Versions prior to 1.13.3
    Affected: Versions prior to 2.13.3
    Affected: Versions prior to 2.20.1
    Affected: Versions prior to 2.20.0
    Affected: Versions prior to 2.15.1
    Affected: Versions prior to 1.21.0
    Affected: Versions prior to 2.18.1
    Affected: Versions prior to 2.13.0 
    Affected: Versions prior to 2.18.2
    Affected: Versions prior to 1.18.1 
    Affected: Versions prior to 2.19.1 
    Create a notification for this product.
    Date Public
    2023-12-07 06:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:18:37.251Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000219550/dsa-2023-361-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerability"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BIOS"
              ],
              "product": "PowerEdge Platform",
              "vendor": "Dell",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions prior to 1.6.6"
                },
                {
                  "status": "affected",
                  "version": "Versions prior to 1.3.6"
                },
                {
                  "status": "affected",
                  "version": "Versions prior to 1.1.2"
                },
                {
                  "status": "affected",
                  "version": "Versions prior to 1.12.1"
                },
                {
                  "status": "affected",
                  "version": "Versions prior to 1.8.1"
                },
                {
                  "status": "affected",
                  "version": "Versions prior to 1.13.3"
                },
                {
                  "status": "affected",
                  "version": "Versions prior to 2.13.3"
                },
                {
                  "status": "affected",
                  "version": "Versions prior to 2.20.1"
                },
                {
                  "status": "affected",
                  "version": "Versions prior to 2.20.0"
                },
                {
                  "status": "affected",
                  "version": "Versions prior to 2.15.1"
                },
                {
                  "status": "affected",
                  "version": "Versions prior to 1.21.0"
                },
                {
                  "status": "affected",
                  "version": "Versions prior to 2.18.1 "
                },
                {
                  "status": "affected",
                  "version": "Versions prior to 2.13.0\u202f "
                },
                {
                  "status": "affected",
                  "version": "Versions prior to 2.18.2 "
                },
                {
                  "status": "affected",
                  "version": "Versions prior to 1.18.1\u202f "
                },
                {
                  "status": "affected",
                  "version": "Versions prior to 2.19.1\u202f "
                }
              ]
            }
          ],
          "datePublic": "2023-12-07T06:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.\u003c/span\u003e\n\n"
                }
              ],
              "value": "\nDell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306: Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-08T05:37:52.680Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000219550/dsa-2023-361-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerability"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2023-32460",
        "datePublished": "2023-12-08T05:37:52.680Z",
        "dateReserved": "2023-05-09T06:05:24.994Z",
        "dateUpdated": "2024-08-02T15:18:37.251Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-25537 (GCVE-0-2023-25537)

    Vulnerability from cvelistv5 – Published: 2023-05-22 10:48 – Updated: 2025-01-21 15:07
    VLAI
    Summary
    Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell PowerEdge Platform Affected: Versions prior to 2.18.1
    Create a notification for this product.
    Date Public
    2023-05-15 06:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:25:18.634Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000213550/dsa-2023-098-security-update-for-dell-poweredge-14g-server-bios-for-an-out-of-bounds-write-vulnerability"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-25537",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-21T15:06:34.370163Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-21T15:07:54.481Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BIOS",
                "PowerEdge R740",
                "PowerEdge R740XD",
                "PowerEdge R640",
                "PowerEdge R940",
                "PowerEdge R540",
                "PowerEdge R440",
                "PowerEdge T440",
                "PowerEdge XR2",
                "PowerEdge R740xD2",
                "PowerEdge R840",
                "PowerEdge R940xa",
                "PowerEdge T640",
                "PowerEdge C6420",
                "PowerEdge FC640",
                "PowerEdge M640",
                "PowerEdge M640 (for PE VRTX)",
                "PowerEdge MX740c",
                "PowerEdge MX840c",
                "PowerEdge C4140",
                "DSS 8440",
                "PowerEdge XE2420",
                "PowerEdge XE7420",
                "PowerEdge XE7440",
                "Dell EMC Storage NX3240",
                "Dell EMC Storage NX3340",
                "Dell EMC XC Core 6420 System",
                "Dell EMC XC Core XC640 System",
                "Dell EMC XC Core XC740xd System",
                "Dell EMC XC Core XC740xd2",
                "Dell EMC XC Core XC940 System",
                "Dell EMC XC Core XCXR2"
              ],
              "product": "PowerEdge Platform",
              "vendor": "Dell",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions prior to 2.18.1 "
                }
              ]
            }
          ],
          "datePublic": "2023-05-15T06:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.\u003c/span\u003e\n\n"
                }
              ],
              "value": "\nDell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-22T10:48:45.847Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000213550/dsa-2023-098-security-update-for-dell-poweredge-14g-server-bios-for-an-out-of-bounds-write-vulnerability"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2023-25537",
        "datePublished": "2023-05-22T10:48:45.847Z",
        "dateReserved": "2023-02-07T09:35:27.079Z",
        "dateUpdated": "2025-01-21T15:07:54.481Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }