Search criteria
18 vulnerabilities found for poweredge_r650_firmware by dell
CVE-2025-26482 (GCVE-0-2025-26482)
Vulnerability from nvd – Published: 2025-09-25 21:11 – Updated: 2025-09-26 17:39
VLAI?
Summary
Dell PowerEdge Server BIOS and Dell iDRAC9, all versions, contains an Information Disclosure vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information Disclosure.
Severity ?
4.9 (Medium)
CWE
- CWE-1258 - Exposure of Sensitive System Information Due to Uncleared Debug Information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Dell | PowerEdge R770 |
Affected:
N/A , < 1.2.6
(semver)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26482",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-26T17:38:37.455824Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-26T17:39:20.743Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PowerEdge R770",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.2.6",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R670",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.2.6",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R570",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.2.6",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R470",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.2.6",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R6715",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.1.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R7715",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.1.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R6725",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.1.3",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R7725",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.1.3",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R660",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R760",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge C6620",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge MX760c",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R860",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R960",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge HS5610",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge HS5620",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R660xs",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R760xs",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R760xd2",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge T560",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R760xa",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XE9680",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XE9680L",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XR5610",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XR8610t",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XR8620t",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XR7620",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XE8640",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XE9640",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge T160",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.0.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge T360",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.0.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R260",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.0.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R360",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.0.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R650",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R750",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R750XA",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge C6520",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge MX750C",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R550",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R450",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R650XS",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R750XS",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge T550",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XR11",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XR12",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XR4510c",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.17.3",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XR4520c",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.17.3",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge T150",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.11.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge T350",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.11.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.11.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R350",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.11.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R740",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R740XD",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R640",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R940",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R540",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R440",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge T440",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XR2",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R740XD2",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R840",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R940XA",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge T640",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge C6420",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge FC640",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge M640",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge M640 (for PE VRTX)",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge MX740C",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge MX840C",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge C4140",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DSS 8440",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XE2420",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XE7420",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XE7440",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge T140",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.18.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge T340",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.18.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R240",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.18.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R340",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.18.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC Storage NX3240",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC Storage NX3340",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC NX440",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.18.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell XC Core XC660",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell XC Core XC760",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell XC Core XC660xs",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell XC Core XC760xa",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC XC Core XC450",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC XC Core XC650",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC XC Core XC750",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC XC Core XC750xa",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC XC Core XC6520",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC XC Core 6420 System",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC XC Core XC640 System",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC XC Core XC740xd System",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC XC Core XC740xd2",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC XC Core XC940 System",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC XC Core XCXR2",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R6615",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R7615",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R6625",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R7625",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge C6615",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.6.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R6515",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.18.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R6525",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.18.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R7515",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.18.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R7525",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.18.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge C6525",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.18.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XE8545",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.17.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC XC Core XC7525",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.18.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell XC Core XC7625",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R6415",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.25.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R7415",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.25.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R7425",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.25.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "iDRAC9",
"vendor": "Dell",
"versions": [
{
"lessThan": "7.00.00.181",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "iDRAC9",
"vendor": "Dell",
"versions": [
{
"lessThan": "7.20.10.50",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-09-23T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell PowerEdge Server BIOS and Dell iDRAC9, all versions, contains an Information Disclosure vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information Disclosure."
}
],
"value": "Dell PowerEdge Server BIOS and Dell iDRAC9, all versions, contains an Information Disclosure vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information Disclosure."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1258",
"description": "CWE-1258: Exposure of Sensitive System Information Due to Uncleared Debug Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T21:11:43.372Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000370138/dsa-2025-046-security-update-for-dell-poweredge-server-and-dell-idrac9-for-information-disclosure-vulnerability"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2025-26482",
"datePublished": "2025-09-25T21:11:43.372Z",
"dateReserved": "2025-02-11T06:06:12.147Z",
"dateUpdated": "2025-09-26T17:39:20.743Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0172 (GCVE-0-2024-0172)
Vulnerability from nvd – Published: 2024-04-03 09:09 – Updated: 2024-08-20 20:30
VLAI?
Summary
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.
Severity ?
7.9 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerEdge Platform |
Affected:
N/A , < 1.5.6
(semver)
Affected: N/A , < 1.1.3 (semver) Affected: N/A , < 1.1.4 (semver) Affected: N/A , < 1.2.5 (semver) Affected: N/A , < 1.3.6 (semver) Affected: N/A , < 1.4.6 (semver) Affected: N/A , < 1.11.2 (semver) Affected: N/A , < 1.7.3 (semver) Affected: N/A , < 1.12.1 (semver) Affected: N/A , < 2.12.4 (semver) Affected: N/A , < 2.19.1 (semver) Affected: N/A , < 2.19.0 (semver) Affected: N/A , < 2.14.1 (semver) Affected: N/A , < 1.20.0 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:41:16.006Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000223727/dsa-2024-035-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerability"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r660_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r660_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.5.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r760_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r760_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.5.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_c6620_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_c6620_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.5.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_mx760c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_mx760c_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.5.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r860_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r860_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.5.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r960_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r960_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.5.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_hs5610_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_hs5610_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.5.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_hs5620_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_hs5620_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.5.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r660xs_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r660xs_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.5.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r760xs_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r760xs_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.5.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r760xd2_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r760xd2_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.5.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_t560_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_t560_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.5.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r760xa_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r760xa_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_xe9680_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_xe9680_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_xr5610_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_xr5610_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_xr8620t_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_xr8620t_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_xr7620_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_xr7620_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.5.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_xe8640_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_xe8640_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.2.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_xe9640_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_xe9640_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.3.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r6615_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r6615_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.4.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r7615_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r7615_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.4.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r6625_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r6625_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.4.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r7625_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r7625_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.4.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r650_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r650_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r750_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r750_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r750xa_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r750xa_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_c6520_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_c6520_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_mx750c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_mx750c_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r550_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r550_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r450_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r450_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r650xs_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r650xs_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r750xs_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r750xs_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_t550_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_t550_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_xr11_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_xr11_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_xr12_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_xr12_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_t150_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_t150_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.7.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_t350_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_t350_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.7.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r250_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r250_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.7.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r350_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r350_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.7.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_xr4510c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_xr4510c_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.12.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_xr4520c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_xr4520c_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.12.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r6515_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r6515_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.12.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r6525_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r6525_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.12.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r7515_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r7515_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.12.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r7525_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r7525_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.12.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_c6525_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_c6525_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.12.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_xe8545_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_xe8545_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.12.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r740_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r740_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r740xd_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r740xd_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r640_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r640_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r940_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r940_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r540_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r540_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r440_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r440_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_t440_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_t440_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_xr2_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_xr2_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r740xd2_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r740xd2_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r840_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r840_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r940xa_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r940xa_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_t640_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_t640_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_c6420_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_c6420_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_fc640_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_fc640_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_m640_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_m640_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_mx740c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_mx740c_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_mx840c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_mx840c_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_c4140_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_c4140_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_xe2420_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_xe2420_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_xe7420_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_xe7420_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_xe7440_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_xe7440_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_t140_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_t140_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.14.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_t340_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_t340_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.14.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r240_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r240_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.14.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r340_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r340_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.14.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r6415_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r6415_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.20.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r7415_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r7415_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.20.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r7425_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r7425_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.20.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:emc_storage_nx3240_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "emc_storage_nx3240_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:emc_storage_nx3340_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "emc_storage_nx3340_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:emc_xc_core_xc450_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "emc_xc_core_xc450_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:emc_xc_core_xc650_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "emc_xc_core_xc650_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:emc_xc_core_xc750_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "emc_xc_core_xc750_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0172",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-11T04:01:19.460976Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-20T20:30:48.954Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PowerEdge Platform",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.5.6",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.1.3",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.1.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.2.5",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.3.6",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.4.6",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.11.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.7.3",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.12.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.12.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.19.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.19.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.14.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.20.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-04-02T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation."
}
],
"value": "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-03T09:09:18.449Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000223727/dsa-2024-035-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerability"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-0172",
"datePublished": "2024-04-03T09:09:18.449Z",
"dateReserved": "2023-12-14T05:35:36.325Z",
"dateUpdated": "2024-08-20T20:30:48.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0173 (GCVE-0-2024-0173)
Vulnerability from nvd – Published: 2024-03-13 16:52 – Updated: 2024-08-01 17:41
VLAI?
Summary
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory.
Severity ?
CWE
- CWE-788 - Access of Memory Location After End of Buffer
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerEdge Platform |
Affected:
N/A , < 2.0.0
(semver)
Affected: N/A , < 1.7.6 (semver) Affected: N/A , < 1.7.2 (semver) Affected: N/A , < 1.2.3 (semver) Affected: N/A , < 1.13.2 (semver) Affected: N/A , < 1.14.1 (semver) Affected: N/A , < 1.9.1 (semver) Affected: N/A , < 2.14.1 (semver) Affected: N/A , < 2.21.2 (semver) Affected: N/A , < 2.21.1 (semver) Affected: N/A , < 2.21.0 (semver) Affected: N/A , < 2.16.0 (semver) Affected: N/A , < 2.19.0 (semver) Affected: N/A , < 2.14.0 (semver) Affected: N/A , < 1.19.0 (semver) Affected: N/A , < 2.20.0 (semver) |
Credits
Dell would like to thank codebreaker1337 for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0173",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-13T20:00:50.556667Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:58:23.919Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:41:16.066Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000222898/dsa-2024-034-security-update-for-dell-poweredge-server-bios-for-an-improper-parameter-initialization-vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PowerEdge Platform\t",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.0.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.7.6",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.7.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.2.3",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.13.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.14.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.9.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.14.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.21.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.21.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.21.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.16.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.19.0\u00a0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.14.0\u00a0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.19.0\u00a0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.20.0\u202f\u00a0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dell would like to thank codebreaker1337 for reporting this issue."
}
],
"datePublic": "2024-03-12T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory."
}
],
"value": "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-788",
"description": "CWE-788: Access of Memory Location After End of Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-13T16:52:21.293Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000222898/dsa-2024-034-security-update-for-dell-poweredge-server-bios-for-an-improper-parameter-initialization-vulnerability"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-0173",
"datePublished": "2024-03-13T16:52:21.293Z",
"dateReserved": "2023-12-14T05:35:37.836Z",
"dateUpdated": "2024-08-01T17:41:16.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0163 (GCVE-0-2024-0163)
Vulnerability from nvd – Published: 2024-03-13 16:28 – Updated: 2024-08-12 13:54
VLAI?
Summary
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain a TOCTOU race condition vulnerability. A local low privileged attacker could potentially exploit this vulnerability to gain access to otherwise unauthorized resources.
Severity ?
5.3 (Medium)
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerEdge BIOS Intel 16G |
Affected:
N/A , < 2.0.0
(semver)
Affected: N/A , < 1.7.6 (semver) Affected: N/A , < 1.7.2 (semver) Affected: N/A , < 1.2.3 (semver) Affected: N/A , < 1.13.2 (semver) Affected: N/A , < 1.9.1 (semver) Affected: N/A , < 1.14.1 (semver) Affected: N/A , < 2.14.1 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:41:16.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000222756/dsa-2024-003-security-update-for-dell-poweredge-server-bios-for-a-time-of-check-time-of-use-toctou-vulnerability"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0163",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-12T13:54:34.641518Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T13:54:53.369Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PowerEdge BIOS Intel 16G",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.0.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.7.6",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.7.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.2.3",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.13.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.9.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.14.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.14.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-03-12T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain a TOCTOU race condition vulnerability. A local low privileged attacker could potentially exploit this vulnerability to gain access to otherwise unauthorized resources."
}
],
"value": "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain a TOCTOU race condition vulnerability. A local low privileged attacker could potentially exploit this vulnerability to gain access to otherwise unauthorized resources."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-13T16:28:00.444Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000222756/dsa-2024-003-security-update-for-dell-poweredge-server-bios-for-a-time-of-check-time-of-use-toctou-vulnerability"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-0163",
"datePublished": "2024-03-13T16:28:00.444Z",
"dateReserved": "2023-12-14T05:30:42.511Z",
"dateUpdated": "2024-08-12T13:54:53.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0162 (GCVE-0-2024-0162)
Vulnerability from nvd – Published: 2024-03-13 16:18 – Updated: 2024-08-01 20:17
VLAI?
Summary
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to out-of-bound read/writes to SMRAM.
Severity ?
5.3 (Medium)
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerEdge BIOS Intel 16G |
Affected:
N/A , < 2.0.0
(semver)
Affected: N/A , < 1.7.6 (semver) Affected: N/A , < 1.7.2 (semver) Affected: N/A , < 1.2.3 (semver) Affected: N/A , < 1.13.2 (semver) Affected: N/A , < 1.9.1 (semver) Affected: N/A , < 1.14.1 (semver) Affected: N/A , < 2.14.1 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:41:16.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000222812/dsa-2024-004-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0162",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-26T13:41:24.076852Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T20:17:13.932Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PowerEdge BIOS Intel 16G",
"vendor": "Dell",
"versions": [
{
"lessThan": " 2.0.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.7.6",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.7.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.2.3",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.13.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.9.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.14.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.14.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-03-12T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to out-of-bound read/writes to SMRAM."
}
],
"value": "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to out-of-bound read/writes to SMRAM."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-13T16:18:23.730Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000222812/dsa-2024-004-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-0162",
"datePublished": "2024-03-13T16:18:23.730Z",
"dateReserved": "2023-12-14T05:30:40.938Z",
"dateUpdated": "2024-08-01T20:17:13.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0154 (GCVE-0-2024-0154)
Vulnerability from nvd – Published: 2024-03-13 16:41 – Updated: 2024-08-01 17:41
VLAI?
Summary
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory.
Severity ?
CWE
- CWE-788 - Access of Memory Location After End of Buffer
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerEdge Platform |
Affected:
N/A , < 2.0.0
(semver)
Affected: N/A , < 1.7.6 (semver) Affected: N/A , < 1.7.2 (semver) Affected: N/A , < 1.2.3 (semver) Affected: N/A , < 1.13.2 (semver) Affected: N/A , < 1.14.1 (semver) Affected: N/A , < 1.9.1 (semver) Affected: N/A , < 2.14.1 (semver) Affected: N/A , < 2.21.2 (semver) Affected: N/A , < 2.21.1 (semver) Affected: N/A , < 2.21.0 (semver) Affected: N/A , < 2.16.0 (semver) Affected: N/A , < 2.19.0 (semver) Affected: N/A , < 2.14.0 (semver) Affected: N/A , < 1.19.0 (semver) Affected: N/A , < 2.20.0 (semver) |
Credits
Dell would like to thank codebreaker1337 for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0154",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-13T19:40:48.987776Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:58:45.175Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:41:16.006Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000222898/dsa-2024-034-security-update-for-dell-poweredge-server-bios-for-an-improper-parameter-initialization-vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PowerEdge Platform",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.0.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.7.6",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.7.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.2.3",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.13.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.14.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.9.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.14.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.21.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.21.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.21.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.16.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.19.0\u00a0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.14.0\u00a0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.19.0\u00a0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.20.0\u202f",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dell would like to thank codebreaker1337 for reporting this issue."
}
],
"datePublic": "2024-03-12T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory."
}
],
"value": "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-788",
"description": "CWE-788: Access of Memory Location After End of Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-13T16:41:09.360Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000222898/dsa-2024-034-security-update-for-dell-poweredge-server-bios-for-an-improper-parameter-initialization-vulnerability"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-0154",
"datePublished": "2024-03-13T16:41:09.360Z",
"dateReserved": "2023-12-14T05:29:25.760Z",
"dateUpdated": "2024-08-01T17:41:16.006Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0161 (GCVE-0-2024-0161)
Vulnerability from nvd – Published: 2024-03-13 16:04 – Updated: 2024-08-12 13:56
VLAI?
Summary
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM.
Severity ?
7.2 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerEdge Platform |
Affected:
N/A , < 1.1.1
(semver)
Affected: N/A , < 1.13.2 (semver) Affected: N/A , < 1.14.1 (semver) Affected: N/A , < 1.9.1 (semver) Affected: N/A , < 2.21.2 (semver) Affected: N/A , < 2.21.1 (semver) Affected: N/A , < 2.21.0 (semver) Affected: N/A , < 2.19.0 (semver) Affected: N/A , < 2.14.0 (semver) Affected: N/A , < 1.19.0 (semver) Affected: N/A , < 2.20.0 (semver) |
Credits
Dell would like to thank codebreaker1337 as well as schur of BUPT, Dubhe Lab for reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:41:15.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000222979/dsa-2024-006-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0161",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-12T13:56:13.395413Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T13:56:29.418Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PowerEdge Platform",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.1.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.13.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.14.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.9.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.21.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.21.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.21.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.19.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.14.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.19.0\u00a0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.20.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dell would like to thank codebreaker1337 as well as schur of BUPT, Dubhe Lab for reporting this issue."
}
],
"datePublic": "2024-03-12T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM."
}
],
"value": "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-13T16:04:12.678Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000222979/dsa-2024-006-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-0161",
"datePublished": "2024-03-13T16:04:12.678Z",
"dateReserved": "2023-12-14T05:30:39.766Z",
"dateUpdated": "2024-08-12T13:56:29.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32460 (GCVE-0-2023-32460)
Vulnerability from nvd – Published: 2023-12-08 05:37 – Updated: 2024-08-02 15:18
VLAI?
Summary
Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.
Severity ?
8.8 (High)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerEdge Platform |
Affected:
Versions prior to 1.6.6
Affected: Versions prior to 1.3.6 Affected: Versions prior to 1.1.2 Affected: Versions prior to 1.12.1 Affected: Versions prior to 1.8.1 Affected: Versions prior to 1.13.3 Affected: Versions prior to 2.13.3 Affected: Versions prior to 2.20.1 Affected: Versions prior to 2.20.0 Affected: Versions prior to 2.15.1 Affected: Versions prior to 1.21.0 Affected: Versions prior to 2.18.1 Affected: Versions prior to 2.13.0 Affected: Versions prior to 2.18.2 Affected: Versions prior to 1.18.1 Affected: Versions prior to 2.19.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:18:37.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000219550/dsa-2023-361-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"BIOS"
],
"product": "PowerEdge Platform",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "Versions prior to 1.6.6"
},
{
"status": "affected",
"version": "Versions prior to 1.3.6"
},
{
"status": "affected",
"version": "Versions prior to 1.1.2"
},
{
"status": "affected",
"version": "Versions prior to 1.12.1"
},
{
"status": "affected",
"version": "Versions prior to 1.8.1"
},
{
"status": "affected",
"version": "Versions prior to 1.13.3"
},
{
"status": "affected",
"version": "Versions prior to 2.13.3"
},
{
"status": "affected",
"version": "Versions prior to 2.20.1"
},
{
"status": "affected",
"version": "Versions prior to 2.20.0"
},
{
"status": "affected",
"version": "Versions prior to 2.15.1"
},
{
"status": "affected",
"version": "Versions prior to 1.21.0"
},
{
"status": "affected",
"version": "Versions prior to 2.18.1 "
},
{
"status": "affected",
"version": "Versions prior to 2.13.0\u202f "
},
{
"status": "affected",
"version": "Versions prior to 2.18.2 "
},
{
"status": "affected",
"version": "Versions prior to 1.18.1\u202f "
},
{
"status": "affected",
"version": "Versions prior to 2.19.1\u202f "
}
]
}
],
"datePublic": "2023-12-07T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.\u003c/span\u003e\n\n"
}
],
"value": "\nDell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-08T05:37:52.680Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000219550/dsa-2023-361-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerability"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2023-32460",
"datePublished": "2023-12-08T05:37:52.680Z",
"dateReserved": "2023-05-09T06:05:24.994Z",
"dateUpdated": "2024-08-02T15:18:37.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32461 (GCVE-0-2023-32461)
Vulnerability from nvd – Published: 2023-09-15 06:56 – Updated: 2024-09-25 14:12
VLAI?
Summary
Dell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, leading to corrupt memory and potentially escalate privileges.
Severity ?
5 (Medium)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerEdge Platform |
Affected:
Versions prior to 1.5.6
Affected: Versions prior to 1.1.3 Affected: Versions prior to 1.1.4 Affected: Versions prior to 1.2.5 Affected: Versions prior to 1.3.11 Affected: Versions prior to 1.10.2 Affected: Versions prior to 1.6.3 Affected: Versions prior to 1.10.4 Affected: Versions prior to 2.11.4 Affected: Versions prior to 2.11.3 Affected: Versions prior to Before 1.11.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:18:37.226Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000216543/dsa-2023-292-security-update-for-dell-poweredge-server-bios-vulnerability"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32461",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T14:01:49.731484Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T14:12:53.858Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "BIOS",
"platforms": [
"PowerEdge R660",
"PowerEdge R760",
"PowerEdge C6620",
"PowerEdge MX760c",
"PowerEdge R860",
"PowerEdge R960",
"PowerEdge HS5610",
"PowerEdge HS5620",
"PowerEdge R660xs",
"PowerEdge R760xs",
"PowerEdge R760xd2",
"PowerEdge T560",
"PowerEdge R760xa",
"PowerEdge XE9680",
"PowerEdge XR5610",
"PowerEdge XR8620t",
"PowerEdge XR7620",
"PowerEdge XE8640",
"PowerEdge R6615",
"PowerEdge R7615",
"PowerEdge R6625",
"PowerEdge R7625",
"PowerEdge R650",
"PowerEdge R750",
"PowerEdge R750XA",
"PowerEdge C6520",
"PowerEdge MX750C",
"PowerEdge R550",
"PowerEdge R450",
"PowerEdge R650XS",
"PowerEdge R750XS",
"PowerEdge T550",
"PowerEdge XR11",
"PowerEdge XR12",
"PowerEdge T150",
"PowerEdge T350",
"PowerEdge R250",
"PowerEdge R350",
"PowerEdge XR4510c",
"PowerEdge XR4520c",
"PowerEdge R6515",
"PowerEdge R6525",
"PowerEdge R7515",
"PowerEdge R7525",
"PowerEdge C6525",
"PowerEdge XE8545",
"Dell EMC XC Core XC450",
"Dell EMC XC Core XC650",
"Dell EMC XC Core XC750",
"Dell EMC XC Core XC750xa",
"Dell EMC XC Core XC6520",
"Dell EMC XC Core XC7525"
],
"product": "PowerEdge Platform",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "Versions prior to 1.5.6"
},
{
"status": "affected",
"version": "Versions prior to 1.1.3"
},
{
"status": "affected",
"version": "Versions prior to 1.1.4"
},
{
"status": "affected",
"version": "Versions prior to 1.2.5"
},
{
"status": "affected",
"version": "Versions prior to 1.3.11"
},
{
"status": "affected",
"version": "Versions prior to 1.10.2"
},
{
"status": "affected",
"version": "Versions prior to 1.6.3"
},
{
"status": "affected",
"version": "Versions prior to 1.10.4"
},
{
"status": "affected",
"version": "Versions prior to 2.11.4"
},
{
"status": "affected",
"version": "Versions prior to 2.11.3"
},
{
"status": "affected",
"version": "Versions prior to Before 1.11.2"
}
]
}
],
"datePublic": "2023-09-14T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, leading to corrupt memory and potentially escalate privileges. \u0026nbsp;\u003c/span\u003e\n\n"
}
],
"value": "\nDell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, leading to corrupt memory and potentially escalate privileges. \u00a0\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-15T06:56:54.605Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000216543/dsa-2023-292-security-update-for-dell-poweredge-server-bios-vulnerability"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2023-32461",
"datePublished": "2023-09-15T06:56:54.605Z",
"dateReserved": "2023-05-09T06:05:24.994Z",
"dateUpdated": "2024-09-25T14:12:53.858Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-26482 (GCVE-0-2025-26482)
Vulnerability from cvelistv5 – Published: 2025-09-25 21:11 – Updated: 2025-09-26 17:39
VLAI?
Summary
Dell PowerEdge Server BIOS and Dell iDRAC9, all versions, contains an Information Disclosure vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information Disclosure.
Severity ?
4.9 (Medium)
CWE
- CWE-1258 - Exposure of Sensitive System Information Due to Uncleared Debug Information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Dell | PowerEdge R770 |
Affected:
N/A , < 1.2.6
(semver)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26482",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-26T17:38:37.455824Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-26T17:39:20.743Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PowerEdge R770",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.2.6",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R670",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.2.6",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R570",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.2.6",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R470",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.2.6",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R6715",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.1.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R7715",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.1.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R6725",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.1.3",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R7725",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.1.3",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R660",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R760",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge C6620",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge MX760c",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R860",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R960",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge HS5610",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge HS5620",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R660xs",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R760xs",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R760xd2",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge T560",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R760xa",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XE9680",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XE9680L",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XR5610",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XR8610t",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XR8620t",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XR7620",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XE8640",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XE9640",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge T160",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.0.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge T360",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.0.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R260",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.0.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R360",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.0.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R650",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R750",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R750XA",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge C6520",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge MX750C",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R550",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R450",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R650XS",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R750XS",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge T550",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XR11",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XR12",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XR4510c",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.17.3",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XR4520c",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.17.3",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge T150",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.11.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge T350",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.11.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.11.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R350",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.11.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R740",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R740XD",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R640",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R940",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R540",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R440",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge T440",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XR2",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R740XD2",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R840",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R940XA",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge T640",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge C6420",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge FC640",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge M640",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge M640 (for PE VRTX)",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge MX740C",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge MX840C",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge C4140",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DSS 8440",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XE2420",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XE7420",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XE7440",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge T140",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.18.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge T340",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.18.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R240",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.18.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R340",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.18.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC Storage NX3240",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC Storage NX3340",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC NX440",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.18.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell XC Core XC660",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell XC Core XC760",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell XC Core XC660xs",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell XC Core XC760xa",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC XC Core XC450",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC XC Core XC650",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC XC Core XC750",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC XC Core XC750xa",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC XC Core XC6520",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC XC Core 6420 System",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC XC Core XC640 System",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC XC Core XC740xd System",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC XC Core XC740xd2",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC XC Core XC940 System",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC XC Core XCXR2",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R6615",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R7615",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R6625",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R7625",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge C6615",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.6.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R6515",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.18.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R6525",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.18.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R7515",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.18.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R7525",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.18.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge C6525",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.18.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XE8545",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.17.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC XC Core XC7525",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.18.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell XC Core XC7625",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R6415",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.25.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R7415",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.25.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R7425",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.25.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "iDRAC9",
"vendor": "Dell",
"versions": [
{
"lessThan": "7.00.00.181",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "iDRAC9",
"vendor": "Dell",
"versions": [
{
"lessThan": "7.20.10.50",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-09-23T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell PowerEdge Server BIOS and Dell iDRAC9, all versions, contains an Information Disclosure vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information Disclosure."
}
],
"value": "Dell PowerEdge Server BIOS and Dell iDRAC9, all versions, contains an Information Disclosure vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information Disclosure."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1258",
"description": "CWE-1258: Exposure of Sensitive System Information Due to Uncleared Debug Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T21:11:43.372Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000370138/dsa-2025-046-security-update-for-dell-poweredge-server-and-dell-idrac9-for-information-disclosure-vulnerability"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2025-26482",
"datePublished": "2025-09-25T21:11:43.372Z",
"dateReserved": "2025-02-11T06:06:12.147Z",
"dateUpdated": "2025-09-26T17:39:20.743Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0172 (GCVE-0-2024-0172)
Vulnerability from cvelistv5 – Published: 2024-04-03 09:09 – Updated: 2024-08-20 20:30
VLAI?
Summary
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.
Severity ?
7.9 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerEdge Platform |
Affected:
N/A , < 1.5.6
(semver)
Affected: N/A , < 1.1.3 (semver) Affected: N/A , < 1.1.4 (semver) Affected: N/A , < 1.2.5 (semver) Affected: N/A , < 1.3.6 (semver) Affected: N/A , < 1.4.6 (semver) Affected: N/A , < 1.11.2 (semver) Affected: N/A , < 1.7.3 (semver) Affected: N/A , < 1.12.1 (semver) Affected: N/A , < 2.12.4 (semver) Affected: N/A , < 2.19.1 (semver) Affected: N/A , < 2.19.0 (semver) Affected: N/A , < 2.14.1 (semver) Affected: N/A , < 1.20.0 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:41:16.006Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000223727/dsa-2024-035-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerability"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r660_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r660_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.5.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r760_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r760_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.5.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_c6620_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_c6620_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.5.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_mx760c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_mx760c_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.5.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r860_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r860_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.5.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r960_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r960_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.5.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_hs5610_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_hs5610_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.5.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_hs5620_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_hs5620_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.5.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r660xs_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r660xs_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.5.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r760xs_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r760xs_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.5.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r760xd2_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r760xd2_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.5.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_t560_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_t560_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.5.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r760xa_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r760xa_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_xe9680_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_xe9680_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_xr5610_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_xr5610_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_xr8620t_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_xr8620t_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_xr7620_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_xr7620_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.5.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_xe8640_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_xe8640_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.2.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_xe9640_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_xe9640_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.3.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r6615_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r6615_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.4.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r7615_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r7615_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.4.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r6625_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r6625_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.4.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r7625_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r7625_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.4.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r650_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r650_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r750_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r750_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r750xa_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r750xa_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_c6520_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_c6520_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_mx750c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_mx750c_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r550_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r550_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r450_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r450_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r650xs_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r650xs_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r750xs_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r750xs_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_t550_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_t550_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_xr11_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_xr11_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_xr12_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_xr12_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_t150_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_t150_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.7.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_t350_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_t350_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.7.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r250_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r250_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.7.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r350_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r350_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.7.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_xr4510c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_xr4510c_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.12.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_xr4520c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_xr4520c_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.12.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r6515_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r6515_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.12.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r6525_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r6525_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.12.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r7515_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r7515_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.12.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r7525_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r7525_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.12.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_c6525_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_c6525_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.12.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_xe8545_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_xe8545_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.12.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r740_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r740_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r740xd_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r740xd_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r640_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r640_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r940_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r940_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r540_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r540_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r440_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r440_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_t440_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_t440_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_xr2_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_xr2_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r740xd2_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r740xd2_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r840_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r840_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r940xa_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r940xa_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_t640_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_t640_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_c6420_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_c6420_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_fc640_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_fc640_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_m640_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_m640_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_mx740c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_mx740c_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_mx840c_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_mx840c_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_c4140_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_c4140_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_xe2420_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_xe2420_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_xe7420_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_xe7420_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_xe7440_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_xe7440_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_t140_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_t140_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.14.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_t340_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_t340_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.14.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r240_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r240_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.14.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r340_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r340_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.14.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r6415_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r6415_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.20.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r7415_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r7415_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.20.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:poweredge_r7425_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "poweredge_r7425_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.20.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:emc_storage_nx3240_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "emc_storage_nx3240_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:emc_storage_nx3340_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "emc_storage_nx3340_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.19.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:emc_xc_core_xc450_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "emc_xc_core_xc450_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:emc_xc_core_xc650_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "emc_xc_core_xc650_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:emc_xc_core_xc750_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "emc_xc_core_xc750_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0172",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-11T04:01:19.460976Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-20T20:30:48.954Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PowerEdge Platform",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.5.6",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.1.3",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.1.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.2.5",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.3.6",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.4.6",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.11.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.7.3",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.12.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.12.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.19.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.19.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.14.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.20.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-04-02T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation."
}
],
"value": "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-03T09:09:18.449Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000223727/dsa-2024-035-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerability"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-0172",
"datePublished": "2024-04-03T09:09:18.449Z",
"dateReserved": "2023-12-14T05:35:36.325Z",
"dateUpdated": "2024-08-20T20:30:48.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0173 (GCVE-0-2024-0173)
Vulnerability from cvelistv5 – Published: 2024-03-13 16:52 – Updated: 2024-08-01 17:41
VLAI?
Summary
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory.
Severity ?
CWE
- CWE-788 - Access of Memory Location After End of Buffer
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerEdge Platform |
Affected:
N/A , < 2.0.0
(semver)
Affected: N/A , < 1.7.6 (semver) Affected: N/A , < 1.7.2 (semver) Affected: N/A , < 1.2.3 (semver) Affected: N/A , < 1.13.2 (semver) Affected: N/A , < 1.14.1 (semver) Affected: N/A , < 1.9.1 (semver) Affected: N/A , < 2.14.1 (semver) Affected: N/A , < 2.21.2 (semver) Affected: N/A , < 2.21.1 (semver) Affected: N/A , < 2.21.0 (semver) Affected: N/A , < 2.16.0 (semver) Affected: N/A , < 2.19.0 (semver) Affected: N/A , < 2.14.0 (semver) Affected: N/A , < 1.19.0 (semver) Affected: N/A , < 2.20.0 (semver) |
Credits
Dell would like to thank codebreaker1337 for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0173",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-13T20:00:50.556667Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:58:23.919Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:41:16.066Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000222898/dsa-2024-034-security-update-for-dell-poweredge-server-bios-for-an-improper-parameter-initialization-vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PowerEdge Platform\t",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.0.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.7.6",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.7.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.2.3",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.13.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.14.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.9.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.14.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.21.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.21.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.21.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.16.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.19.0\u00a0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.14.0\u00a0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.19.0\u00a0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.20.0\u202f\u00a0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dell would like to thank codebreaker1337 for reporting this issue."
}
],
"datePublic": "2024-03-12T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory."
}
],
"value": "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-788",
"description": "CWE-788: Access of Memory Location After End of Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-13T16:52:21.293Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000222898/dsa-2024-034-security-update-for-dell-poweredge-server-bios-for-an-improper-parameter-initialization-vulnerability"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-0173",
"datePublished": "2024-03-13T16:52:21.293Z",
"dateReserved": "2023-12-14T05:35:37.836Z",
"dateUpdated": "2024-08-01T17:41:16.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0154 (GCVE-0-2024-0154)
Vulnerability from cvelistv5 – Published: 2024-03-13 16:41 – Updated: 2024-08-01 17:41
VLAI?
Summary
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory.
Severity ?
CWE
- CWE-788 - Access of Memory Location After End of Buffer
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerEdge Platform |
Affected:
N/A , < 2.0.0
(semver)
Affected: N/A , < 1.7.6 (semver) Affected: N/A , < 1.7.2 (semver) Affected: N/A , < 1.2.3 (semver) Affected: N/A , < 1.13.2 (semver) Affected: N/A , < 1.14.1 (semver) Affected: N/A , < 1.9.1 (semver) Affected: N/A , < 2.14.1 (semver) Affected: N/A , < 2.21.2 (semver) Affected: N/A , < 2.21.1 (semver) Affected: N/A , < 2.21.0 (semver) Affected: N/A , < 2.16.0 (semver) Affected: N/A , < 2.19.0 (semver) Affected: N/A , < 2.14.0 (semver) Affected: N/A , < 1.19.0 (semver) Affected: N/A , < 2.20.0 (semver) |
Credits
Dell would like to thank codebreaker1337 for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0154",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-13T19:40:48.987776Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:58:45.175Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:41:16.006Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000222898/dsa-2024-034-security-update-for-dell-poweredge-server-bios-for-an-improper-parameter-initialization-vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PowerEdge Platform",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.0.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.7.6",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.7.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.2.3",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.13.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.14.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.9.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.14.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.21.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.21.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.21.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.16.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.19.0\u00a0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.14.0\u00a0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.19.0\u00a0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.20.0\u202f",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dell would like to thank codebreaker1337 for reporting this issue."
}
],
"datePublic": "2024-03-12T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory."
}
],
"value": "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-788",
"description": "CWE-788: Access of Memory Location After End of Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-13T16:41:09.360Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000222898/dsa-2024-034-security-update-for-dell-poweredge-server-bios-for-an-improper-parameter-initialization-vulnerability"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-0154",
"datePublished": "2024-03-13T16:41:09.360Z",
"dateReserved": "2023-12-14T05:29:25.760Z",
"dateUpdated": "2024-08-01T17:41:16.006Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0163 (GCVE-0-2024-0163)
Vulnerability from cvelistv5 – Published: 2024-03-13 16:28 – Updated: 2024-08-12 13:54
VLAI?
Summary
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain a TOCTOU race condition vulnerability. A local low privileged attacker could potentially exploit this vulnerability to gain access to otherwise unauthorized resources.
Severity ?
5.3 (Medium)
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerEdge BIOS Intel 16G |
Affected:
N/A , < 2.0.0
(semver)
Affected: N/A , < 1.7.6 (semver) Affected: N/A , < 1.7.2 (semver) Affected: N/A , < 1.2.3 (semver) Affected: N/A , < 1.13.2 (semver) Affected: N/A , < 1.9.1 (semver) Affected: N/A , < 1.14.1 (semver) Affected: N/A , < 2.14.1 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:41:16.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000222756/dsa-2024-003-security-update-for-dell-poweredge-server-bios-for-a-time-of-check-time-of-use-toctou-vulnerability"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0163",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-12T13:54:34.641518Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T13:54:53.369Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PowerEdge BIOS Intel 16G",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.0.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.7.6",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.7.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.2.3",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.13.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.9.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.14.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.14.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-03-12T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain a TOCTOU race condition vulnerability. A local low privileged attacker could potentially exploit this vulnerability to gain access to otherwise unauthorized resources."
}
],
"value": "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain a TOCTOU race condition vulnerability. A local low privileged attacker could potentially exploit this vulnerability to gain access to otherwise unauthorized resources."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-13T16:28:00.444Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000222756/dsa-2024-003-security-update-for-dell-poweredge-server-bios-for-a-time-of-check-time-of-use-toctou-vulnerability"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-0163",
"datePublished": "2024-03-13T16:28:00.444Z",
"dateReserved": "2023-12-14T05:30:42.511Z",
"dateUpdated": "2024-08-12T13:54:53.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0162 (GCVE-0-2024-0162)
Vulnerability from cvelistv5 – Published: 2024-03-13 16:18 – Updated: 2024-08-01 20:17
VLAI?
Summary
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to out-of-bound read/writes to SMRAM.
Severity ?
5.3 (Medium)
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerEdge BIOS Intel 16G |
Affected:
N/A , < 2.0.0
(semver)
Affected: N/A , < 1.7.6 (semver) Affected: N/A , < 1.7.2 (semver) Affected: N/A , < 1.2.3 (semver) Affected: N/A , < 1.13.2 (semver) Affected: N/A , < 1.9.1 (semver) Affected: N/A , < 1.14.1 (semver) Affected: N/A , < 2.14.1 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:41:16.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000222812/dsa-2024-004-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0162",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-26T13:41:24.076852Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T20:17:13.932Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PowerEdge BIOS Intel 16G",
"vendor": "Dell",
"versions": [
{
"lessThan": " 2.0.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.7.6",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.7.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.2.3",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.13.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.9.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.14.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.14.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-03-12T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to out-of-bound read/writes to SMRAM."
}
],
"value": "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to out-of-bound read/writes to SMRAM."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-13T16:18:23.730Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000222812/dsa-2024-004-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-0162",
"datePublished": "2024-03-13T16:18:23.730Z",
"dateReserved": "2023-12-14T05:30:40.938Z",
"dateUpdated": "2024-08-01T20:17:13.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0161 (GCVE-0-2024-0161)
Vulnerability from cvelistv5 – Published: 2024-03-13 16:04 – Updated: 2024-08-12 13:56
VLAI?
Summary
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM.
Severity ?
7.2 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerEdge Platform |
Affected:
N/A , < 1.1.1
(semver)
Affected: N/A , < 1.13.2 (semver) Affected: N/A , < 1.14.1 (semver) Affected: N/A , < 1.9.1 (semver) Affected: N/A , < 2.21.2 (semver) Affected: N/A , < 2.21.1 (semver) Affected: N/A , < 2.21.0 (semver) Affected: N/A , < 2.19.0 (semver) Affected: N/A , < 2.14.0 (semver) Affected: N/A , < 1.19.0 (semver) Affected: N/A , < 2.20.0 (semver) |
Credits
Dell would like to thank codebreaker1337 as well as schur of BUPT, Dubhe Lab for reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:41:15.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000222979/dsa-2024-006-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0161",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-12T13:56:13.395413Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T13:56:29.418Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PowerEdge Platform",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.1.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.13.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.14.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.9.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.21.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.21.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.21.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.19.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.14.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.19.0\u00a0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.20.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dell would like to thank codebreaker1337 as well as schur of BUPT, Dubhe Lab for reporting this issue."
}
],
"datePublic": "2024-03-12T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM."
}
],
"value": "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-13T16:04:12.678Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000222979/dsa-2024-006-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-0161",
"datePublished": "2024-03-13T16:04:12.678Z",
"dateReserved": "2023-12-14T05:30:39.766Z",
"dateUpdated": "2024-08-12T13:56:29.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32460 (GCVE-0-2023-32460)
Vulnerability from cvelistv5 – Published: 2023-12-08 05:37 – Updated: 2024-08-02 15:18
VLAI?
Summary
Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.
Severity ?
8.8 (High)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerEdge Platform |
Affected:
Versions prior to 1.6.6
Affected: Versions prior to 1.3.6 Affected: Versions prior to 1.1.2 Affected: Versions prior to 1.12.1 Affected: Versions prior to 1.8.1 Affected: Versions prior to 1.13.3 Affected: Versions prior to 2.13.3 Affected: Versions prior to 2.20.1 Affected: Versions prior to 2.20.0 Affected: Versions prior to 2.15.1 Affected: Versions prior to 1.21.0 Affected: Versions prior to 2.18.1 Affected: Versions prior to 2.13.0 Affected: Versions prior to 2.18.2 Affected: Versions prior to 1.18.1 Affected: Versions prior to 2.19.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:18:37.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000219550/dsa-2023-361-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"BIOS"
],
"product": "PowerEdge Platform",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "Versions prior to 1.6.6"
},
{
"status": "affected",
"version": "Versions prior to 1.3.6"
},
{
"status": "affected",
"version": "Versions prior to 1.1.2"
},
{
"status": "affected",
"version": "Versions prior to 1.12.1"
},
{
"status": "affected",
"version": "Versions prior to 1.8.1"
},
{
"status": "affected",
"version": "Versions prior to 1.13.3"
},
{
"status": "affected",
"version": "Versions prior to 2.13.3"
},
{
"status": "affected",
"version": "Versions prior to 2.20.1"
},
{
"status": "affected",
"version": "Versions prior to 2.20.0"
},
{
"status": "affected",
"version": "Versions prior to 2.15.1"
},
{
"status": "affected",
"version": "Versions prior to 1.21.0"
},
{
"status": "affected",
"version": "Versions prior to 2.18.1 "
},
{
"status": "affected",
"version": "Versions prior to 2.13.0\u202f "
},
{
"status": "affected",
"version": "Versions prior to 2.18.2 "
},
{
"status": "affected",
"version": "Versions prior to 1.18.1\u202f "
},
{
"status": "affected",
"version": "Versions prior to 2.19.1\u202f "
}
]
}
],
"datePublic": "2023-12-07T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.\u003c/span\u003e\n\n"
}
],
"value": "\nDell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-08T05:37:52.680Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000219550/dsa-2023-361-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerability"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2023-32460",
"datePublished": "2023-12-08T05:37:52.680Z",
"dateReserved": "2023-05-09T06:05:24.994Z",
"dateUpdated": "2024-08-02T15:18:37.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32461 (GCVE-0-2023-32461)
Vulnerability from cvelistv5 – Published: 2023-09-15 06:56 – Updated: 2024-09-25 14:12
VLAI?
Summary
Dell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, leading to corrupt memory and potentially escalate privileges.
Severity ?
5 (Medium)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerEdge Platform |
Affected:
Versions prior to 1.5.6
Affected: Versions prior to 1.1.3 Affected: Versions prior to 1.1.4 Affected: Versions prior to 1.2.5 Affected: Versions prior to 1.3.11 Affected: Versions prior to 1.10.2 Affected: Versions prior to 1.6.3 Affected: Versions prior to 1.10.4 Affected: Versions prior to 2.11.4 Affected: Versions prior to 2.11.3 Affected: Versions prior to Before 1.11.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:18:37.226Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000216543/dsa-2023-292-security-update-for-dell-poweredge-server-bios-vulnerability"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32461",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T14:01:49.731484Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T14:12:53.858Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "BIOS",
"platforms": [
"PowerEdge R660",
"PowerEdge R760",
"PowerEdge C6620",
"PowerEdge MX760c",
"PowerEdge R860",
"PowerEdge R960",
"PowerEdge HS5610",
"PowerEdge HS5620",
"PowerEdge R660xs",
"PowerEdge R760xs",
"PowerEdge R760xd2",
"PowerEdge T560",
"PowerEdge R760xa",
"PowerEdge XE9680",
"PowerEdge XR5610",
"PowerEdge XR8620t",
"PowerEdge XR7620",
"PowerEdge XE8640",
"PowerEdge R6615",
"PowerEdge R7615",
"PowerEdge R6625",
"PowerEdge R7625",
"PowerEdge R650",
"PowerEdge R750",
"PowerEdge R750XA",
"PowerEdge C6520",
"PowerEdge MX750C",
"PowerEdge R550",
"PowerEdge R450",
"PowerEdge R650XS",
"PowerEdge R750XS",
"PowerEdge T550",
"PowerEdge XR11",
"PowerEdge XR12",
"PowerEdge T150",
"PowerEdge T350",
"PowerEdge R250",
"PowerEdge R350",
"PowerEdge XR4510c",
"PowerEdge XR4520c",
"PowerEdge R6515",
"PowerEdge R6525",
"PowerEdge R7515",
"PowerEdge R7525",
"PowerEdge C6525",
"PowerEdge XE8545",
"Dell EMC XC Core XC450",
"Dell EMC XC Core XC650",
"Dell EMC XC Core XC750",
"Dell EMC XC Core XC750xa",
"Dell EMC XC Core XC6520",
"Dell EMC XC Core XC7525"
],
"product": "PowerEdge Platform",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "Versions prior to 1.5.6"
},
{
"status": "affected",
"version": "Versions prior to 1.1.3"
},
{
"status": "affected",
"version": "Versions prior to 1.1.4"
},
{
"status": "affected",
"version": "Versions prior to 1.2.5"
},
{
"status": "affected",
"version": "Versions prior to 1.3.11"
},
{
"status": "affected",
"version": "Versions prior to 1.10.2"
},
{
"status": "affected",
"version": "Versions prior to 1.6.3"
},
{
"status": "affected",
"version": "Versions prior to 1.10.4"
},
{
"status": "affected",
"version": "Versions prior to 2.11.4"
},
{
"status": "affected",
"version": "Versions prior to 2.11.3"
},
{
"status": "affected",
"version": "Versions prior to Before 1.11.2"
}
]
}
],
"datePublic": "2023-09-14T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, leading to corrupt memory and potentially escalate privileges. \u0026nbsp;\u003c/span\u003e\n\n"
}
],
"value": "\nDell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, leading to corrupt memory and potentially escalate privileges. \u00a0\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-15T06:56:54.605Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000216543/dsa-2023-292-security-update-for-dell-poweredge-server-bios-vulnerability"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2023-32461",
"datePublished": "2023-09-15T06:56:54.605Z",
"dateReserved": "2023-05-09T06:05:24.994Z",
"dateUpdated": "2024-09-25T14:12:53.858Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}