Vulnerability-Lookup

BDU:2024-02175

Vulnerability from fstec - Published: 12.03.2024

Title

Уязвимость микропрограммного обеспечения BIOS серверов Dell PowerEdge и рабочих станций Dell Precision Rack, позволяющая нарушителю записать произвольные данные в область SMRAM (System Management RAM)

Description

Уязвимость микропрограммного обеспечения BIOS серверов Dell PowerEdge и рабочих станций Dell Precision Rack связана шибками при проверке буфера связи SMM. Эксплуатация уязвимости может позволить нарушителю записать произвольные данные в область SMRAM (System Management RAM)

Severity ?


                    
                      AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

Vendor

Dell Technologies

Software Name

PowerEdge R660, PowerEdge R760, PowerEdge C6620, PowerEdge MX760c, PowerEdge R860, PowerEdge R960, PowerEdge HS5610, PowerEdge HS5620, PowerEdge R660xs, PowerEdge R760xs, PowerEdge R760xd2, PowerEdge T560, PowerEdge R760xa, PowerEdge XE9680, PowerEdge XR5610, PowerEdge XR8610t, PowerEdge XR8620t, PowerEdge XR7620, PowerEdge XE8640, PowerEdge XE9640, PowerEdge R6615, PowerEdge R7615, PowerEdge R6625, PowerEdge R7625, PowerEdge C6615, PowerEdge R650, PowerEdge R750, PowerEdge R750XA, PowerEdge C6520, PowerEdge MX750C, PowerEdge R550, PowerEdge R450, PowerEdge R650XS, PowerEdge R750XS, PowerEdge T550, PowerEdge XR11, PowerEdge XR12, PowerEdge XR4510c, PowerEdge XR4520c, PowerEdge T150, PowerEdge T350, PowerEdge R250, PowerEdge R350, PowerEdge R6515, PowerEdge R6525, PowerEdge R7515, PowerEdge R7525, PowerEdge C6525, PowerEdge XE8545, XC Core XC660, XC Core XC760, XC Core XC7625, EMC XC Core XC450, EMC XC Core XC650, EMC XC Core XC750, EMC XC Core XC750xa, EMC XC Core XC6520, EMC XC Core XC7525

Software Version

до 2.0.0 (PowerEdge R660), до 2.0.0 (PowerEdge R760), до 2.0.0 (PowerEdge C6620), до 2.0.0 (PowerEdge MX760c), до 1.7.6 (PowerEdge R860), до 1.7.6 (PowerEdge R960), до 2.0.0 (PowerEdge HS5610), до 2.0.0 (PowerEdge HS5620), до 2.0.0 (PowerEdge R660xs), до 2.0.0 (PowerEdge R760xs), до 2.0.0 (PowerEdge R760xd2), до 2.0.0 (PowerEdge T560), до 2.0.0 (PowerEdge R760xa), до 1.7.6 (PowerEdge XE9680), до 1.7.6 (PowerEdge XR5610), до 1.7.6 (PowerEdge XR8610t), до 1.7.6 (PowerEdge XR8620t), до 1.7.6 (PowerEdge XR7620), до 1.7.6 (PowerEdge XE8640), до 1.7.6 (PowerEdge XE9640), до 1.7.2 (PowerEdge R6615), до 1.7.2 (PowerEdge R7615), до 1.7.2 (PowerEdge R6625), до 1.7.2 (PowerEdge R7625), до 1.2.3 (PowerEdge C6615), до 1.13.2 (PowerEdge R650), до 1.13.2 (PowerEdge R750), до 1.13.2 (PowerEdge R750XA), до 1.13.2 (PowerEdge C6520), до 1.13.2 (PowerEdge MX750C), до 1.13.2 (PowerEdge R550), до 1.13.2 (PowerEdge R450), до 1.13.2 (PowerEdge R650XS), до 1.13.2 (PowerEdge R750XS), до 1.13.2 (PowerEdge T550), до 1.13.2 (PowerEdge XR11), до 1.13.2 (PowerEdge XR12), до 1.14.1 (PowerEdge XR4510c), до 1.14.1 (PowerEdge XR4520c), до 1.9.1 (PowerEdge T150), до 1.9.1 (PowerEdge T350), до 1.9.1 (PowerEdge R250), до 1.9.1 (PowerEdge R350), до 2.14.1 (PowerEdge R6515), до 2.14.1 (PowerEdge R6525), до 2.14.1 (PowerEdge R7515), до 2.14.1 (PowerEdge R7525), до 2.14.1 (PowerEdge C6525), до 2.14.1 (PowerEdge XE8545), до 2.0.0 (XC Core XC660), до 2.0.0 (XC Core XC760), до 1.7.2 (XC Core XC7625), до 1.13.2 (EMC XC Core XC450), до 1.13.2 (EMC XC Core XC650), до 1.13.2 (EMC XC Core XC750), до 1.13.2 (EMC XC Core XC750xa), до 1.13.2 (EMC XC Core XC6520), до 2.14.1 (EMC XC Core XC7525)

Possible Mitigations

Использование рекомендаций: https://www.dell.com/support/kbdoc/en-us/000222812/dsa-2024-004-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability

Reference

https://www.dell.com/support/kbdoc/en-us/000222812/dsa-2024-004-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability

CWE

CWE-119

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:H/Au:S/C:P/I:P/A:P",
  "CVSS 3.0": "AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Dell Technologies",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 2.0.0 (PowerEdge R660), \u0434\u043e 2.0.0 (PowerEdge R760), \u0434\u043e 2.0.0 (PowerEdge C6620), \u0434\u043e 2.0.0 (PowerEdge MX760c), \u0434\u043e 1.7.6 (PowerEdge R860), \u0434\u043e 1.7.6 (PowerEdge R960), \u0434\u043e 2.0.0 (PowerEdge HS5610), \u0434\u043e 2.0.0 (PowerEdge HS5620), \u0434\u043e 2.0.0 (PowerEdge R660xs), \u0434\u043e 2.0.0 (PowerEdge R760xs), \u0434\u043e 2.0.0 (PowerEdge R760xd2), \u0434\u043e 2.0.0 (PowerEdge T560), \u0434\u043e 2.0.0 (PowerEdge R760xa), \u0434\u043e 1.7.6 (PowerEdge XE9680), \u0434\u043e 1.7.6 (PowerEdge XR5610), \u0434\u043e 1.7.6 (PowerEdge XR8610t), \u0434\u043e 1.7.6 (PowerEdge XR8620t), \u0434\u043e 1.7.6 (PowerEdge XR7620), \u0434\u043e 1.7.6 (PowerEdge XE8640), \u0434\u043e 1.7.6 (PowerEdge XE9640), \u0434\u043e 1.7.2 (PowerEdge R6615), \u0434\u043e 1.7.2 (PowerEdge R7615), \u0434\u043e 1.7.2 (PowerEdge R6625), \u0434\u043e 1.7.2 (PowerEdge R7625), \u0434\u043e 1.2.3 (PowerEdge C6615), \u0434\u043e 1.13.2 (PowerEdge R650), \u0434\u043e 1.13.2 (PowerEdge R750), \u0434\u043e 1.13.2 (PowerEdge R750XA), \u0434\u043e 1.13.2 (PowerEdge C6520), \u0434\u043e 1.13.2 (PowerEdge MX750C), \u0434\u043e 1.13.2 (PowerEdge R550), \u0434\u043e 1.13.2 (PowerEdge R450), \u0434\u043e 1.13.2 (PowerEdge R650XS), \u0434\u043e 1.13.2 (PowerEdge R750XS), \u0434\u043e 1.13.2 (PowerEdge T550), \u0434\u043e 1.13.2 (PowerEdge XR11), \u0434\u043e 1.13.2 (PowerEdge XR12), \u0434\u043e 1.14.1 (PowerEdge XR4510c), \u0434\u043e 1.14.1 (PowerEdge XR4520c), \u0434\u043e 1.9.1 (PowerEdge T150), \u0434\u043e 1.9.1 (PowerEdge T350), \u0434\u043e 1.9.1 (PowerEdge R250), \u0434\u043e 1.9.1 (PowerEdge R350), \u0434\u043e 2.14.1 (PowerEdge R6515), \u0434\u043e 2.14.1 (PowerEdge R6525), \u0434\u043e 2.14.1 (PowerEdge R7515), \u0434\u043e 2.14.1 (PowerEdge R7525), \u0434\u043e 2.14.1 (PowerEdge C6525), \u0434\u043e 2.14.1 (PowerEdge XE8545), \u0434\u043e 2.0.0 (XC Core XC660), \u0434\u043e 2.0.0 (XC Core XC760), \u0434\u043e 1.7.2 (XC Core XC7625), \u0434\u043e 1.13.2 (EMC XC Core XC450), \u0434\u043e 1.13.2 (EMC XC Core XC650), \u0434\u043e 1.13.2 (EMC XC Core XC750), \u0434\u043e 1.13.2 (EMC XC Core XC750xa), \u0434\u043e 1.13.2 (EMC XC Core XC6520), \u0434\u043e 2.14.1 (EMC XC Core XC7525)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://www.dell.com/support/kbdoc/en-us/000222812/dsa-2024-004-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "12.03.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "20.03.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "20.03.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-02175",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-0162",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "PowerEdge R660, PowerEdge R760, PowerEdge C6620, PowerEdge MX760c, PowerEdge R860, PowerEdge R960, PowerEdge HS5610, PowerEdge HS5620, PowerEdge R660xs, PowerEdge R760xs, PowerEdge R760xd2, PowerEdge T560, PowerEdge R760xa, PowerEdge XE9680, PowerEdge XR5610, PowerEdge XR8610t, PowerEdge XR8620t, PowerEdge XR7620, PowerEdge XE8640, PowerEdge XE9640, PowerEdge R6615, PowerEdge R7615, PowerEdge R6625, PowerEdge R7625, PowerEdge C6615, PowerEdge R650, PowerEdge R750, PowerEdge R750XA, PowerEdge C6520, PowerEdge MX750C, PowerEdge R550, PowerEdge R450, PowerEdge R650XS, PowerEdge R750XS, PowerEdge T550, PowerEdge XR11, PowerEdge XR12, PowerEdge XR4510c, PowerEdge XR4520c, PowerEdge T150, PowerEdge T350, PowerEdge R250, PowerEdge R350, PowerEdge R6515, PowerEdge R6525, PowerEdge R7515, PowerEdge R7525, PowerEdge C6525, PowerEdge XE8545, XC Core XC660, XC Core XC760, XC Core XC7625, EMC XC Core XC450, EMC XC Core XC650, EMC XC Core XC750, EMC XC Core XC750xa, EMC XC Core XC6520, EMC XC Core XC7525",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f BIOS \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 Dell PowerEdge \u0438 \u0440\u0430\u0431\u043e\u0447\u0438\u0445 \u0441\u0442\u0430\u043d\u0446\u0438\u0439 Dell Precision Rack, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0437\u0430\u043f\u0438\u0441\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0432 \u043e\u0431\u043b\u0430\u0441\u0442\u044c SMRAM (System Management RAM)",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u044b\u0445\u043e\u0434 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-119)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f BIOS \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 Dell PowerEdge \u0438 \u0440\u0430\u0431\u043e\u0447\u0438\u0445 \u0441\u0442\u0430\u043d\u0446\u0438\u0439 Dell Precision Rack \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u0441\u0432\u044f\u0437\u0438 SMM. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0437\u0430\u043f\u0438\u0441\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0432 \u043e\u0431\u043b\u0430\u0441\u0442\u044c SMRAM (System Management RAM)",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.dell.com/support/kbdoc/en-us/000222812/dsa-2024-004-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0439 \u043a\u043e\u0434, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-119",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 3,5)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,3)"
}

CVE-2024-0162 (GCVE-0-2024-0162)

Vulnerability from cvelistv5 – Published: 2024-03-13 16:18 – Updated: 2024-08-01 20:17

Summary

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to out-of-bound read/writes to SMRAM.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

CWE

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Assigner

dell

References

URL

Tags

https://www.dell.com/support/kbdoc/en-us/00022281…

vendor-advisory

Impacted products

	Vendor	Product	Version
	Dell	PowerEdge BIOS Intel 16G	Affected: N/A , < 2.0.0 (semver) Affected: N/A , < 1.7.6 (semver) Affected: N/A , < 1.7.2 (semver) Affected: N/A , < 1.2.3 (semver) Affected: N/A , < 1.13.2 (semver) Affected: N/A , < 1.9.1 (semver) Affected: N/A , < 1.14.1 (semver) Affected: N/A , < 2.14.1 (semver)

Date Public ?

2024-03-12 06:30

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T17:41:16.017Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/kbdoc/en-us/000222812/dsa-2024-004-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-0162",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-26T13:41:24.076852Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:17:13.932Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "PowerEdge BIOS Intel 16G",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": " 2.0.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.7.6",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.7.2",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.2.3",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.13.2",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.9.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.14.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.14.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-03-12T06:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to out-of-bound read/writes to SMRAM."
            }
          ],
          "value": "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to out-of-bound read/writes to SMRAM."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-13T16:18:23.730Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000222812/dsa-2024-004-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2024-0162",
    "datePublished": "2024-03-13T16:18:23.730Z",
    "dateReserved": "2023-12-14T05:30:40.938Z",
    "dateUpdated": "2024-08-01T20:17:13.932Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2024-02175

CVE-2024-0162 (GCVE-0-2024-0162)

Tags

Sightings

Nomenclature