CVE-2024-0162

EPSS 0.09%
Published 13.03.2024 17:15:46
Last modified 04.02.2025 17:30:00
Source security_alert@emc.com
Teams watchlist Login
Open Login

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to out-of-bound read/writes to SMRAM.

Affected products Warnungen 0 Metrics 3 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Dell ≫ Poweredge R660 Firmware Version < 2.0.0

Dell ≫ Poweredge R660 Version-

Dell ≫ Poweredge R760 Firmware Version < 2.0.0

Dell ≫ Poweredge R760 Version-

Dell ≫ Poweredge C6620 Firmware Version < 2.0.0

Dell ≫ Poweredge C6620 Version-

Dell ≫ Poweredge Mx760c Firmware Version < 2.0.0

Dell ≫ Poweredge Mx760c Version-

Dell ≫ Poweredge R860 Firmware Version < 1.8.0

Dell ≫ Poweredge R860 Version-

Dell ≫ Poweredge R960 Firmware Version < 1.8.0

Dell ≫ Poweredge R960 Version-

Dell ≫ Poweredge Hs5610 Firmware Version < 2.0.0

Dell ≫ Poweredge Hs5610 Version-

Dell ≫ Poweredge Hs5620 Firmware Version < 2.0.0

Dell ≫ Poweredge Hs5620 Version-

Dell ≫ Poweredge R660xs Firmware Version < 2.0.0

Dell ≫ Poweredge R660xs Version-

Dell ≫ Poweredge R760xs Firmware Version < 2.0.0

Dell ≫ Poweredge R760xs Version-

Dell ≫ Poweredge R760xd2 Firmware Version < 2.0.0

Dell ≫ Poweredge R760xd2 Version-

Dell ≫ Poweredge T560 Firmware Version < 2.0.0

Dell ≫ Poweredge T560 Version-

Dell ≫ Poweredge R760xa Firmware Version < 2.0.0

Dell ≫ Poweredge R760xa Version-

Dell ≫ Poweredge Xe9680 Firmware Version < 1.8.0

Dell ≫ Poweredge Xe9680 Version-

Dell ≫ Poweredge Xr5610 Firmware Version < 1.8.0

Dell ≫ Poweredge Xr5610 Version-

Dell ≫ Poweredge Xr8610t Firmware Version < 1.8.0

Dell ≫ Poweredge Xr8610t Version-

Dell ≫ Poweredge Xr8620t Firmware Version < 1.8.0

Dell ≫ Poweredge Xr8620t Version-

Dell ≫ Poweredge Xr7620 Firmware Version < 1.8.0

Dell ≫ Poweredge Xr7620 Version-

Dell ≫ Poweredge Xe8640 Firmware Version < 1.8.0

Dell ≫ Poweredge Xe8640 Version-

Dell ≫ Poweredge Xe9640 Firmware Version < 1.8.0

Dell ≫ Poweredge Xe9640 Version-

Dell ≫ Poweredge R6615 Firmware Version < 1.7.2

Dell ≫ Poweredge R6615 Version-

Dell ≫ Poweredge R7615 Firmware Version < 1.7.2

Dell ≫ Poweredge R7615 Version-

Dell ≫ Poweredge R6625 Firmware Version < 1.7.2

Dell ≫ Poweredge R6625 Version-

Dell ≫ Poweredge R7625 Firmware Version < 1.7.2

Dell ≫ Poweredge R7625 Version-

Dell ≫ Poweredge C6615 Firmware Version < 1.2.3

Dell ≫ Poweredge C6615 Version-

Dell ≫ Poweredge R650 Firmware Version < 1.13.2

Dell ≫ Poweredge R650 Version-

Dell ≫ Poweredge R750 Firmware Version < 1.13.2

Dell ≫ Poweredge R750 Version-

Dell ≫ Poweredge R750xa Firmware Version < 1.13.2

Dell ≫ Poweredge R750xa Version-

Dell ≫ Poweredge C6520 Firmware Version < 1.13.2

Dell ≫ Poweredge C6520 Version-

Dell ≫ Poweredge Mx750c Firmware Version < 1.13.2

Dell ≫ Poweredge Mx750c Version-

Dell ≫ Poweredge R550 Firmware Version < 1.13.2

Dell ≫ Poweredge R550 Version-

Dell ≫ Poweredge R450 Firmware Version < 1.13.2

Dell ≫ Poweredge R450 Version-

Dell ≫ Poweredge R650xs Firmware Version < 1.13.2

Dell ≫ Poweredge R650xs Version-

Dell ≫ Poweredge R750xs Firmware Version < 1.13.2

Dell ≫ Poweredge R750xs Version-

Dell ≫ Poweredge T550 Firmware Version < 1.13.2

Dell ≫ Poweredge T550 Version-

Dell ≫ Poweredge Xr11 Firmware Version < 1.13.2

Dell ≫ Poweredge Xr11 Version-

Dell ≫ Poweredge Xr12 Firmware Version < 1.13.2

Dell ≫ Poweredge Xr12 Version-

Dell ≫ Poweredge T150 Firmware Version < 1.9.1

Dell ≫ Poweredge T150 Version-

Dell ≫ Poweredge T350 Firmware Version < 1.9.1

Dell ≫ Poweredge T350 Version-

Dell ≫ Poweredge R250 Firmware Version < 1.9.1

Dell ≫ Poweredge R250 Version-

Dell ≫ Poweredge R350 Firmware Version < 1.9.1

Dell ≫ Poweredge R350 Version-

Dell ≫ Poweredge Xr4510c Firmware Version < 1.14.1

Dell ≫ Poweredge Xr4510c Version-

Dell ≫ Poweredge Xr4520c Firmware Version < 1.14.1

Dell ≫ Poweredge Xr4520c Version-

Dell ≫ Poweredge R6515 Firmware Version < 2.14.1

Dell ≫ Poweredge R6515 Version-

Dell ≫ Poweredge R6525 Firmware Version < 2.14.1

Dell ≫ Poweredge R6525 Version-

Dell ≫ Poweredge R7515 Firmware Version < 2.14.1

Dell ≫ Poweredge R7515 Version-

Dell ≫ Poweredge R7525 Firmware Version < 2.14.1

Dell ≫ Poweredge R7525 Version-

Dell ≫ Poweredge C6525 Firmware Version < 2.14.1

Dell ≫ Poweredge C6525 Version-

Dell ≫ Poweredge Xe8545 Firmware Version < 2.14.1

Dell ≫ Poweredge Xe8545 Version-

Dell ≫ Xc Core Xc660 Firmware Version < 2.0.0

Dell ≫ Xc Core Xc660 Version-

Dell ≫ Xc Core Xc760 Firmware Version < 2.0.0

Dell ≫ Xc Core Xc760 Version-

Dell ≫ Xc Core Xc7625 Firmware Version < 1.7.2

Dell ≫ Xc Core Xc7625 Version-

Dell ≫ Emc Xc Core Xc450 Firmware Version < 1.13.2

Dell ≫ Emc Xc Core Xc450 Version-

Dell ≫ Emc Xc Core Xc650 Firmware Version < 1.13.2

Dell ≫ Emc Xc Core Xc650 Version-

Dell ≫ Emc Xc Core Xc750 Firmware Version < 1.13.2

Dell ≫ Emc Xc Core Xc750 Version-

Dell ≫ Emc Xc Core Xc750xa Firmware Version < 1.13.2

Dell ≫ Emc Xc Core Xc750xa Version-

Dell ≫ Emc Xc Core Xc6520 Firmware Version < 1.13.2

Dell ≫ Emc Xc Core Xc6520 Version-

Dell ≫ Emc Xc Core Xc7525 Firmware Version < 2.14.1

Dell ≫ Emc Xc Core Xc7525 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.09%	0.266

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2	6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
security_alert@emc.com	5.3	1.1	3.7	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://www.dell.com/support/kbdoc/en-us/000222812/dsa-2024-004-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-0162

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-0162

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-0162

EUVD