5.3
CVE-2024-0171
- EPSS 0.1%
- Veröffentlicht 25.06.2024 16:15:24
- Zuletzt bearbeitet 21.11.2024 08:45:59
- Quelle security_alert@emc.com
- CVE-Watchlists
- Unerledigt
Dell PowerEdge Server BIOS contains an TOCTOU race condition vulnerability. A local low privileged attacker could potentially exploit this vulnerability to gain access to otherwise unauthorized resources.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dell ≫ Poweredge R6615 Firmware Version < 1.8.3
Dell ≫ Poweredge R7615 Firmware Version < 1.8.3
Dell ≫ Poweredge R6625 Firmware Version < 1.8.3
Dell ≫ Poweredge R7625 Firmware Version < 1.8.3
Dell ≫ Poweredge C6615 Firmware Version < 1.3.3
Dell ≫ Xc Core Xc7625 Firmware Version < 1.8.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.1% | 0.01 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 1.1 | 3.7 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
|
| security_alert@emc.com | 5.3 | 1.1 | 3.7 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
|
CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.
https://www.dell.com/support/kbdoc/en-us/000226253/dsa-2024-039-security-update-for-dell-amd-based-poweredge-server-vulnerability