CVE-2024-25942

EPSS 0.03%
Published 19.03.2024 08:15:06
Last modified 04.02.2025 17:32:28
Source security_alert@emc.com
Teams watchlist Login
Open Login

Dell PowerEdge Server BIOS contains an Improper SMM communication buffer verification vulnerability. A physical high privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM.

Affected products Warnungen 0 Metrics 3 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Dell ≫ Poweredge R730 Firmware Version < 2.19.0

Dell ≫ Poweredge R730 Version-

Dell ≫ Poweredge R730xd Firmware Version < 2.19.0

Dell ≫ Poweredge R730xd Version-

Dell ≫ Poweredge R630 Firmware Version < 2.19.0

Dell ≫ Poweredge R630 Version-

Dell ≫ Poweredge C4130 Firmware Version < 2.19.0

Dell ≫ Poweredge C4130 Version-

Dell ≫ Poweredge R930 Firmware Version < 2.14.0

Dell ≫ Poweredge R930 Version-

Dell ≫ Poweredge M630 Firmware Version < 2.19.0

Dell ≫ Poweredge M630 Version-

Dell ≫ Poweredge M630 (pe Vrtx) Firmware Version < 2.19.0

Dell ≫ Poweredge M630 (pe Vrtx) Version-

Dell ≫ Poweredge Fc630 Firmware Version < 2.19.0

Dell ≫ Poweredge Fc630 Version-

Dell ≫ Poweredge Fc430 Firmware Version < 2.19.0

Dell ≫ Poweredge Fc430 Version-

Dell ≫ Poweredge M830 Firmware Version < 2.19.0

Dell ≫ Poweredge M830 Version-

Dell ≫ Poweredge M830 (pe Vrtx) Firmware Version < 2.19.0

Dell ≫ Poweredge M830 (pe Vrtx) Version-

Dell ≫ Poweredge Fc830 Firmware Version < 2.19.0

Dell ≫ Poweredge Fc830 Version-

Dell ≫ Poweredge T630 Firmware Version < 2.19.0

Dell ≫ Poweredge T630 Version-

Dell ≫ Poweredge R530 Firmware Version < 2.19.0

Dell ≫ Poweredge R530 Version-

Dell ≫ Poweredge R430 Firmware Version < 2.19.0

Dell ≫ Poweredge R430 Version-

Dell ≫ Poweredge T430 Firmware Version < 2.19.0

Dell ≫ Poweredge T430 Version-

Dell ≫ Poweredge R830 Firmware Version < 1.19.0

Dell ≫ Poweredge R830 Version-

Dell ≫ Poweredge C6320 Firmware Version < 2.19.0

Dell ≫ Poweredge C6320 Version-

Dell ≫ Nx3230 Firmware Version < 2.19.0

Dell ≫ Nx3230 Version-

Dell ≫ Nx3330 Firmware Version < 2.19.0

Dell ≫ Nx3330 Version-

Dell ≫ Xc6320 Firmware Version < 2.19.0

Dell ≫ Xc6320 Version-

Dell ≫ Xc430 Firmware Version < 2.19.0

Dell ≫ Xc430 Version-

Dell ≫ Xc630 Firmware Version < 2.19.0

Dell ≫ Xc630 Version-

Dell ≫ Xc730 Firmware Version < 2.19.0

Dell ≫ Xc730 Version-

Dell ≫ Xc730xd Firmware Version < 2.19.0

Dell ≫ Xc730xd Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.081

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	0.5	5.8	CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H
security_alert@emc.com	4.4	0.3	3.7	CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://www.dell.com/support/kbdoc/en-us/000223210/dsa-2024-104-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-25942

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-25942

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-25942

EUVD