CVE-2024-38303

EPSS 0.03%
Veröffentlicht 29.08.2024 11:15:25
Zuletzt bearbeitet 20.12.2024 14:40:09
Quelle security_alert@emc.com
Teams Watchlist Login
Unerledigt Login

Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, contains an Improper Input Validation vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dell ≫ Emc Xc Core Xcxr2 Firmware Version < 2.22.1

Dell ≫ Emc Xc Core Xcxr2 Version-

Dell ≫ Emc Xc Core Xc940 System Firmware Version < 2.22.2

Dell ≫ Emc Xc Core Xc940 System Version-

Dell ≫ Emc Xc Core Xc740xd2 Firmware Version < 2.22.1

Dell ≫ Emc Xc Core Xc740xd2 Version-

Dell ≫ Emc Xc Core Xc740xd System Firmware Version < 2.22.2

Dell ≫ Emc Xc Core Xc740xd System Version-

Dell ≫ Emc Xc Core Xc640 System Firmware Version < 2.22.2

Dell ≫ Emc Xc Core Xc640 System Version-

Dell ≫ Emc Xc Core 6420 System Firmware Version < 2.22.2

Dell ≫ Emc Xc Core 6420 System Version-

Dell ≫ Emc Storage Nx3340 Firmware Version < 2.22.2

Dell ≫ Emc Storage Nx3340 Version-

Dell ≫ Emc Storage Nx3240 Firmware Version < 2.22.2

Dell ≫ Emc Storage Nx3240 Version-

Dell ≫ Poweredge Xe7440 Firmware Version < 2.22.2

Dell ≫ Poweredge Xe7440 Version-

Dell ≫ Poweredge Xe7420 Firmware Version < 2.22.2

Dell ≫ Poweredge Xe7420 Version-

Dell ≫ Poweredge Xe2420 Firmware Version < 2.22.2

Dell ≫ Poweredge Xe2420 Version-

Dell ≫ Dss 8440 Firmware Version < 2.22.2

Dell ≫ Dss 8440 Version-

Dell ≫ Poweredge C4140 Firmware Version < 2.22.2

Dell ≫ Poweredge C4140 Version-

Dell ≫ Poweredge Mx840c Firmware Version < 2.22.1

Dell ≫ Poweredge Mx840c Version-

Dell ≫ Poweredge Mx740c Firmware Version < 2.22.1

Dell ≫ Poweredge Mx740c Version-

Dell ≫ Poweredge M640 (for Pe Vrtx) Firmware Version < 2.22.2

Dell ≫ Poweredge M640 (for Pe Vrtx) Version-

Dell ≫ Poweredge M640 Firmware Version < 2.22.2

Dell ≫ Poweredge M640 Version-

Dell ≫ Poweredge Fc640 Firmware Version < 2.22.2

Dell ≫ Poweredge Fc640 Version-

Dell ≫ Poweredge C6420 Firmware Version < 2.22.2

Dell ≫ Poweredge C6420 Version-

Dell ≫ Poweredge T640 Firmware Version < 2.22.1

Dell ≫ Poweredge T640 Version-

Dell ≫ Poweredge R940xa Firmware Version < 2.22.1

Dell ≫ Poweredge R940xa Version-

Dell ≫ Poweredge R840 Firmware Version < 2.22.1

Dell ≫ Poweredge R840 Version-

Dell ≫ Poweredge R740xd2 Firmware Version < 2.22.1

Dell ≫ Poweredge R740xd2 Version-

Dell ≫ Poweredge Xr2 Firmware Version < 2.22.1

Dell ≫ Poweredge Xr2 Version-

Dell ≫ Poweredge T440 Firmware Version < 2.22.1

Dell ≫ Poweredge T440 Version-

Dell ≫ Poweredge R440 Firmware Version < 2.22.1

Dell ≫ Poweredge R440 Version-

Dell ≫ Poweredge R540 Firmware Version < 2.22.1

Dell ≫ Poweredge R540 Version-

Dell ≫ Poweredge R940 Firmware Version < 2.22.2

Dell ≫ Poweredge R940 Version-

Dell ≫ Poweredge R640 Firmware Version < 2.22.2

Dell ≫ Poweredge R640 Version-

Dell ≫ Poweredge R740xd Firmware Version < 2.22.2

Dell ≫ Poweredge R740xd Version-

Dell ≫ Poweredge R740 Firmware Version < 2.22.2

Dell ≫ Poweredge R740 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.075

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6	1.5	4	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
security_alert@emc.com	5.3	0.8	4	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://www.dell.com/support/kbdoc/en-us/000228135/dsa-2024-309-security-update-for-dell-poweredge-server-for-improper-input-validation-vulnerability

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-38303

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-38303

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-38303

EUVD