6.5

CVE-2024-38304

Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, contains an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.

Data is provided by the National Vulnerability Database (NVD)
DellEmc Xc Core Xcxr2 Firmware Version < 2.22.1
   DellEmc Xc Core Xcxr2 Version-
DellEmc Xc Core Xc940 System Firmware Version < 2.22.2
   DellEmc Xc Core Xc940 System Version-
DellEmc Xc Core Xc740xd2 Firmware Version < 2.22.1
   DellEmc Xc Core Xc740xd2 Version-
DellEmc Xc Core Xc640 System Firmware Version < 2.22.2
   DellEmc Xc Core Xc640 System Version-
DellEmc Xc Core 6420 System Firmware Version < 2.22.2
   DellEmc Xc Core 6420 System Version-
DellEmc Storage Nx3340 Firmware Version < 2.22.2
   DellEmc Storage Nx3340 Version-
DellEmc Storage Nx3240 Firmware Version < 2.22.2
   DellEmc Storage Nx3240 Version-
DellPoweredge Xe7440 Firmware Version < 2.22.2
   DellPoweredge Xe7440 Version-
DellPoweredge Xe7420 Firmware Version < 2.22.2
   DellPoweredge Xe7420 Version-
DellPoweredge Xe2420 Firmware Version < 2.22.2
   DellPoweredge Xe2420 Version-
DellDss 8440 Firmware Version < 2.22.2
   DellDss 8440 Version-
DellPoweredge C4140 Firmware Version < 2.22.2
   DellPoweredge C4140 Version-
DellPoweredge Mx840c Firmware Version < 2.22.1
   DellPoweredge Mx840c Version-
DellPoweredge Mx740c Firmware Version < 2.22.1
   DellPoweredge Mx740c Version-
DellPoweredge M640 Firmware Version < 2.22.2
   DellPoweredge M640 Version-
DellPoweredge Fc640 Firmware Version < 2.22.2
   DellPoweredge Fc640 Version-
DellPoweredge C6420 Firmware Version < 2.22.2
   DellPoweredge C6420 Version-
DellPoweredge T640 Firmware Version < 2.22.1
   DellPoweredge T640 Version-
DellPoweredge R940xa Firmware Version < 2.22.1
   DellPoweredge R940xa Version-
DellPoweredge R840 Firmware Version < 2.22.1
   DellPoweredge R840 Version-
DellPoweredge R740xd2 Firmware Version < 2.22.1
   DellPoweredge R740xd2 Version-
DellPoweredge Xr2 Firmware Version < 2.22.1
   DellPoweredge Xr2 Version-
DellPoweredge T440 Firmware Version < 2.22.1
   DellPoweredge T440 Version-
DellPoweredge R440 Firmware Version < 2.22.1
   DellPoweredge R440 Version-
DellPoweredge R540 Firmware Version < 2.22.1
   DellPoweredge R540 Version-
DellPoweredge R940 Firmware Version < 2.22.2
   DellPoweredge R940 Version-
DellPoweredge R640 Firmware Version < 2.22.2
   DellPoweredge R640 Version-
DellPoweredge R740xd Firmware Version < 2.22.2
   DellPoweredge R740xd Version-
DellPoweredge R740 Firmware Version < 2.22.2
   DellPoweredge R740 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.1% 0.275
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.5 2 4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
security_alert@emc.com 3.8 2 1.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
CWE-788 Access of Memory Location After End of Buffer

The product reads or writes to a buffer using an index or pointer that references a memory location after the end of the buffer.