CVE-2024-0163
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
13/03/2024
Last modified:
31/01/2025
Description
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain a TOCTOU race condition vulnerability. A local low privileged attacker could potentially exploit this vulnerability to gain access to otherwise unauthorized resources.
Impact
Base Score 3.x
5.30
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:dell:poweredge_r660_firmware:*:*:*:*:*:*:*:* | 2.0.0 (excluding) | |
| cpe:2.3:h:dell:poweredge_r660:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dell:poweredge_r760_firmware:*:*:*:*:*:*:*:* | 2.0.0 (excluding) | |
| cpe:2.3:h:dell:poweredge_r760:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dell:poweredge_c6620_firmware:*:*:*:*:*:*:*:* | 2.0.0 (excluding) | |
| cpe:2.3:h:dell:poweredge_c6620:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dell:poweredge_mx760c_firmware:*:*:*:*:*:*:*:* | 2.0.0 (excluding) | |
| cpe:2.3:h:dell:poweredge_mx760c:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dell:poweredge_r860_firmware:*:*:*:*:*:*:*:* | 1.8.0 (excluding) | |
| cpe:2.3:h:dell:poweredge_r860:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dell:poweredge_r960_firmware:*:*:*:*:*:*:*:* | 1.8.0 (excluding) | |
| cpe:2.3:h:dell:poweredge_r960:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dell:poweredge_hs5610_firmware:*:*:*:*:*:*:*:* | 2.0.0 (excluding) | |
| cpe:2.3:h:dell:poweredge_hs5610:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dell:poweredge_hs5620_firmware:*:*:*:*:*:*:*:* | 2.0.0 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://www.dell.com/support/kbdoc/en-us/000222756/dsa-2024-003-security-update-for-dell-poweredge-server-bios-for-a-time-of-check-time-of-use-toctou-vulnerability
- https://www.dell.com/support/kbdoc/en-us/000222756/dsa-2024-003-security-update-for-dell-poweredge-server-bios-for-a-time-of-check-time-of-use-toctou-vulnerability