CVE-2024-0173
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
13/03/2024
Last modified:
31/01/2025
Description
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory.
Impact
Base Score 3.x
3.80
Severity 3.x
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:dell:poweredge_r660_firmware:*:*:*:*:*:*:*:* | 2.0.0 (excluding) | |
| cpe:2.3:h:dell:poweredge_r660:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dell:poweredge_r760_firmware:*:*:*:*:*:*:*:* | 2.0.0 (excluding) | |
| cpe:2.3:h:dell:poweredge_r760:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dell:poweredge_c6620_firmware:*:*:*:*:*:*:*:* | 2.0.0 (excluding) | |
| cpe:2.3:h:dell:poweredge_c6620:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dell:poweredge_mx760c_firmware:*:*:*:*:*:*:*:* | 2.0.0 (excluding) | |
| cpe:2.3:h:dell:poweredge_mx760c:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dell:poweredge_r860_firmware:*:*:*:*:*:*:*:* | 1.8.0 (excluding) | |
| cpe:2.3:h:dell:poweredge_r860:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dell:poweredge_r960_firmware:*:*:*:*:*:*:*:* | 1.8.0 (excluding) | |
| cpe:2.3:h:dell:poweredge_r960:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dell:poweredge_hs5610_firmware:*:*:*:*:*:*:*:* | 2.0.0 (excluding) | |
| cpe:2.3:h:dell:poweredge_hs5610:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dell:poweredge_hs5620_firmware:*:*:*:*:*:*:*:* | 2.0.0 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://www.dell.com/support/kbdoc/en-us/000222898/dsa-2024-034-security-update-for-dell-poweredge-server-bios-for-an-improper-parameter-initialization-vulnerability
- https://www.dell.com/support/kbdoc/en-us/000222898/dsa-2024-034-security-update-for-dell-poweredge-server-bios-for-an-improper-parameter-initialization-vulnerability