Lucene search

[email protected]NVD:CVE-2024-0171

HistoryJun 25, 2024 - 4:15 p.m.

CVE-2024-0171

2024-06-2516:15:24

CWE-367

[email protected]

web.nvd.nist.gov

cve-2024-0171

dell poweredge

toctou vulnerability

local attacker

unauthorized access

CVSS3

5.3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

EPSS

Percentile

9.1%

JSON

Dell PowerEdge Server BIOS contains an TOCTOU race condition vulnerability. A local low privileged attacker could potentially exploit this vulnerability to gain access to otherwise unauthorized resources.

Affected configurations

Nvd

Node

dellpoweredge_r6615_firmwareRange<1.8.3

AND

dellpoweredge_r6615Match-

Node

dellpoweredge_r7615_firmwareRange<1.8.3

AND

dellpoweredge_r7615Match-

Node

dellpoweredge_r6625_firmwareRange<1.8.3

AND

dellpoweredge_r6625Match-

Node

dellpoweredge_r7625_firmwareRange<1.8.3

AND

dellpoweredge_r7625Match-

Node

dellpoweredge_c6615_firmwareRange<1.3.3

AND

dellpoweredge_c6615Match-

Node

dellxc_core_xc7625_firmwareRange<1.8.3

AND

dellxc_core_xc7625Match-

VendorProductVersionCPE
dellpoweredge_r6615_firmware*cpe:2.3:o:dell:poweredge_r6615_firmware:*:*:*:*:*:*:*:*
dellpoweredge_r6615-cpe:2.3:h:dell:poweredge_r6615:-:*:*:*:*:*:*:*
dellpoweredge_r7615_firmware*cpe:2.3:o:dell:poweredge_r7615_firmware:*:*:*:*:*:*:*:*
dellpoweredge_r7615-cpe:2.3:h:dell:poweredge_r7615:-:*:*:*:*:*:*:*
dellpoweredge_r6625_firmware*cpe:2.3:o:dell:poweredge_r6625_firmware:*:*:*:*:*:*:*:*
dellpoweredge_r6625-cpe:2.3:h:dell:poweredge_r6625:-:*:*:*:*:*:*:*
dellpoweredge_r7625_firmware*cpe:2.3:o:dell:poweredge_r7625_firmware:*:*:*:*:*:*:*:*
dellpoweredge_r7625-cpe:2.3:h:dell:poweredge_r7625:-:*:*:*:*:*:*:*
dellpoweredge_c6615_firmware*cpe:2.3:o:dell:poweredge_c6615_firmware:*:*:*:*:*:*:*:*
dellpoweredge_c6615-cpe:2.3:h:dell:poweredge_c6615:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	poweredge_r6615_firmware	*	cpe:2.3:o:dell:poweredge_r6615_firmware::::::::
dell	poweredge_r6615	-	cpe:2.3:h:dell:poweredge_r6615:-:::::::*
dell	poweredge_r7615_firmware	*	cpe:2.3:o:dell:poweredge_r7615_firmware::::::::
dell	poweredge_r7615	-	cpe:2.3:h:dell:poweredge_r7615:-:::::::*
dell	poweredge_r6625_firmware	*	cpe:2.3:o:dell:poweredge_r6625_firmware::::::::
dell	poweredge_r6625	-	cpe:2.3:h:dell:poweredge_r6625:-:::::::*
dell	poweredge_r7625_firmware	*	cpe:2.3:o:dell:poweredge_r7625_firmware::::::::
dell	poweredge_r7625	-	cpe:2.3:h:dell:poweredge_r7625:-:::::::*
dell	poweredge_c6615_firmware	*	cpe:2.3:o:dell:poweredge_c6615_firmware::::::::
dell	poweredge_c6615	-	cpe:2.3:h:dell:poweredge_c6615:-:::::::*

Rows per page:

1-10 of 121

References

www.dell.com/support/kbdoc/en-us/000226253/dsa-2024-039-security-update-for-dell-amd-based-poweredge-server-vulnerability

CVSS3

5.3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

EPSS

Percentile

9.1%

JSON

Related for NVD:CVE-2024-0171

cvelist1 vulnrichment1 cve1