CVE-2024-0171

Dell PowerEdge Server BIOS contains an TOCTOU race condition vulnerability. A local low privileged attacker could potentially exploit this vulnerability to gain access to otherwise unauthorized resources.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.1 / Impact : 3.7

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope CHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000226253/dsa-2024-039-security-update-for-dell-amd-based-poweredge-server-vulnerability	Vendor Advisory
https://www.dell.com/support/kbdoc/en-us/000226253/dsa-2024-039-security-update-for-dell-amd-based-poweredge-server-vulnerability	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dell:poweredge_r6615_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_r6615:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:dell:poweredge_r7615_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_r7615:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:dell:poweredge_r6625_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_r6625:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:dell:poweredge_r7625_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_r7625:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:dell:poweredge_c6615_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_c6615:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:dell:xc_core_xc7625_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:xc_core_xc7625:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:45

Type	Values Removed	Values Added
References	~~() https://www.dell.com/support/kbdoc/en-us/000226253/dsa-2024-039-security-update-for-dell-amd-based-poweredge-server-vulnerability - Vendor Advisory~~	() https://www.dell.com/support/kbdoc/en-us/000226253/dsa-2024-039-security-update-for-dell-amd-based-poweredge-server-vulnerability - Vendor Advisory

20 Aug 2024, 13:25

Type	Values Removed	Values Added
Summary		(es) Dell PowerEdge Server BIOS contiene una vulnerabilidad de condición de ejecución TOCTOU. Un atacante local con pocos privilegios podría explotar esta vulnerabilidad para obtener acceso a recursos que de otro modo no estarían autorizados.
CPE		cpe:2.3:o:dell:poweredge_c6615_firmware:::::::: cpe:2.3:o:dell:xc_core_xc7625_firmware:::::::: cpe:2.3:h:dell:xc_core_xc7625:-:::::::* cpe:2.3:h:dell:poweredge_r6625:-:::::::* cpe:2.3:o:dell:poweredge_r6625_firmware:::::::: cpe:2.3:h:dell:poweredge_r6615:-:::::::* cpe:2.3:o:dell:poweredge_r7625_firmware:::::::: cpe:2.3:o:dell:poweredge_r6615_firmware:::::::: cpe:2.3:h:dell:poweredge_r7615:-:::::::* cpe:2.3:o:dell:poweredge_r7615_firmware:::::::: cpe:2.3:h:dell:poweredge_r7625:-:::::::* cpe:2.3:h:dell:poweredge_c6615:-:::::::*
First Time		Dell poweredge R7625 Dell poweredge R7625 Firmware Dell poweredge R6615 Dell Dell poweredge R6615 Firmware Dell poweredge C6615 Dell poweredge R6625 Firmware Dell xc Core Xc7625 Firmware Dell poweredge C6615 Firmware Dell xc Core Xc7625 Dell poweredge R7615 Firmware Dell poweredge R6625 Dell poweredge R7615
References	~~() https://www.dell.com/support/kbdoc/en-us/000226253/dsa-2024-039-security-update-for-dell-amd-based-poweredge-server-vulnerability -~~	() https://www.dell.com/support/kbdoc/en-us/000226253/dsa-2024-039-security-update-for-dell-amd-based-poweredge-server-vulnerability - Vendor Advisory

25 Jun 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-06-25 16:15

Updated : 2024-11-21 08:45

NVD link : CVE-2024-0171

Mitre link : CVE-2024-0171

CVE.ORG link : CVE-2024-0171

JSON object : View

Products Affected

dell

xc_core_xc7625
poweredge_r7615
poweredge_c6615
poweredge_r6625
poweredge_r6625_firmware
xc_core_xc7625_firmware
poweredge_r7625
poweredge_r7615_firmware
poweredge_r6615_firmware
poweredge_r6615
poweredge_r7625_firmware
poweredge_c6615_firmware

CWE

CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

5.3 /10