CVE-2024-0172

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.

CVSS v3 7.9 HIGH

7.9^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 4.7

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact LOW

Scope CHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000223727/dsa-2024-035-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerability
https://www.dell.com/support/kbdoc/en-us/000223727/dsa-2024-035-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerability

Configurations

No configuration.

History

21 Nov 2024, 08:46

Type	Values Removed	Values Added
References	~~() https://www.dell.com/support/kbdoc/en-us/000223727/dsa-2024-035-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerability -~~	() https://www.dell.com/support/kbdoc/en-us/000223727/dsa-2024-035-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerability -

03 Apr 2024, 12:38

Type	Values Removed	Values Added
Summary		(es) El BIOS del servidor Dell PowerEdge y el BIOS del rack Dell Precision contienen una vulnerabilidad de seguridad de administración de privilegios inadecuada. Un atacante local no autenticado podría explotar esta vulnerabilidad, lo que provocaría una escalada de privilegios.

03 Apr 2024, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-03 10:15

Updated : 2024-11-21 08:46

NVD link : CVE-2024-0172

Mitre link : CVE-2024-0172

CVE.ORG link : CVE-2024-0172

JSON object : View

Products Affected

No product.

CWE

CWE-269

Improper Privilege Management

7.9 /10