Описание
Уязвимость микропрограммного обеспечения BIOS серверов Dell PowerEdge и рабочих станций Dell Precision Rack связана с записью данных за границами буфера в памяти. Эксплуатация уязвимости может позволить нарушителю получить несанкционированный доступ к защищаемой информации
Вендор
Dell Technologies
Наименование ПО
PowerEdge R660
PowerEdge R760
PowerEdge C6620
PowerEdge MX760c
PowerEdge R860
PowerEdge R960
PowerEdge HS5610
PowerEdge HS5620
PowerEdge R660xs
PowerEdge R760xs
PowerEdge R760xd2
PowerEdge T560
PowerEdge R760xa
PowerEdge XE9680
PowerEdge XR5610
PowerEdge XR8610t
PowerEdge XR8620t
PowerEdge XR7620
PowerEdge XE8640
PowerEdge XE9640
PowerEdge R6615
PowerEdge R7615
PowerEdge R6625
PowerEdge R7625
PowerEdge C6615
PowerEdge R650
PowerEdge R750
PowerEdge R750XA
PowerEdge C6520
PowerEdge MX750C
PowerEdge R550
PowerEdge R450
PowerEdge R650XS
PowerEdge R750XS
PowerEdge T550
PowerEdge XR11
PowerEdge XR12
PowerEdge XR4510c
PowerEdge XR4520c
PowerEdge T150
PowerEdge T350
PowerEdge R250
PowerEdge R350
PowerEdge R6515
PowerEdge R6525
PowerEdge R7515
PowerEdge R7525
PowerEdge C6525
PowerEdge XE8545
PowerEdge R740
PowerEdge R740XD
PowerEdge R640
PowerEdge R940
PowerEdge R540
PowerEdge R440
PowerEdge T440
PowerEdge XR2
PowerEdge R740xD2
PowerEdge R840
PowerEdge R940xa
PowerEdge T640
PowerEdge C6420
PowerEdge FC640
PowerEdge M640
PowerEdge M640 (for PE VRTX)
PowerEdge MX740c
PowerEdge MX840c
PowerEdge C4140
DSS 8440
PowerEdge XE2420
PowerEdge XE7420
PowerEdge XE7440
PowerEdge T140
PowerEdge T340
PowerEdge R240
PowerEdge R340
PowerEdge R730
PowerEdge R730xd
PowerEdge R630
PowerEdge C4130
PowerEdge R930
PowerEdge M630
PowerEdge M630 (for PE VRTX)
PowerEdge FC630
PowerEdge FC430
PowerEdge M830
PowerEdge M830 (for PE VRTX)
PowerEdge FC830
PowerEdge T630
PowerEdge R530
PowerEdge R430
PowerEdge T430
PowerEdge R830
PowerEdge C6320
PowerEdge T130
PowerEdge R230
PowerEdge T330
PowerEdge R330
EMC Storage NX3240
EMC Storage NX3340
Storage NX3230
Storage NX3330
Storage NX430
XC Core XC660
XC Core XC760
XC Core XC7625
EMC XC Core XC450
EMC XC Core XC650
EMC XC Core XC750
EMC XC Core XC750xa
EMC XC Core XC6520
EMC XC Core XC7525
EMC XC Core 6420 System
EMC XC Core XC640 System
EMC XC Core XC740xd2
EMC XC Core XC740xd System
EMC XC Core XC940 System
EMC XC Core XCXR2
XC6320
XC430
XC630
XC730
XC730XD
Версия ПО
до 2.0.0 (PowerEdge R660)
до 2.0.0 (PowerEdge R760)
до 2.0.0 (PowerEdge C6620)
до 2.0.0 (PowerEdge MX760c)
до 1.7.6 (PowerEdge R860)
до 1.7.6 (PowerEdge R960)
до 2.0.0 (PowerEdge HS5610)
до 2.0.0 (PowerEdge HS5620)
до 2.0.0 (PowerEdge R660xs)
до 2.0.0 (PowerEdge R760xs)
до 2.0.0 (PowerEdge R760xd2)
до 2.0.0 (PowerEdge T560)
до 2.0.0 (PowerEdge R760xa)
до 1.7.6 (PowerEdge XE9680)
до 1.7.6 (PowerEdge XR5610)
до 1.7.6 (PowerEdge XR8610t)
до 1.7.6 (PowerEdge XR8620t)
до 1.7.6 (PowerEdge XR7620)
до 1.7.6 (PowerEdge XE8640)
до 1.7.6 (PowerEdge XE9640)
до 1.7.2 (PowerEdge R6615)
до 1.7.2 (PowerEdge R7615)
до 1.7.2 (PowerEdge R6625)
до 1.7.2 (PowerEdge R7625)
до 1.2.3 (PowerEdge C6615)
до 1.13.2 (PowerEdge R650)
до 1.13.2 (PowerEdge R750)
до 1.13.2 (PowerEdge R750XA)
до 1.13.2 (PowerEdge C6520)
до 1.13.2 (PowerEdge MX750C)
до 1.13.2 (PowerEdge R550)
до 1.13.2 (PowerEdge R450)
до 1.13.2 (PowerEdge R650XS)
до 1.13.2 (PowerEdge R750XS)
до 1.13.2 (PowerEdge T550)
до 1.13.2 (PowerEdge XR11)
до 1.13.2 (PowerEdge XR12)
до 1.14.1 (PowerEdge XR4510c)
до 1.14.1 (PowerEdge XR4520c)
до 1.9.1 (PowerEdge T150)
до 1.9.1 (PowerEdge T350)
до 1.9.1 (PowerEdge R250)
до 1.9.1 (PowerEdge R350)
до 2.14.1 (PowerEdge R6515)
до 2.14.1 (PowerEdge R6525)
до 2.14.1 (PowerEdge R7515)
до 2.14.1 (PowerEdge R7525)
до 2.14.1 (PowerEdge C6525)
до 2.14.1 (PowerEdge XE8545)
до 2.21.2 (PowerEdge R740)
до 2.21.2 (PowerEdge R740XD)
до 2.21.2 (PowerEdge R640)
до 2.21.2 (PowerEdge R940)
до 2.21.1 (PowerEdge R540)
до 2.21.1 (PowerEdge R440)
до 2.21.1 (PowerEdge T440)
до 2.21.1 (PowerEdge XR2)
до 2.21.1 (PowerEdge R740xD2)
до 2.21.0 (PowerEdge R840)
до 2.21.0 (PowerEdge R940xa)
до 2.21.0 (PowerEdge T640)
до 2.21.0 (PowerEdge C6420)
до 2.21.0 (PowerEdge FC640)
до 2.21.0 (PowerEdge M640)
до 2.21.0 (PowerEdge M640 (for PE VRTX))
до 2.21.0 (PowerEdge MX740c)
до 2.21.0 (PowerEdge MX840c)
до 2.21.1 (PowerEdge C4140)
до 2.21.0 (DSS 8440)
до 2.21.0 (PowerEdge XE2420)
до 2.21.0 (PowerEdge XE7420)
до 2.21.0 (PowerEdge XE7440)
до 2.16.0 (PowerEdge T140)
до 2.16.0 (PowerEdge T340)
до 2.16.0 (PowerEdge R240)
до 2.16.0 (PowerEdge R340)
до 2.19.0 (PowerEdge R730)
до 2.19.0 (PowerEdge R730xd)
до 2.19.0 (PowerEdge R630)
до 2.19.0 (PowerEdge C4130)
до 2.14.0 (PowerEdge R930)
до 2.19.0 (PowerEdge M630)
до 2.19.0 (PowerEdge M630 (for PE VRTX))
до 2.19.0 (PowerEdge FC630)
до 2.19.0 (PowerEdge FC430)
до 2.19.0 (PowerEdge M830)
до 2.19.0 (PowerEdge M830 (for PE VRTX))
до 2.19.0 (PowerEdge FC830)
до 2.19.0 (PowerEdge T630)
до 2.19.0 (PowerEdge R530)
до 2.19.0 (PowerEdge R430)
до 2.19.0 (PowerEdge T430)
до 1.19.0 (PowerEdge R830)
до 2.19.0 (PowerEdge C6320)
до 2.20.0 (PowerEdge T130)
до 2.20.0 (PowerEdge R230)
до 2.20.0 (PowerEdge T330)
до 2.20.0 (PowerEdge R330)
до 2.21.2 (EMC Storage NX3240)
до 2.21.2 (EMC Storage NX3340)
до 2.19.0 (Storage NX3230)
до 2.19.0 (Storage NX3330)
до 2.20.0 (Storage NX430)
до 2.0.0 (XC Core XC660)
до 2.0.0 (XC Core XC760)
до 1.7.2 (XC Core XC7625)
до 1.13.2 (EMC XC Core XC450)
до 1.13.2 (EMC XC Core XC650)
до 1.13.2 (EMC XC Core XC750)
до 1.13.2 (EMC XC Core XC750xa)
до 1.13.2 (EMC XC Core XC6520)
до 2.14.1 (EMC XC Core XC7525)
до 2.21.0 (EMC XC Core 6420 System)
до 2.21.2 (EMC XC Core XC640 System)
до 2.21.1 (EMC XC Core XC740xd2)
до 2.21.2 (EMC XC Core XC740xd System)
до 2.21.2 (EMC XC Core XC940 System)
до 2.21.1 (EMC XC Core XCXR2)
до 2.19.0 (XC6320)
до 2.19.0 (XC430)
до 2.19.0 (XC630)
до 2.19.0 (XC730)
до 2.19.0 (XC730XD)
Тип ПО
Микропрограммный код
ПО программно-аппаратного средства
Операционные системы и аппаратные платформы
-
Уровень опасности уязвимости
Низкий уровень опасности (базовая оценка CVSS 2.0 составляет 1,7)
Низкий уровень опасности (базовая оценка CVSS 3.0 составляет 3,8)
Возможные меры по устранению уязвимости
Использование рекомендаций:
https://www.dell.com/support/kbdoc/en-us/000222898/dsa-2024-034-security-update-for-dell-poweredge-server-bios-for-an-improper-parameter-initialization-vulnerability
Статус уязвимости
Подтверждена производителем
Наличие эксплойта
Данные уточняются
Информация об устранении
Уязвимость устранена
Идентификаторы других систем описаний уязвимостей
- CVE
EPSS
Процентиль: 26%
0.00092
Низкий
3.8 Low
CVSS3
1.7 Low
CVSS2
Связанные уязвимости
CVSS3: 3.8
nvd
почти 2 года назад
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory.
CVSS3: 3.8
github
почти 2 года назад
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory.
EPSS
Процентиль: 26%
0.00092
Низкий
3.8 Low
CVSS3
1.7 Low
CVSS2