Описание
Уязвимость микропрограммного обеспечения BIOS серверов Dell PowerEdge и рабочих станций Dell Precision Rack связана шибками при проверке буфера связи SMM. Эксплуатация уязвимости может позволить нарушителю записать произвольные данные в область SMRAM (System Management RAM)
Вендор
Dell Technologies
Наименование ПО
PowerEdge R650
PowerEdge R750
PowerEdge R750XA
PowerEdge C6520
PowerEdge MX750C
PowerEdge R550
PowerEdge R450
PowerEdge R650XS
PowerEdge R750XS
PowerEdge T550
PowerEdge XR11
PowerEdge XR12
PowerEdge XR4510c
PowerEdge XR4520c
PowerEdge T150
PowerEdge T350
PowerEdge R250
PowerEdge R350
PowerEdge R740
PowerEdge R740XD
PowerEdge R640
PowerEdge R940
PowerEdge R540
PowerEdge R440
PowerEdge T440
PowerEdge XR2
PowerEdge R740xD2
PowerEdge R840
PowerEdge R940xa
PowerEdge T640
PowerEdge C6420
PowerEdge FC640
PowerEdge M640
PowerEdge M640 (for PE VRTX)
PowerEdge MX740c
PowerEdge MX840c
PowerEdge C4140
DSS 8440
PowerEdge XE2420
PowerEdge XE7420
PowerEdge XE7440
PowerEdge R730
PowerEdge R730xd
PowerEdge R630
PowerEdge C4130
PowerEdge R930
PowerEdge M630
PowerEdge M630 (for PE VRTX)
PowerEdge FC630
PowerEdge FC430
PowerEdge M830
PowerEdge M830 (for PE VRTX)
PowerEdge T630
PowerEdge R530
PowerEdge T430
PowerEdge R830
PowerEdge C6320
PowerEdge T130
PowerEdge R230
PowerEdge T330
PowerEdge R330
EMC Storage NX3240
EMC Storage NX3340
Storage NX3230
Storage NX3330
Storage NX430
EMC XC Core XC450
EMC XC Core XC650
EMC XC Core XC750
EMC XC Core XC750xa
EMC XC Core XC6520
EMC XC Core 6420 System
EMC XC Core XC640 System
EMC XC Core XC740xd2
EMC XC Core XC740xd System
EMC XC Core XC940 System
EMC XC Core XCXR2
XC430
XC630
XC730
XC730XD
PowerEdge T360
PowerEdge R360
Версия ПО
до 1.13.2 (PowerEdge R650)
до 1.13.2 (PowerEdge R750)
до 1.13.2 (PowerEdge R750XA)
до 1.13.2 (PowerEdge C6520)
до 1.13.2 (PowerEdge MX750C)
до 1.13.2 (PowerEdge R550)
до 1.13.2 (PowerEdge R450)
до 1.13.2 (PowerEdge R650XS)
до 1.13.2 (PowerEdge R750XS)
до 1.13.2 (PowerEdge T550)
до 1.13.2 (PowerEdge XR11)
до 1.13.2 (PowerEdge XR12)
до 1.14.1 (PowerEdge XR4510c)
до 1.14.1 (PowerEdge XR4520c)
до 1.9.1 (PowerEdge T150)
до 1.9.1 (PowerEdge T350)
до 1.9.1 (PowerEdge R250)
до 1.9.1 (PowerEdge R350)
до 2.21.2 (PowerEdge R740)
до 2.21.2 (PowerEdge R740XD)
до 2.21.2 (PowerEdge R640)
до 2.21.2 (PowerEdge R940)
до 2.21.1 (PowerEdge R540)
до 2.21.1 (PowerEdge R440)
до 2.21.1 (PowerEdge T440)
до 2.21.1 (PowerEdge XR2)
до 2.21.1 (PowerEdge R740xD2)
до 2.21.0 (PowerEdge R840)
до 2.21.0 (PowerEdge R940xa)
до 2.21.0 (PowerEdge T640)
до 2.21.0 (PowerEdge C6420)
до 2.21.0 (PowerEdge FC640)
до 2.21.0 (PowerEdge M640)
до 2.21.0 (PowerEdge M640 (for PE VRTX))
до 2.21.0 (PowerEdge MX740c)
до 2.21.0 (PowerEdge MX840c)
до 2.21.1 (PowerEdge C4140)
до 2.21.0 (DSS 8440)
до 2.21.0 (PowerEdge XE2420)
до 2.21.0 (PowerEdge XE7420)
до 2.21.0 (PowerEdge XE7440)
до 2.19.0 (PowerEdge R730)
до 2.19.0 (PowerEdge R730xd)
до 2.19.0 (PowerEdge R630)
до 2.19.0 (PowerEdge C4130)
до 2.14.0 (PowerEdge R930)
до 2.19.0 (PowerEdge M630)
до 2.19.0 (PowerEdge M630 (for PE VRTX))
до 2.19.0 (PowerEdge FC630)
до 2.19.0 (PowerEdge FC430)
до 2.19.0 (PowerEdge M830)
до 2.19.0 (PowerEdge M830 (for PE VRTX))
до 2.19.0 (PowerEdge T630)
до 2.19.0 (PowerEdge R530)
до 2.19.0 (PowerEdge T430)
до 1.19.0 (PowerEdge R830)
до 2.19.0 (PowerEdge C6320)
до 2.20.0 (PowerEdge T130)
до 2.20.0 (PowerEdge R230)
до 2.20.0 (PowerEdge T330)
до 2.20.0 (PowerEdge R330)
до 2.21.2 (EMC Storage NX3240)
до 2.21.2 (EMC Storage NX3340)
до 2.19.0 (Storage NX3230)
до 2.19.0 (Storage NX3330)
до 2.20.0 (Storage NX430)
до 1.13.2 (EMC XC Core XC450)
до 1.13.2 (EMC XC Core XC650)
до 1.13.2 (EMC XC Core XC750)
до 1.13.2 (EMC XC Core XC750xa)
до 1.13.2 (EMC XC Core XC6520)
до 2.21.0 (EMC XC Core 6420 System)
до 2.21.2 (EMC XC Core XC640 System)
до 2.21.1 (EMC XC Core XC740xd2)
до 2.21.2 (EMC XC Core XC740xd System)
до 2.21.2 (EMC XC Core XC940 System)
до 2.21.1 (EMC XC Core XCXR2)
до 2.19.0 (XC430)
до 2.19.0 (XC630)
до 2.19.0 (XC730)
до 2.19.0 (XC730XD)
до 1.1.1 (PowerEdge T360)
до 1.1.1 (PowerEdge R360)
Тип ПО
Микропрограммный код
ПО программно-аппаратного средства
Операционные системы и аппаратные платформы
-
Уровень опасности уязвимости
Средний уровень опасности (базовая оценка CVSS 2.0 составляет 5,3)
Высокий уровень опасности (базовая оценка CVSS 3.0 составляет 7,2)
Возможные меры по устранению уязвимости
Использование рекомендаций:
https://www.dell.com/support/kbdoc/en-us/000222979/dsa-2024-006-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability
Статус уязвимости
Подтверждена производителем
Наличие эксплойта
Данные уточняются
Информация об устранении
Уязвимость устранена
Идентификаторы других систем описаний уязвимостей
- CVE
EPSS
Процентиль: 10%
0.00035
Низкий
7.2 High
CVSS3
5.3 Medium
CVSS2
Связанные уязвимости
CVSS3: 7.2
nvd
почти 2 года назад
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM.
CVSS3: 7.2
github
почти 2 года назад
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM.
EPSS
Процентиль: 10%
0.00035
Низкий
7.2 High
CVSS3
5.3 Medium
CVSS2