Описание
Уязвимость микропрограммного обеспечения BIOS серверов Dell PowerEdge связана с записью данных за границами буфера в памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, раскрыть защищаемую информацию
Вендор
Dell Technologies
Наименование ПО
PowerEdge R770
PowerEdge R670
PowerEdge R570
PowerEdge R470
PowerEdge R6715
PowerEdge R7715
PowerEdge R6725
PowerEdge R7725
PowerEdge R660
PowerEdge R760
PowerEdge C6620
PowerEdge MX760c
PowerEdge R860
PowerEdge R960
PowerEdge HS5610
PowerEdge HS5620
PowerEdge R660xs
PowerEdge R760xs
PowerEdge R760xd2
PowerEdge T560
PowerEdge R760xa
PowerEdge XE9680
PowerEdge XE9680L
PowerEdge XR5610
PowerEdge XR8610t
PowerEdge XR8620t
PowerEdge XR7620
PowerEdge XE8640
PowerEdge XE9640
PowerEdge T160
PowerEdge T360
PowerEdge R260
PowerEdge R360
PowerEdge R650
PowerEdge R750
PowerEdge R750XA
PowerEdge C6520
PowerEdge MX750C
PowerEdge R550
PowerEdge R450
PowerEdge R650XS
PowerEdge R750XS
PowerEdge T550
PowerEdge XR11
PowerEdge XR12
PowerEdge XR4510c
PowerEdge XR4520c
PowerEdge T150
PowerEdge T350
PowerEdge R250
PowerEdge R350
PowerEdge R740
PowerEdge R740XD
PowerEdge R640
PowerEdge R940
PowerEdge R540
PowerEdge R440
PowerEdge T440
PowerEdge XR2
PowerEdge R740xD2
PowerEdge R840
PowerEdge R940xa
PowerEdge T640
PowerEdge C6420
PowerEdge FC640
PowerEdge M640
PowerEdge M640 (for PE VRTX)
PowerEdge MX740c
PowerEdge MX840c
PowerEdge C4140
DSS 8440
PowerEdge XE2420
PowerEdge XE7420
PowerEdge XE7440
PowerEdge T140
PowerEdge T340
PowerEdge R240
PowerEdge R340
EMC Storage NX3240
EMC Storage NX3340
NX440
XC Core XC660
XC Core XC760
XC Core XC660xs
XC Core XC760xa
EMC XC Core XC450
EMC XC Core XC650
EMC XC Core XC750
EMC XC Core XC750xa
EMC XC Core XC6520
EMC XC Core 6420 System
EMC XC Core XC640 System
EMC XC Core XC740xd System
EMC XC Core XC740xd2
EMC XC Core XC940 System
EMC XC Core XCXR2
PowerEdge R6615
PowerEdge R7615
PowerEdge R6625
PowerEdge R7625
PowerEdge C6615
PowerEdge R6515
PowerEdge R6525
PowerEdge R7515
PowerEdge R7525
PowerEdge C6525
PowerEdge XE8545
EMC XC Core XC7525
XC Core XC7625
PowerEdge R6415
PowerEdge R7415
PowerEdge R7425
iDRAC9
Версия ПО
до 1.2.6 (PowerEdge R770)
до 1.2.6 (PowerEdge R670)
до 1.2.6 (PowerEdge R570)
до 1.2.6 (PowerEdge R470)
до 1.1.2 (PowerEdge R6715)
до 1.1.2 (PowerEdge R7715)
до 1.1.3 (PowerEdge R6725)
до 1.1.3 (PowerEdge R7725)
до 2.5.4 (PowerEdge R660)
до 2.5.4 (PowerEdge R760)
до 2.5.4 (PowerEdge C6620)
до 2.5.4 (PowerEdge MX760c)
до 2.5.4 (PowerEdge R860)
до 2.5.4 (PowerEdge R960)
до 2.5.4 (PowerEdge HS5610)
до 2.5.4 (PowerEdge HS5620)
до 2.5.4 (PowerEdge R660xs)
до 2.5.4 (PowerEdge R760xs)
до 2.5.4 (PowerEdge R760xd2)
до 2.5.4 (PowerEdge T560)
до 2.5.4 (PowerEdge R760xa)
до 2.5.4 (PowerEdge XE9680)
до 2.5.4 (PowerEdge XE9680L)
до 2.5.4 (PowerEdge XR5610)
до 2.5.4 (PowerEdge XR8610t)
до 2.5.4 (PowerEdge XR8620t)
до 2.5.4 (PowerEdge XR7620)
до 2.5.4 (PowerEdge XE8640)
до 2.5.4 (PowerEdge XE9640)
до 2.0.0 (PowerEdge T160)
до 2.0.0 (PowerEdge T360)
до 2.0.0 (PowerEdge R260)
до 2.0.0 (PowerEdge R360)
до 1.16.2 (PowerEdge R650)
до 1.16.2 (PowerEdge R750)
до 1.16.2 (PowerEdge R750XA)
до 1.16.2 (PowerEdge C6520)
до 1.16.2 (PowerEdge MX750C)
до 1.16.2 (PowerEdge R550)
до 1.16.2 (PowerEdge R450)
до 1.16.2 (PowerEdge R650XS)
до 1.16.2 (PowerEdge R750XS)
до 1.16.2 (PowerEdge T550)
до 1.16.2 (PowerEdge XR11)
до 1.16.2 (PowerEdge XR12)
до 1.17.3 (PowerEdge XR4510c)
до 1.17.3 (PowerEdge XR4520c)
до 1.11.1 (PowerEdge T150)
до 1.11.1 (PowerEdge T350)
до 1.11.1 (PowerEdge R250)
до 1.11.1 (PowerEdge R350)
до 2.23.0 (PowerEdge R740)
до 2.23.0 (PowerEdge R740XD)
до 2.23.0 (PowerEdge R640)
до 2.23.0 (PowerEdge R940)
до 2.23.0 (PowerEdge R540)
до 2.23.0 (PowerEdge R440)
до 2.23.0 (PowerEdge T440)
до 2.23.0 (PowerEdge XR2)
до 2.23.0 (PowerEdge R740xD2)
до 2.23.0 (PowerEdge R840)
до 2.23.0 (PowerEdge R940xa)
до 2.23.0 (PowerEdge T640)
до 2.23.0 (PowerEdge C6420)
до 2.23.0 (PowerEdge FC640)
до 2.23.0 (PowerEdge M640)
до 2.23.0 (PowerEdge M640 (for PE VRTX))
до 2.23.0 (PowerEdge MX740c)
до 2.23.0 (PowerEdge MX840c)
до 2.23.0 (PowerEdge C4140)
до 2.23.0 (DSS 8440)
до 2.23.0 (PowerEdge XE2420)
до 2.23.0 (PowerEdge XE7420)
до 2.23.0 (PowerEdge XE7440)
до 2.18.0 (PowerEdge T140)
до 2.18.0 (PowerEdge T340)
до 2.18.0 (PowerEdge R240)
до 2.18.0 (PowerEdge R340)
до 2.23.0 (EMC Storage NX3240)
до 2.23.0 (EMC Storage NX3340)
до 2.18.0 (NX440)
до 2.5.4 (XC Core XC660)
до 2.5.4 (XC Core XC760)
до 2.5.4 (XC Core XC660xs)
до 2.5.4 (XC Core XC760xa)
до 1.16.2 (EMC XC Core XC450)
до 1.16.2 (EMC XC Core XC650)
до 1.16.2 (EMC XC Core XC750)
до 1.16.2 (EMC XC Core XC750xa)
до 1.16.2 (EMC XC Core XC6520)
до 2.23.0 (EMC XC Core 6420 System)
до 2.23.0 (EMC XC Core XC640 System)
до 2.23.0 (EMC XC Core XC740xd System)
до 2.23.0 (EMC XC Core XC740xd2)
до 2.23.0 (EMC XC Core XC940 System)
до 2.23.0 (EMC XC Core XCXR2)
до 1.11.2 (PowerEdge R6615)
до 1.11.2 (PowerEdge R7615)
до 1.11.2 (PowerEdge R6625)
до 1.11.2 (PowerEdge R7625)
до 1.6.2 (PowerEdge C6615)
до 2.18.1 (PowerEdge R6515)
до 2.18.1 (PowerEdge R6525)
до 2.18.1 (PowerEdge R7515)
до 2.18.1 (PowerEdge R7525)
до 2.18.1 (PowerEdge C6525)
до 2.17.1 (PowerEdge XE8545)
до 2.18.1 (EMC XC Core XC7525)
до 1.11.2 (XC Core XC7625)
до 1.25.0 (PowerEdge R6415)
до 1.25.0 (PowerEdge R7415)
до 1.25.0 (PowerEdge R7425)
до 7.00.00.181 (iDRAC9)
до 7.20.10.50 (iDRAC9)
Тип ПО
Микропрограммный код
Сетевое средство
ПО программно-аппаратного средства
ПО сетевого программно-аппаратного средства
Операционные системы и аппаратные платформы
-
Уровень опасности уязвимости
Средний уровень опасности (базовая оценка CVSS 2.0 составляет 6,8)
Средний уровень опасности (базовая оценка CVSS 3.1 составляет 4,9)
Возможные меры по устранению уязвимости
Использование рекомендаций:
https://www.dell.com/support/kbdoc/en-us/000370138/dsa-2025-046-security-update-for-dell-poweredge-server-and-dell-idrac9-for-information-disclosure-vulnerability
Статус уязвимости
Подтверждена производителем
Наличие эксплойта
Данные уточняются
Информация об устранении
Уязвимость устранена
Идентификаторы других систем описаний уязвимостей
- CVE
EPSS
Процентиль: 17%
0.00054
Низкий
4.9 Medium
CVSS3
6.8 Medium
CVSS2
Связанные уязвимости
CVSS3: 4.9
nvd
5 месяцев назад
Dell PowerEdge Server BIOS and Dell iDRAC9, all versions, contains an Information Disclosure vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information Disclosure.
CVSS3: 4.9
github
5 месяцев назад
Dell PowerEdge Server BIOS and Dell iDRAC9, all versions, contains an Information Disclosure vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information Disclosure.
EPSS
Процентиль: 17%
0.00054
Низкий
4.9 Medium
CVSS3
6.8 Medium
CVSS2