CVE-2024-0171

Published Jun 25, 2024

Last updated 3 months ago

CVSS medium 5.3

Overview

Description: Dell PowerEdge Server BIOS contains an TOCTOU race condition vulnerability. A local low privileged attacker could potentially exploit this vulnerability to gain access to otherwise unauthorized resources.
Source: security_alert@emc.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.3
Impact score: 3.7
Exploitability score: 1.1
Vector string: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
Severity: MEDIUM

Weaknesses

security_alert@emc.com: CWE-367

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dell:poweredge_r6615_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8E330219-A0B2-4C66-B4BE-07CB5D21B819",
            "versionEndExcluding": "1.8.3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dell:poweredge_r6615:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "73077527-E12D-495C-AB91-C35109AE4C43"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dell:poweredge_r7615_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "304F6677-C563-402A-B0F1-2BBBBAF2E183",
            "versionEndExcluding": "1.8.3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dell:poweredge_r7615:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A74500E4-ADD2-4134-8D60-F4285C158F93"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dell:poweredge_r6625_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "40AB1808-81AA-460E-B6E7-FD54BB5735ED",
            "versionEndExcluding": "1.8.3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dell:poweredge_r6625:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "09981777-C86C-4BC6-8834-97E8A2551897"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dell:poweredge_r7625_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C7FE22FE-2AB9-4879-B0F5-F20E684ED024",
            "versionEndExcluding": "1.8.3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dell:poweredge_r7625:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2F074158-252A-4C51-B80C-1B94E22A364A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dell:poweredge_c6615_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AFAABA0C-5DD7-4928-9A91-A560366F3054",
            "versionEndExcluding": "1.3.3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dell:poweredge_c6615:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "788C678A-92CF-45BD-99D5-AF18394C9860"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dell:xc_core_xc7625_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE5A04A2-5525-4286-BB76-9FCA7BB1F58A",
            "versionEndExcluding": "1.8.3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dell:xc_core_xc7625:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "575F1C0C-37A7-45CF-86B1-7F56E14D211C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References