V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
Back to catalog
CVE-2024-0172
CVE
High

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper privilege management security vulnerability. An unauthenticated…

CVSS
7.8
High
EPSS
0.00
p4
Published
2024-01-01
Updated
2024-01-01
Description

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.

Tags · CWE
LPE
CWE-269
CAPEC-58
CAPEC-122
CAPEC-233
Affected products
Dss_8440_firmwareEmc_storage_nx3240_firmwareEmc_storage_nx3340_firmwareEmc_xc_core_6420_system_firmwareEmc_xc_core_xc450_firmwareEmc_xc_core_xc640_system_firmwareEmc_xc_core_xc650_firmwareEmc_xc_core_xc6520_firmwareEmc_xc_core_xc740xd2_firmwareEmc_xc_core_xc740xd_system_firmwareEmc_xc_core_xc750_firmwareEmc_xc_core_xc750xa_firmwareEmc_xc_core_xc7525_firmwareEmc_xc_core_xc940_system_firmwareEmc_xc_core_xcxr2_firmwareNx440_firmwarePoweredge_c4140_firmwarePoweredge_c6420_firmwarePoweredge_c6520_firmwarePoweredge_c6525_firmware
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Timeline
2024-01-01
Published
2024-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: L
Local (L)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: L
Low (L)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: H
High (H)
Integrity Impact
I: H
High (H)
Availability Impact
A: H
High (H)
Exploit indicators
EPSS
0.001 · p4
Known exploited (KEV)
No
MITRE ATT&CK
Inferred via CAPEC
└ via CAPEC-122 · CWE-269
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
Dell
Nx440Nx440 FirmwarePoweredge Mx740cPoweredge Mx740c FirmwarePoweredge Mx840cPoweredge Mx840c FirmwarePoweredge R640Poweredge R640 FirmwarePoweredge R740Poweredge R740 Firmware+176
ProductVendorStatus
dss_8440_firmware*Tracked
emc_storage_nx3240_firmware*Tracked
emc_storage_nx3340_firmware*Tracked
emc_xc_core_6420_system_firmware*Tracked
emc_xc_core_xc450_firmware*Tracked
emc_xc_core_xc640_system_firmware*Tracked
emc_xc_core_xc650_firmware*Tracked
emc_xc_core_xc6520_firmware*Tracked
emc_xc_core_xc740xd2_firmware*Tracked
emc_xc_core_xc740xd_system_firmware*Tracked
emc_xc_core_xc750_firmware*Tracked
emc_xc_core_xc750xa_firmware*Tracked
emc_xc_core_xc7525_firmware*Tracked
emc_xc_core_xc940_system_firmware*Tracked
emc_xc_core_xcxr2_firmware*Tracked
nx440_firmware*Tracked
poweredge_c4140_firmware*Tracked
poweredge_c6420_firmware*Tracked
poweredge_c6520_firmware*Tracked
poweredge_c6525_firmware*Tracked
Showing first 20 of 93
Source databases
CVE
Related vulnerabilities
BDU:2024-02880