PT-2024-2089 · Dell · Dell Poweredge Server Bios+1
Codebreaker1337
·
Published
2024-03-12
·
Updated
2025-01-31
·
CVE-2024-0173
CVSS v3.1
3.8
Low
| Vector | AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Dell PowerEdge Server BIOS versions (affected versions not specified)
Dell Precision Rack BIOS versions (affected versions not specified)
Description
The issue is related to an improper parameter initialization vulnerability in the BIOS software of Dell PowerEdge servers and Dell Precision Rack workstations. This vulnerability can be exploited by a local low-privileged attacker to potentially read the contents of non-SMM stack memory, allowing unauthorized access to protected information.
Recommendations
For Dell PowerEdge Server BIOS, update to a version that fixes the improper parameter initialization vulnerability.
For Dell Precision Rack BIOS, update to a version that fixes the improper parameter initialization vulnerability.
As a temporary workaround, consider restricting access to sensitive information and limiting privileges to minimize the risk of exploitation.
Fix
Out of bounds Read
Access of Memory Location After End of Buffer
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Dell Poweredge Server Bios
Dell Precision Rack Bios