Strix
26.1K

CVE-2024-0161

HIGHCVSS 8.4/10EPSS 0.20%

Last modified

CVE-2024-0161 is a high-severity vulnerability rated 8.4/10 on the CVSS scale. Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM.. EPSS estimates a 0.20% chance of exploitation in the next 30 days.

Description

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM.

Metrics

CVSS 3.1
8.4/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

EPSS Probability
0.20%

10.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
DellPoweredge T360 Firmware< 1.1.1
DellPoweredge R360 Firmware< 1.1.1
DellPoweredge R650 Firmware< 1.13.2
DellPoweredge R750 Firmware< 1.13.2
DellPoweredge R750xa Firmware< 1.13.2
DellPoweredge C6520 Firmware< 1.13.2
DellPoweredge Mx750c Firmware< 1.13.2
DellPoweredge R550 Firmware< 1.13.2
DellPoweredge R450 Firmware< 1.13.2
DellPoweredge R650xs Firmware< 1.13.2
DellPoweredge R750xs Firmware< 1.13.2
DellPoweredge T550 Firmware< 1.13.2
DellPoweredge Xr11 Firmware< 1.13.2
DellPoweredge Xr12 Firmware< 1.13.2
DellPoweredge Xr4510c Firmware< 1.14.1
DellPoweredge Xr4520c Firmware< 1.14.1
DellPoweredge T150 Firmware< 1.9.1
DellPoweredge T350 Firmware< 1.9.1
DellPoweredge R250 Firmware< 1.9.1
DellPoweredge R350 Firmware< 1.9.1
DellPoweredge R740 Firmware< 2.21.2
DellPoweredge R740xd Firmware< 2.21.2
DellPoweredge R640 Firmware< 2.21.2
DellPoweredge R940 Firmware< 2.21.2
DellPoweredge R540 Firmware< 2.21.1
DellPoweredge R440 Firmware< 2.21.1
DellPoweredge T440 Firmware< 2.21.1
DellPoweredge Xr2 Firmware< 2.21.1
DellPoweredge R740xd2 Firmware< 2.21.1
DellPoweredge R840 Firmware< 2.21.0
DellPoweredge R940xa Firmware< 2.21.0
DellPoweredge T640 Firmware< 2.21.0
DellPoweredge C6420 Firmware< 2.21.0
DellPoweredge Fc640 Firmware< 2.21.0
DellPoweredge M640 Firmware< 2.21.0
DellPoweredge M640 \(Pe Vrtx\) Firmware< 2.21.0
DellPoweredge Mx740c Firmware< 2.21.0
DellPoweredge Mx840c Firmware< 2.21.0
DellPoweredge C4140 Firmware< 2.21.1
DellDss 8440 Firmware< 2.21.0
DellPoweredge Xe2420 Firmware< 2.21.1
DellPoweredge Xe7420 Firmware< 2.21.0
DellPoweredge Xe7440 Firmware< 2.21.0
DellPoweredge R730 Firmware< 2.19.0
DellPoweredge R730xd Firmware< 2.19.0
DellPoweredge R630 Firmware< 2.19.0
DellPoweredge C4130 Firmware< 2.19.0
DellPoweredge R930 Firmware< 2.14.0
DellPoweredge M630 Firmware< 2.19.0
DellPoweredge M630 \(Pe Vrtx\) Firmware< 2.19.0

Showing 50 of 86 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2024-0161?
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM.
How severe is CVE-2024-0161?
CVE-2024-0161 has a CVSS score of 8.4/10 (HIGH severity). The EPSS model estimates a 0.20% probability of exploitation in the next 30 days.
How do I fix CVE-2024-0161?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-0161?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST