Strix
26.1K

CVE-2024-0162

HIGHCVSS 8.8/10EPSS 0.15%

Last modified

CVE-2024-0162 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to out-of-bound read/writes to SMRAM.. EPSS estimates a 0.15% chance of exploitation in the next 30 days.

Description

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to out-of-bound read/writes to SMRAM.

Metrics

CVSS 3.1
8.8/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Probability
0.15%

4.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
DellPoweredge R660 Firmware< 2.0.0
DellPoweredge R760 Firmware< 2.0.0
DellPoweredge C6620 Firmware< 2.0.0
DellPoweredge Mx760c Firmware< 2.0.0
DellPoweredge R860 Firmware< 1.8.0
DellPoweredge R960 Firmware< 1.8.0
DellPoweredge Hs5610 Firmware< 2.0.0
DellPoweredge Hs5620 Firmware< 2.0.0
DellPoweredge R660xs Firmware< 2.0.0
DellPoweredge R760xs Firmware< 2.0.0
DellPoweredge R760xd2 Firmware< 2.0.0
DellPoweredge T560 Firmware< 2.0.0
DellPoweredge R760xa Firmware< 2.0.0
DellPoweredge Xe9680 Firmware< 1.8.0
DellPoweredge Xr5610 Firmware< 1.8.0
DellPoweredge Xr8610t Firmware< 1.8.0
DellPoweredge Xr8620t Firmware< 1.8.0
DellPoweredge Xr7620 Firmware< 1.8.0
DellPoweredge Xe8640 Firmware< 1.8.0
DellPoweredge Xe9640 Firmware< 1.8.0
DellPoweredge R6615 Firmware< 1.7.2
DellPoweredge R7615 Firmware< 1.7.2
DellPoweredge R6625 Firmware< 1.7.2
DellPoweredge R7625 Firmware< 1.7.2
DellPoweredge C6615 Firmware< 1.2.3
DellPoweredge R650 Firmware< 1.13.2
DellPoweredge R750 Firmware< 1.13.2
DellPoweredge R750xa Firmware< 1.13.2
DellPoweredge C6520 Firmware< 1.13.2
DellPoweredge Mx750c Firmware< 1.13.2
DellPoweredge R550 Firmware< 1.13.2
DellPoweredge R450 Firmware< 1.13.2
DellPoweredge R650xs Firmware< 1.13.2
DellPoweredge R750xs Firmware< 1.13.2
DellPoweredge T550 Firmware< 1.13.2
DellPoweredge Xr11 Firmware< 1.13.2
DellPoweredge Xr12 Firmware< 1.13.2
DellPoweredge T150 Firmware< 1.9.1
DellPoweredge T350 Firmware< 1.9.1
DellPoweredge R250 Firmware< 1.9.1
DellPoweredge R350 Firmware< 1.9.1
DellPoweredge Xr4510c Firmware< 1.14.1
DellPoweredge Xr4520c Firmware< 1.14.1
DellPoweredge R6515 Firmware< 2.14.1
DellPoweredge R6525 Firmware< 2.14.1
DellPoweredge R7515 Firmware< 2.14.1
DellPoweredge R7525 Firmware< 2.14.1
DellPoweredge C6525 Firmware< 2.14.1
DellPoweredge Xe8545 Firmware< 2.14.1
DellXc Core Xc660 Firmware< 2.0.0

Showing 50 of 58 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2024-0162?
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to out-of-bound read/writes to SMRAM.
How severe is CVE-2024-0162?
CVE-2024-0162 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 0.15% probability of exploitation in the next 30 days.
How do I fix CVE-2024-0162?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-0162?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST