Strix
26.1K

CVE-2024-0172

HIGHCVSS 7.8/10EPSS 0.15%

Last modified

CVE-2024-0172 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.. EPSS estimates a 0.15% chance of exploitation in the next 30 days.

Description

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.

Metrics

CVSS 3.1
7.8/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.15%

4.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
DellPoweredge R660 Firmware< 1.5.6
DellPoweredge R760 Firmware< 1.5.6
DellPoweredge C6620 Firmware< 1.5.6
DellPoweredge Mx760c Firmware< 1.5.6
DellPoweredge R860 Firmware< 1.5.6
DellPoweredge R960 Firmware< 1.5.6
DellPoweredge Hs5610 Firmware< 1.5.6
DellPoweredge Hs5620 Firmware< 1.5.6
DellPoweredge R660xs Firmware< 1.5.6
DellPoweredge R760xs Firmware< 1.5.6
DellPoweredge R760xd2 Firmware< 1.5.6
DellPoweredge T560 Firmware< 1.5.6
DellPoweredge R760xa Firmware< 1.1.3
DellPoweredge Xe9680 Firmware< 1.1.3
DellPoweredge Xr5610 Firmware< 1.1.4
DellPoweredge Xr8610t Firmware< 1.1.3
DellPoweredge Xr8620t Firmware< 1.1.3
DellPoweredge Xr7620 Firmware< 1.5.6
DellPoweredge Xe8640 Firmware< 1.2.5
DellPoweredge Xe9640 Firmware< 1.3.6
DellPoweredge R6615 Firmware< 1.4.6
DellPoweredge R7615 Firmware< 1.4.6
DellPoweredge R6625 Firmware< 1.4.6
DellPoweredge R7625 Firmware< 1.4.6
DellPoweredge R650 Firmware< 1.11.2
DellPoweredge R750 Firmware< 1.11.2
DellPoweredge R750xa Firmware< 1.11.2
DellPoweredge C6520 Firmware< 1.11.2
DellPoweredge Mx750c Firmware< 1.11.2
DellPoweredge R550 Firmware< 1.11.2
DellPoweredge R450 Firmware< 1.11.2
DellPoweredge R650xs Firmware< 1.11.2
DellPoweredge R750xs Firmware< 1.11.2
DellPoweredge T550 Firmware< 1.11.2
DellPoweredge Xr11 Firmware< 1.11.2
DellPoweredge Xr12 Firmware< 1.11.2
DellPoweredge T150 Firmware< 1.7.3
DellPoweredge T350 Firmware< 1.7.3
DellPoweredge R250 Firmware< 1.7.3
DellPoweredge R350 Firmware< 1.7.3
DellPoweredge Xr4510c Firmware< 1.12.1
DellPoweredge Xr4520c Firmware< 1.12.1
DellPoweredge R6515 Firmware< 2.12.4
DellPoweredge R6525 Firmware< 2.12.4
DellPoweredge R7515 Firmware< 2.12.4
DellPoweredge R7525 Firmware< 2.12.4
DellPoweredge C6525 Firmware< 2.12.4
DellPoweredge Xe8545 Firmware< 2.12.4
DellPoweredge R740 Firmware< 2.19.1
DellPoweredge R740xd Firmware< 2.19.1

Showing 50 of 93 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2024-0172?
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.
How severe is CVE-2024-0172?
CVE-2024-0172 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 0.15% probability of exploitation in the next 30 days.
How do I fix CVE-2024-0172?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-0172?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST