Strix
26.1K

CVE-2024-0173

LOWCVSS 3.3/10EPSS 0.17%

Last modified

CVE-2024-0173 is a low-severity vulnerability rated 3.3/10 on the CVSS scale. Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory.. EPSS estimates a 0.17% chance of exploitation in the next 30 days.

Description

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory.

Metrics

CVSS 3.1
3.3/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS Probability
0.17%

6.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
DellPoweredge R660 Firmware< 2.0.0
DellPoweredge R760 Firmware< 2.0.0
DellPoweredge C6620 Firmware< 2.0.0
DellPoweredge Mx760c Firmware< 2.0.0
DellPoweredge R860 Firmware< 1.8.0
DellPoweredge R960 Firmware< 1.8.0
DellPoweredge Hs5610 Firmware< 2.0.0
DellPoweredge Hs5620 Firmware< 2.0.0
DellPoweredge R660xs Firmware< 2.0.0
DellPoweredge R760xs Firmware< 2.0.0
DellPoweredge R760xd2 Firmware< 2.0.0
DellPoweredge T560 Firmware< 2.0.0
DellPoweredge R760xa Firmware< 2.0.0
DellPoweredge Xe9680 Firmware< 1.8.0
DellPoweredge Xr5610 Firmware< 1.8.0
DellPoweredge Xr8610t Firmware< 1.8.0
DellPoweredge Xr8620t Firmware< 1.8.0
DellPoweredge Xr7620 Firmware< 1.8.0
DellPoweredge Xe8640 Firmware< 1.8.0
DellPoweredge Xe9640 Firmware< 1.8.0
DellPoweredge R6615 Firmware< 1.7.2
DellPoweredge R7615 Firmware< 1.7.2
DellPoweredge R6625 Firmware< 1.7.2
DellPoweredge R7625 Firmware< 1.7.2
DellPoweredge C6615 Firmware< 1.2.3
DellPoweredge R650 Firmware< 1.13.2
DellPoweredge R750 Firmware< 1.13.2
DellPoweredge R750xa Firmware< 1.13.2
DellPoweredge C6520 Firmware< 1.13.2
DellPoweredge Mx750c Firmware< 1.13.2
DellPoweredge R550 Firmware< 1.13.2
DellPoweredge R450 Firmware< 1.13.2
DellPoweredge R650xs Firmware< 1.13.2
DellPoweredge R750xs Firmware< 1.13.2
DellPoweredge T550 Firmware< 1.13.2
DellPoweredge Xr11 Firmware< 1.13.2
DellPoweredge Xr12 Firmware< 1.13.2
DellPoweredge Xr4510c Firmware< 1.14.1
DellPoweredge Xr4520c Firmware< 1.14.1
DellPoweredge T150 Firmware< 1.9.1
DellPoweredge T350 Firmware< 1.9.1
DellPoweredge R250 Firmware< 1.9.1
DellPoweredge R350 Firmware< 1.9.1
DellPoweredge R6515 Firmware< 2.14.1
DellPoweredge R6525 Firmware< 2.14.1
DellPoweredge R7515 Firmware< 2.14.1
DellPoweredge R7525 Firmware< 2.14.1
DellPoweredge C6525 Firmware< 2.14.1
DellPoweredge Xe8545 Firmware< 2.14.1
DellPoweredge R740 Firmware< 2.21.2

Showing 50 of 124 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2024-0173?
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory.
How severe is CVE-2024-0173?
CVE-2024-0173 has a CVSS score of 3.3/10 (LOW severity). The EPSS model estimates a 0.17% probability of exploitation in the next 30 days.
How do I fix CVE-2024-0173?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-0173?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST