Vulnerabilities > CVE-2024-0171 - Unspecified vulnerability in Dell products

CVSS 5.3 - MEDIUM

Attack vector

LOCAL

Attack complexity

HIGH

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

LOW

local

high complexity

dell

NVD

Published: 2024-06-25

Updated: 2024-11-21

Summary

Dell PowerEdge Server BIOS contains an TOCTOU race condition vulnerability. A local low privileged attacker could potentially exploit this vulnerability to gain access to otherwise unauthorized resources.

Vulnerable Configurations

Part	Description	Count
OS	Dell Dell Poweredge R6615 Firmware * Dell Poweredge R7615 Firmware * Dell Poweredge R6625 Firmware * Dell Poweredge R7625 Firmware * Dell Poweredge C6615 Firmware * Dell XC Core Xc7625 Firmware -	6
Hardware	Dell Dell Poweredge R6615 - Dell Poweredge R7615 - Dell Poweredge R6625 - Dell Poweredge R7625 - Dell Poweredge C6615 - Dell XC Core Xc7625 -	6

References

https://www.dell.com/support/kbdoc/en-us/000226253/dsa-2024-039-security-update-for-dell-amd-based-poweredge-server-vulnerability
https://www.dell.com/support/kbdoc/en-us/000226253/dsa-2024-039-security-update-for-dell-amd-based-poweredge-server-vulnerability