Dell PowerEdge Server BIOS Privilege Escalation Vulnerability
CVE-2024-0172

7.8HIGH

Key Information:

Vendor: Dell
Status: Poweredge Platform
Vendor: CVE Published:; 3 April 2024

What is CVE-2024-0172?

The Dell PowerEdge Server BIOS and the Dell Precision Rack BIOS are impacted by a vulnerability that arises from improper privilege management. This issue permits an unauthenticated local attacker to potentially exploit the BIOS, resulting in privilege escalation. If successfully exploited, the attacker may gain unauthorized access to system resources and potentially compromise the integrity of the system. It is crucial for users and administrators to apply the recommended security updates provided by Dell to mitigate these risks.

Affected Version(s)

PowerEdge Platform < 1.5.6

PowerEdge Platform < 1.1.3

PowerEdge Platform < 1.1.4

References

https://www.dell.com/support/kbdoc/en-us/000223727/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 3, 2024