Dell PowerEdge Server Buffer Overflow Vulnerability
CVE-2024-22453

7.2HIGH

Key Information:

Vendor: Dell
Status: Poweredge Platform
Vendor: CVE Published:; 19 March 2024

Summary

The Dell PowerEdge Server BIOS is affected by a heap-based buffer overflow vulnerability. This issue allows an attacker with high-level privileges to exploit the vulnerability and potentially write to memory locations that are normally restricted. This type of vulnerability poses a risk as it could be used to manipulate system behavior, access sensitive information, or lead to further system exploitation. It is crucial for affected users to implement the security updates provided by Dell to mitigate this risk effectively.

Affected Version(s)

PowerEdge Platform < 2.19.0

PowerEdge Platform < 2.14.0

PowerEdge Platform < 1.19.0

References

https://www.dell.com/support/kbdoc/en-us/000223209/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Mar 19, 2024
Vulnerability Reserved
Jan 10, 2024

Credit

Dell would like to thank schur of BUPT, Dubhe Lab for reporting this issue