Dell PowerEdge Platform up to 2.21.1 access of memory location after end of buffer
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 3.5 | $0-$5k | 0.00 |
A vulnerability, which was classified as problematic, was found in Dell PowerEdge Platform up to 2.21.1. Affected is an unknown function. The manipulation with an unknown input leads to a access of memory location after end of buffer vulnerability. CWE is classifying the issue as CWE-788. The product reads or writes to a buffer using an index or pointer that references a memory location after the end of the buffer. This is going to have an impact on confidentiality. CVE summarizes:
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory.
The weakness was released 03/13/2024 by Codebreaker1337 as dsa-2024-034. The advisory is available at dell.com. This vulnerability is traded as CVE-2024-0154 since 12/14/2023. The technical details are unknown and an exploit is not available.
Upgrading to version 1.2.3, 1.7.2, 1.7.6, 1.9.1, 1.13.2, 1.14.1, 1.19.0 , 2.0.0, 2.14.0 , 2.14.1, 2.16.0, 2.19.0 , 2.20.0 , 2.21.0, 2.21.1 or 2.21.2 eliminates this vulnerability.
Entry connected to this vulnerability is available at VDB-256745.
Product
Vendor
Name
Version
- 1.0
- 1.1
- 1.2
- 1.2.0
- 1.2.1
- 1.2.2
- 1.3
- 1.4
- 1.5
- 1.6
- 1.7
- 1.7.0
- 1.7.1
- 1.7.2
- 1.7.3
- 1.7.4
- 1.7.5
- 1.8
- 1.9
- 1.10
- 1.11
- 1.12
- 1.13
- 1.13.0
- 1.13.1
- 1.14
- 1.15
- 1.16
- 1.17
- 1.18
- 1.19
- 2.0
- 2.1
- 2.2
- 2.3
- 2.4
- 2.5
- 2.6
- 2.7
- 2.8
- 2.9
- 2.10
- 2.11
- 2.12
- 2.13
- 2.14
- 2.15
- 2.16
- 2.17
- 2.18
- 2.19
- 2.20
- 2.21
- 2.21.0
- 2.21.1
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔒VulDB CVSS-BT Score: 🔒
VulDB Vector: 🔒
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 3.5VulDB Meta Temp Score: 3.5
VulDB Base Score: 3.3
VulDB Temp Score: 3.2
VulDB Vector: 🔒
VulDB Reliability: 🔍
CNA Base Score: 3.8
CNA Vector (Dell): 🔒
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Exploiting
Class: Access of memory location after end of bufferCWE: CWE-788 / CWE-120 / CWE-119
CAPEC: 🔒
ATT&CK: 🔒
Local: Yes
Remote: No
Availability: 🔒
Status: Not defined
EPSS Score: 🔒
EPSS Percentile: 🔒
Price Prediction: 🔍
Current Price Estimation: 🔒
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔒
Upgrade: PowerEdge Platform 1.2.3/1.7.2/1.7.6/1.9.1/1.13.2/1.14.1/1.19.0 /2.0.0/2.14.0 /2.14.1/2.16.0/2.19.0 /2.20.0 /2.21.0/2.21.1/2.21.2
Timeline
12/14/2023 CVE reserved03/13/2024 Advisory disclosed
03/13/2024 VulDB entry created
04/15/2024 VulDB entry last update
Sources
Vendor: dell.comAdvisory: dsa-2024-034
Researcher: Codebreaker1337
Status: Confirmed
CVE: CVE-2024-0154 (🔒)
See also: 🔒
Entry
Created: 03/13/2024 18:05Updated: 04/15/2024 09:21
Changes: 03/13/2024 18:05 (49), 04/15/2024 09:21 (15)
Complete: 🔍
Cache ID: 3:DB5:103
No comments yet. Languages: en.
Please log in to comment.