cnvd - cnvd-2024-14756

CNVD-2024-14756

Vulnerability from cnvd - Published: 2024-03-27

Title

Dell PowerEdge Server BIOS和Dell Precision Rack BIOS输入验证错误漏洞

Description

Dell PowerEdge Server BIOS和Dell Precision Rack BIOS都是美国戴尔（Dell）公司的产品。Dell PowerEdge Server BIOS是戴尔（Dell）的一款系统更新驱动程序。Dell Precision Rack BIOS是高性能工作站产品的BIOS工具。 Dell PowerEdge Server BIOS和 Dell Precision Rack BIOS存在输入验证错误漏洞，该漏洞源于包含不正确的 SMM通信缓冲区验证漏洞。本地低权限攻击者可利用该漏洞导致对SMRAM的任意写入。

Severity

中

Patch Name

Dell PowerEdge Server BIOS和Dell Precision Rack BIOS输入验证错误漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.dell.com/support/kbdoc/en-us/000222979/dsa-2024-006-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability

Reference

https://cxsecurity.com/cveshow/CVE-2024-0161/

Impacted products

Name
['DELL Dell PowerEdge Server BIOS', 'DELL Dell Precision Rack BIOS']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-0161"
    }
  },
  "description": "Dell PowerEdge Server BIOS\u548cDell Precision Rack BIOS\u90fd\u662f\u7f8e\u56fd\u6234\u5c14\uff08Dell\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Dell PowerEdge Server BIOS\u662f\u6234\u5c14\uff08Dell\uff09\u7684\u4e00\u6b3e\u7cfb\u7edf\u66f4\u65b0\u9a71\u52a8\u7a0b\u5e8f\u3002Dell Precision Rack BIOS\u662f\u9ad8\u6027\u80fd\u5de5\u4f5c\u7ad9\u4ea7\u54c1\u7684BIOS\u5de5\u5177\u3002\n\nDell PowerEdge Server BIOS\u548c Dell Precision Rack BIOS\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5305\u542b\u4e0d\u6b63\u786e\u7684 SMM\u901a\u4fe1\u7f13\u51b2\u533a\u9a8c\u8bc1\u6f0f\u6d1e\u3002\u672c\u5730\u4f4e\u6743\u9650\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u5bf9SMRAM\u7684\u4efb\u610f\u5199\u5165\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.dell.com/support/kbdoc/en-us/000222979/dsa-2024-006-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-14756",
  "openTime": "2024-03-27",
  "patchDescription": "Dell PowerEdge Server BIOS\u548cDell Precision Rack BIOS\u90fd\u662f\u7f8e\u56fd\u6234\u5c14\uff08Dell\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Dell PowerEdge Server BIOS\u662f\u6234\u5c14\uff08Dell\uff09\u7684\u4e00\u6b3e\u7cfb\u7edf\u66f4\u65b0\u9a71\u52a8\u7a0b\u5e8f\u3002Dell Precision Rack BIOS\u662f\u9ad8\u6027\u80fd\u5de5\u4f5c\u7ad9\u4ea7\u54c1\u7684BIOS\u5de5\u5177\u3002\r\n\r\nDell PowerEdge Server BIOS\u548c Dell Precision Rack BIOS\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5305\u542b\u4e0d\u6b63\u786e\u7684 SMM\u901a\u4fe1\u7f13\u51b2\u533a\u9a8c\u8bc1\u6f0f\u6d1e\u3002\u672c\u5730\u4f4e\u6743\u9650\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u5bf9SMRAM\u7684\u4efb\u610f\u5199\u5165\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Dell PowerEdge Server BIOS\u548cDell Precision Rack BIOS\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "DELL Dell PowerEdge Server BIOS",
      "DELL Dell Precision Rack BIOS"
    ]
  },
  "referenceLink": "https://cxsecurity.com/cveshow/CVE-2024-0161/",
  "serverity": "\u4e2d",
  "submitTime": "2024-03-18",
  "title": "Dell PowerEdge Server BIOS\u548cDell Precision Rack BIOS\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e"
}

CVE-2024-0161 (GCVE-0-2024-0161)

Vulnerability from cvelistv5 – Published: 2024-03-13 16:04 – Updated: 2024-08-12 13:56

Summary

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM.

Severity ?

7.2 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H

CWE

CWE-20 - Improper Input Validation

Assigner

dell

References

URL

Tags

https://www.dell.com/support/kbdoc/en-us/00022297…

vendor-advisory

Impacted products

	Vendor	Product	Version
	Dell	PowerEdge Platform	Affected: N/A , < 1.1.1 (semver) Affected: N/A , < 1.13.2 (semver) Affected: N/A , < 1.14.1 (semver) Affected: N/A , < 1.9.1 (semver) Affected: N/A , < 2.21.2 (semver) Affected: N/A , < 2.21.1 (semver) Affected: N/A , < 2.21.0 (semver) Affected: N/A , < 2.19.0 (semver) Affected: N/A , < 2.14.0 (semver) Affected: N/A , < 1.19.0 (semver) Affected: N/A , < 2.20.0 (semver)

Credits

Dell would like to thank codebreaker1337 as well as schur of BUPT, Dubhe Lab for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T17:41:15.986Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/kbdoc/en-us/000222979/dsa-2024-006-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-0161",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-12T13:56:13.395413Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-12T13:56:29.418Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "PowerEdge Platform",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.1.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.13.2",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.14.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.9.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.21.2",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.21.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.21.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.19.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.14.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.19.0\u00a0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.20.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Dell would like to thank codebreaker1337 as well as schur of BUPT, Dubhe Lab for reporting this issue."
        }
      ],
      "datePublic": "2024-03-12T06:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM."
            }
          ],
          "value": "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-13T16:04:12.678Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000222979/dsa-2024-006-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2024-0161",
    "datePublished": "2024-03-13T16:04:12.678Z",
    "dateReserved": "2023-12-14T05:30:39.766Z",
    "dateUpdated": "2024-08-12T13:56:29.418Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2024-14756

CVE-2024-0161 (GCVE-0-2024-0161)

Tags

Sightings

Nomenclature