CVE-2024-25942 (GCVE-0-2024-25942)

Vulnerability from cvelistv5 – Published: 2024-03-19 07:52 – Updated: 2024-08-12 13:53
VLAI?
Summary
Dell PowerEdge Server BIOS contains an Improper SMM communication buffer verification vulnerability. A physical high privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM.
Severity ?
4.4 (Medium)
CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L
CWE
  • CWE-20 - Improper Input Validation
Assigner
References
Impacted products
Vendor Product Version
Dell PowerEdge Platform Affected: N/A , < 2.19.0  (semver)
Affected: N/A , < 2.14.0 (semver)
Affected: N/A , < 1.19.0 (semver)
Create a notification for this product.
Credits
Dell would like to thank schur of BUPT, Dubhe Lab for reporting this issue.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T23:52:06.241Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/kbdoc/en-us/000223210/dsa-2024-104-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-25942",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-12T13:53:19.426811Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-12T13:53:37.973Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "PowerEdge Platform",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "2.19.0\u00a0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.14.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.19.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Dell would like to thank schur of BUPT, Dubhe Lab for reporting this issue."
        }
      ],
      "datePublic": "2024-03-18T06:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Dell PowerEdge Server BIOS contains an Improper SMM communication buffer verification vulnerability. A physical high privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM."
            }
          ],
          "value": "Dell PowerEdge Server BIOS contains an Improper SMM communication buffer verification vulnerability. A physical high privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-19T07:52:29.228Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000223210/dsa-2024-104-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2024-25942",
    "datePublished": "2024-03-19T07:52:29.228Z",
    "dateReserved": "2024-02-13T05:29:58.481Z",
    "dateUpdated": "2024-08-12T13:53:37.973Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Dell PowerEdge Server BIOS contains an Improper SMM communication buffer verification vulnerability. A physical high privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM.\"}, {\"lang\": \"es\", \"value\": \"El BIOS del servidor Dell PowerEdge contiene una vulnerabilidad de verificaci\\u00f3n del b\\u00fafer de comunicaci\\u00f3n SMM incorrecta. Un atacante f\\u00edsico con altos privilegios podr\\u00eda explotar esta vulnerabilidad y provocar escrituras arbitrarias en SMRAM.\"}]",
      "id": "CVE-2024-25942",
      "lastModified": "2024-11-21T09:01:37.290",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security_alert@emc.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L\", \"baseScore\": 4.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"PHYSICAL\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 0.3, \"impactScore\": 3.7}]}",
      "published": "2024-03-19T08:15:06.713",
      "references": "[{\"url\": \"https://www.dell.com/support/kbdoc/en-us/000223210/dsa-2024-104-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability\", \"source\": \"security_alert@emc.com\"}, {\"url\": \"https://www.dell.com/support/kbdoc/en-us/000223210/dsa-2024-104-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "security_alert@emc.com",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"security_alert@emc.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-25942\",\"sourceIdentifier\":\"security_alert@emc.com\",\"published\":\"2024-03-19T08:15:06.713\",\"lastModified\":\"2025-02-04T17:32:28.340\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Dell PowerEdge Server BIOS contains an Improper SMM communication buffer verification vulnerability. A physical high privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM.\"},{\"lang\":\"es\",\"value\":\"El BIOS del servidor Dell PowerEdge contiene una vulnerabilidad de verificaci\u00f3n del b\u00fafer de comunicaci\u00f3n SMM incorrecta. Un atacante f\u00edsico con altos privilegios podr\u00eda explotar esta vulnerabilidad y provocar escrituras arbitrarias en SMRAM.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security_alert@emc.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L\",\"baseScore\":4.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":0.3,\"impactScore\":3.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.5,\"impactScore\":5.8}]},\"weaknesses\":[{\"source\":\"security_alert@emc.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_r730_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.19.0\",\"matchCriteriaId\":\"FEA86EFE-D74A-4FAF-AC9A-633727D72576\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_r730:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F2D8095-BFAD-4A4C-92EF-5C27AC5860FC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_r730xd_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.19.0\",\"matchCriteriaId\":\"F86999EA-7EED-4463-8CF3-53A4F1A4E68F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_r730xd:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F20FC968-9159-4514-9001-B6E14AAC9BB4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_r630_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.19.0\",\"matchCriteriaId\":\"4A95501F-9CB4-4758-90FB-7993C5B8479F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_r630:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3889B4D3-0B99-44AC-B732-809F7652C9D2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_c4130_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.19.0\",\"matchCriteriaId\":\"373FCE8C-3C8D-4698-9888-98C65E6D7C01\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_c4130:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89E0CC72-B046-4F7C-B7FD-E8E0995C0333\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_r930_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.14.0\",\"matchCriteriaId\":\"7A2C8BFD-3874-4912-8EC1-98647E3D0C9D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_r930:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1669BF88-F4AC-4166-B657-A5E0EB95F206\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_m630_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.19.0\",\"matchCriteriaId\":\"A7BB719C-00D7-4C78-BB42-329BE0420309\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_m630:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05ABA114-D098-48D2-9E0F-E021D82F08B2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_m630_\\\\(pe_vrtx\\\\)_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.19.0\",\"matchCriteriaId\":\"D42919E5-52CF-44A1-B4FD-A5B9799211E1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_m630_\\\\(pe_vrtx\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D90D2E26-AD95-4284-9007-50A60364A34C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_fc630_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.19.0\",\"matchCriteriaId\":\"9CB9AD96-DE95-4F41-98A1-C27F41123BD2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_fc630:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E5481DE-457C-44D4-A3FE-10DB525699E3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_fc430_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.19.0\",\"matchCriteriaId\":\"077D28F0-6748-4F82-982F-753F998427A6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_fc430:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1C272E6-7D78-433C-B668-EF0E810CC5BB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_m830_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.19.0\",\"matchCriteriaId\":\"790AB221-887C-44BB-9819-895266CC966B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_m830:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3BE9AB9-8093-437E-9BF6-8BA0D5ECC7D3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_m830_\\\\(pe_vrtx\\\\)_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.19.0\",\"matchCriteriaId\":\"6C2E7166-A7C5-477E-B9DB-6E23B4D79FC4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_m830_\\\\(pe_vrtx\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE4FDBF0-B9FE-4A7C-93B7-FF9E0E63B424\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_fc830_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.19.0\",\"matchCriteriaId\":\"9DA2898A-EC3A-4D35-B8EB-6CF9E346CFFE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_fc830:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C060A4FA-B524-497C-AC27-3256ED048DF7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_t630_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.19.0\",\"matchCriteriaId\":\"BB9F2BE0-F283-472F-A583-6B9283E4A529\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_t630:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F2B4062-E672-4F04-AA58-769DC546DA10\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_r530_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.19.0\",\"matchCriteriaId\":\"1E28BABF-8EE2-4ED0-8341-329FE56E34BF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_r530:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1ECA70D5-0884-4B74-92C0-DFBC8454FDAD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_r430_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.19.0\",\"matchCriteriaId\":\"D8082BDB-1AC5-45B2-949B-1B5B8DD6126B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_r430:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8EFF354-4534-480D-B52E-5FA575659E77\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_t430_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.19.0\",\"matchCriteriaId\":\"2931E08C-E557-4E30-9A3B-81AA9CE1056E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_t430:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B326C0B3-8CDF-4451-8B59-6E6EA3F1AB76\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_r830_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.19.0\",\"matchCriteriaId\":\"06131E42-6E13-4C93-BEA3-A3073AF05A17\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_r830:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFD80313-F625-40DE-82CC-15EBD2747991\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_c6320_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.19.0\",\"matchCriteriaId\":\"D55DF536-984E-4BE6-A9E5-613CDAAD8171\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_c6320:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB62B772-0492-490F-B971-93854DFD0CE0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:nx3230_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.19.0\",\"matchCriteriaId\":\"5945E528-0ECE-4C0F-9D6D-FC0FA8BCBC37\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:nx3230:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24D0E8F8-4EEB-4A1E-B853-3704140A86B8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:nx3330_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.19.0\",\"matchCriteriaId\":\"A372313B-02BA-4B1F-B0FB-175D4DCEFF58\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:nx3330:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9428F53B-5740-4E8F-8569-ECE6CA4C137F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:xc6320_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.19.0\",\"matchCriteriaId\":\"D5CE9E93-A46D-40E3-B115-237BA73D91E2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:xc6320:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93911F86-8562-43A9-8DCC-34482CD1233A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:xc430_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.19.0\",\"matchCriteriaId\":\"5D20DBEE-30BF-4CD7-8E52-966851D54215\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:xc430:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A999FC9-150A-472C-8B57-5E41D43B6BEC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:xc630_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.19.0\",\"matchCriteriaId\":\"01B3B015-74E9-4A61-AEA4-A322FDC28445\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:xc630:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48F88DD5-EE82-467E-9E19-88C7829EE1CB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:xc730_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.19.0\",\"matchCriteriaId\":\"6A328429-B728-4DB6-9E33-8B4986537A35\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:xc730:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1D48B26-84DE-477D-9220-B600938ED14B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:xc730xd_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.19.0\",\"matchCriteriaId\":\"CE4346FD-76DD-4ABD-8820-3456DDEB5FD1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:xc730xd:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"193DEB94-B27C-4038-A544-3CCC35FBCEA5\"}]}]}],\"references\":[{\"url\":\"https://www.dell.com/support/kbdoc/en-us/000223210/dsa-2024-104-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.dell.com/support/kbdoc/en-us/000223210/dsa-2024-104-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.dell.com/support/kbdoc/en-us/000223210/dsa-2024-104-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T23:52:06.241Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-25942\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-12T13:53:19.426811Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-12T13:53:32.529Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Dell would like to thank schur of BUPT, Dubhe Lab for reporting this issue.\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 4.4, \"attackVector\": \"PHYSICAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Dell\", \"product\": \"PowerEdge Platform\", \"versions\": [{\"status\": \"affected\", \"version\": \"N/A\", \"lessThan\": \"2.19.0\\u00a0\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"N/A\", \"lessThan\": \"2.14.0\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"N/A\", \"lessThan\": \"1.19.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2024-03-18T06:30:00.000Z\", \"references\": [{\"url\": \"https://www.dell.com/support/kbdoc/en-us/000223210/dsa-2024-104-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Dell PowerEdge Server BIOS contains an Improper SMM communication buffer verification vulnerability. A physical high privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Dell PowerEdge Server BIOS contains an Improper SMM communication buffer verification vulnerability. A physical high privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20: Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"c550e75a-17ff-4988-97f0-544cde3820fe\", \"shortName\": \"dell\", \"dateUpdated\": \"2024-03-19T07:52:29.228Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-25942\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-12T13:53:37.973Z\", \"dateReserved\": \"2024-02-13T05:29:58.481Z\", \"assignerOrgId\": \"c550e75a-17ff-4988-97f0-544cde3820fe\", \"datePublished\": \"2024-03-19T07:52:29.228Z\", \"assignerShortName\": \"dell\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.