CVE-2024-0161

moderate-risk
Published 2024-03-13

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM.

Do I need to act?

-
0.03% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.2/10 High
LOCAL / HIGH complexity

Affected Products (20)

Poweredge T360 Firmware
Poweredge R360 Firmware
Poweredge R650 Firmware
Poweredge R750 Firmware
Poweredge R750Xa Firmware
Poweredge C6520 Firmware
Poweredge Mx750C Firmware
Poweredge R550 Firmware
Poweredge R450 Firmware
Poweredge R650Xs Firmware
Poweredge R750Xs Firmware
Poweredge T550 Firmware
Poweredge Xr11 Firmware
Poweredge Xr12 Firmware
Poweredge Xr4510C Firmware
Poweredge Xr4520C Firmware
Poweredge T150 Firmware
Poweredge T350 Firmware
Poweredge R250 Firmware
Poweredge R350 Firmware

Affected Vendors

Dell

References (2)

Vendor Advisory https://www.dell.com/support/kbdoc/en-us/000222979/dsa-2024-006-security-update-...
Vendor Advisory https://www.dell.com/support/kbdoc/en-us/000222979/dsa-2024-006-security-update-...
48
/ 100
moderate-risk
Severity 19/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 29/34 · Critical