CVE-2024-0172

EUVD-2024-15971
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.9 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
Affected Products (NVD)
VendorProductVersion
dellpoweredge_r660_firmware
𝑥
< 1.5.6
dellpoweredge_r760_firmware
𝑥
< 1.5.6
dellpoweredge_c6620_firmware
𝑥
< 1.5.6
dellpoweredge_mx760c_firmware
𝑥
< 1.5.6
dellpoweredge_r860_firmware
𝑥
< 1.5.6
dellpoweredge_r960_firmware
𝑥
< 1.5.6
dellpoweredge_hs5610_firmware
𝑥
< 1.5.6
dellpoweredge_hs5620_firmware
𝑥
< 1.5.6
dellpoweredge_r660xs_firmware
𝑥
< 1.5.6
dellpoweredge_r760xs_firmware
𝑥
< 1.5.6
dellpoweredge_r760xd2_firmware
𝑥
< 1.5.6
dellpoweredge_t560_firmware
𝑥
< 1.5.6
dellpoweredge_r760xa_firmware
𝑥
< 1.1.3
dellpoweredge_xe9680_firmware
𝑥
< 1.1.3
dellpoweredge_xr5610_firmware
𝑥
< 1.1.4
dellpoweredge_xr8610t_firmware
𝑥
< 1.1.3
dellpoweredge_xr8620t_firmware
𝑥
< 1.1.3
dellpoweredge_xr7620_firmware
𝑥
< 1.5.6
dellpoweredge_xe8640_firmware
𝑥
< 1.2.5
dellpoweredge_xe9640_firmware
𝑥
< 1.3.6
dellpoweredge_r6615_firmware
𝑥
< 1.4.6
dellpoweredge_r7615_firmware
𝑥
< 1.4.6
dellpoweredge_r6625_firmware
𝑥
< 1.4.6
dellpoweredge_r7625_firmware
𝑥
< 1.4.6
dellpoweredge_r650_firmware
𝑥
< 1.11.2
dellpoweredge_r750_firmware
𝑥
< 1.11.2
dellpoweredge_r750xa_firmware
𝑥
< 1.11.2
dellpoweredge_c6520_firmware
𝑥
< 1.11.2
dellpoweredge_mx750c_firmware
𝑥
< 1.11.2
dellpoweredge_r550_firmware
𝑥
< 1.11.2
dellpoweredge_r450_firmware
𝑥
< 1.11.2
dellpoweredge_r650xs_firmware
𝑥
< 1.11.2
dellpoweredge_r750xs_firmware
𝑥
< 1.11.2
dellpoweredge_t550_firmware
𝑥
< 1.11.2
dellpoweredge_xr11_firmware
𝑥
< 1.11.2
dellpoweredge_xr12_firmware
𝑥
< 1.11.2
dellpoweredge_t150_firmware
𝑥
< 1.7.3
dellpoweredge_t350_firmware
𝑥
< 1.7.3
dellpoweredge_r250_firmware
𝑥
< 1.7.3
dellpoweredge_r350_firmware
𝑥
< 1.7.3
dellpoweredge_xr4510c_firmware
𝑥
< 1.12.1
dellpoweredge_xr4520c_firmware
𝑥
< 1.12.1
dellpoweredge_r6515_firmware
𝑥
< 2.12.4
dellpoweredge_r6525_firmware
𝑥
< 2.12.4
dellpoweredge_r7515_firmware
𝑥
< 2.12.4
dellpoweredge_r7525_firmware
𝑥
< 2.12.4
dellpoweredge_c6525_firmware
𝑥
< 2.12.4
dellpoweredge_xe8545_firmware
𝑥
< 2.12.4
dellpoweredge_r740_firmware
𝑥
< 2.19.1
dellpoweredge_r740xd_firmware
𝑥
< 2.19.1
dellpoweredge_r640_firmware
𝑥
< 2.19.1
dellpoweredge_r940_firmware
𝑥
< 2.19.1
dellpoweredge_r540_firmware
𝑥
< 2.19.1
dellpoweredge_r440_firmware
𝑥
< 2.19.1
dellpoweredge_t440_firmware
𝑥
< 2.19.1
dellpoweredge_xr2_firmware
𝑥
< 2.19.1
dellpoweredge_r740xd2_firmware
𝑥
< 2.19.1
dellpoweredge_r840_firmware
𝑥
< 2.19.1
dellpoweredge_r940xa_firmware
𝑥
< 2.19.1
dellpoweredge_t640_firmware
𝑥
< 2.19.1
dellpoweredge_c6420_firmware
𝑥
< 2.19.1
dellpoweredge_fc640_firmware
𝑥
< 2.19.1
dellpoweredge_m640_firmware
𝑥
< 2.19.1
dellpoweredge_m640_\(pe_vrtx\)_firmware
𝑥
< 2.19.1
dellpoweredge_mx740c_firmware
𝑥
< 2.19.1
dellpoweredge_mx840c_firmware
𝑥
< 2.19.1
dellpoweredge_c4140_firmware
𝑥
< 2.19.1
delldss_8440_firmware
𝑥
< 2.19.0
dellpoweredge_xe2420_firmware
𝑥
< 2.19.0
dellpoweredge_xe7420_firmware
𝑥
< 2.19.0
dellpoweredge_xe7440_firmware
𝑥
< 2.19.0
dellpoweredge_t140_firmware
𝑥
< 2.14.1
dellpoweredge_t340_firmware
𝑥
< 2.14.1
dellpoweredge_r240_firmware
𝑥
< 2.14.1
dellpoweredge_r340_firmware
𝑥
< 2.14.1
dellpoweredge_r6415_firmware
𝑥
< 1.20.0
dellpoweredge_r7415_firmware
𝑥
< 1.20.0
dellpoweredge_r7425_firmware
𝑥
< 1.20.0
dellemc_storage_nx3240_firmware
𝑥
< 2.19.1
dellemc_storage_nx3340_firmware
𝑥
< 2.19.1
dellnx440_firmware
𝑥
< 2.14.1
dellemc_xc_core_xc450_firmware
𝑥
< 1.11.2
dellemc_xc_core_xc650_firmware
𝑥
< 1.11.2
dellemc_xc_core_xc750_firmware
𝑥
< 1.11.2
dellemc_xc_core_xc750xa_firmware
𝑥
< 1.11.2
dellemc_xc_core_xc6520_firmware
𝑥
< 1.11.2
dellemc_xc_core_6420_system_firmware
𝑥
< 2.19.1
dellemc_xc_core_xc640_system_firmware
𝑥
< 2.19.1
dellemc_xc_core_xc740xd_system_firmware
𝑥
< 2.19.1
dellemc_xc_core_xc740xd2_firmware
𝑥
< 2.19.1
dellemc_xc_core_xc940_system_firmware
𝑥
< 2.19.1
dellemc_xc_core_xcxr2_firmware
𝑥
< 2.19.1
dellemc_xc_core_xc7525_firmware
𝑥
< 2.12.4
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
dellpoweredge_r660_firmware
𝑥
< 1.5.6
ADP
dellpoweredge_r760_firmware
𝑥
< 1.5.6
ADP
dellpoweredge_c6620_firmware
𝑥
< 1.5.6
ADP
dellpoweredge_mx760c_firmware
𝑥
< 1.5.6
ADP
dellpoweredge_r860_firmware
𝑥
< 1.5.6
ADP
dellpoweredge_r960_firmware
𝑥
< 1.5.6
ADP
dellpoweredge_hs5610_firmware
𝑥
< 1.5.6
ADP
dellpoweredge_hs5620_firmware
𝑥
< 1.5.6
ADP
dellpoweredge_r660xs_firmware
𝑥
< 1.5.6
ADP
dellpoweredge_r760xs_firmware
𝑥
< 1.5.6
ADP
dellpoweredge_r760xd2_firmware
𝑥
< 1.5.6
ADP
dellpoweredge_t560_firmware
𝑥
< 1.5.6
ADP
dellpoweredge_r760xa_firmware
𝑥
< 1.1.3
ADP
dellpoweredge_xe9680_firmware
𝑥
< 1.1.3
ADP
dellpoweredge_xr5610_firmware
𝑥
< 1.1.4
ADP
dellpoweredge_xr8620t_firmware
𝑥
< 1.1.3
ADP
dellpoweredge_xr7620_firmware
𝑥
< 1.5.6
ADP
dellpoweredge_xe8640_firmware
𝑥
< 1.2.5
ADP
dellpoweredge_xe9640_firmware
𝑥
< 1.3.6
ADP
dellpoweredge_r6615_firmware
𝑥
< 1.4.6
ADP
dellpoweredge_r7615_firmware
𝑥
< 1.4.6
ADP
dellpoweredge_r6625_firmware
𝑥
< 1.4.6
ADP
dellpoweredge_r7625_firmware
𝑥
< 1.4.6
ADP
dellpoweredge_r650_firmware
𝑥
< 1.11.2
ADP
dellpoweredge_r750_firmware
𝑥
< 1.11.2
ADP
dellpoweredge_r750xa_firmware
𝑥
< 1.11.2
ADP
dellpoweredge_c6520_firmware
𝑥
< 1.11.2
ADP
dellpoweredge_mx750c_firmware
𝑥
< 1.11.2
ADP
dellpoweredge_r550_firmware
𝑥
< 1.11.2
ADP
dellpoweredge_r450_firmware
𝑥
< 1.11.2
ADP
dellpoweredge_r650xs_firmware
𝑥
< 1.11.2
ADP
dellpoweredge_r750xs_firmware
𝑥
< 1.11.2
ADP
dellpoweredge_t550_firmware
𝑥
< 1.11.2
ADP
dellpoweredge_xr11_firmware
𝑥
< 1.11.2
ADP
dellpoweredge_xr12_firmware
𝑥
< 1.11.2
ADP
dellpoweredge_t150_firmware
𝑥
< 1.7.3
ADP
dellpoweredge_t350_firmware
𝑥
< 1.7.3
ADP
dellpoweredge_r250_firmware
𝑥
< 1.7.3
ADP
dellpoweredge_r350_firmware
𝑥
< 1.7.3
ADP
dellpoweredge_xr4510c_firmware
𝑥
< 1.12.1
ADP
dellpoweredge_xr4520c_firmware
𝑥
< 1.12.1
ADP
dellpoweredge_r6515_firmware
𝑥
< 2.12.4
ADP
dellpoweredge_r6525_firmware
𝑥
< 2.12.4
ADP
dellpoweredge_r7515_firmware
𝑥
< 2.12.4
ADP
dellpoweredge_r7525_firmware
𝑥
< 2.12.4
ADP
dellpoweredge_c6525_firmware
𝑥
< 2.12.4
ADP
dellpoweredge_xe8545_firmware
𝑥
< 2.12.4
ADP
dellpoweredge_r740_firmware
𝑥
< 2.19.1
ADP
dellpoweredge_r740xd_firmware
𝑥
< 2.19.1
ADP
dellpoweredge_r640_firmware
𝑥
< 2.19.1
ADP
dellpoweredge_r940_firmware
𝑥
< 2.19.1
ADP
dellpoweredge_r540_firmware
𝑥
< 2.19.1
ADP
dellpoweredge_r440_firmware
𝑥
< 2.19.1
ADP
dellpoweredge_t440_firmware
𝑥
< 2.19.1
ADP
dellpoweredge_xr2_firmware
𝑥
< 2.19.1
ADP
dellpoweredge_r740xd2_firmware
𝑥
< 2.19.1
ADP
dellpoweredge_r840_firmware
𝑥
< 2.19.1
ADP
dellpoweredge_r940xa_firmware
𝑥
< 2.19.1
ADP
dellpoweredge_t640_firmware
𝑥
< 2.19.1
ADP
dellpoweredge_c6420_firmware
𝑥
< 2.19.1
ADP
dellpoweredge_fc640_firmware
𝑥
< 2.19.1
ADP
dellpoweredge_m640_firmware
𝑥
< 2.19.1
ADP
dellpoweredge_mx740c_firmware
𝑥
< 2.19.1
ADP
dellpoweredge_mx840c_firmware
𝑥
< 2.19.1
ADP
dellpoweredge_c4140_firmware
𝑥
< 2.19.1
ADP
dellpoweredge_xe2420_firmware
𝑥
< 2.19.0
ADP
dellpoweredge_xe7420_firmware
𝑥
< 2.19.0
ADP
dellpoweredge_xe7440_firmware
𝑥
< 2.19.0
ADP
dellpoweredge_t140_firmware
𝑥
< 2.14.1
ADP
dellpoweredge_t340_firmware
𝑥
< 2.14.1
ADP
dellpoweredge_r240_firmware
𝑥
< 2.14.1
ADP
dellpoweredge_r340_firmware
𝑥
< 2.14.1
ADP
dellpoweredge_r6415_firmware
𝑥
< 1.20.0
ADP
dellpoweredge_r7415_firmware
𝑥
< 1.20.0
ADP
dellpoweredge_r7425_firmware
𝑥
< 1.20.0
ADP
dellemc_storage_nx3240_firmware
𝑥
< 2.19.1
ADP
dellemc_storage_nx3340_firmware
𝑥
< 2.19.1
ADP
dellemc_xc_core_xc450_firmware
𝑥
< 1.11.2
ADP
dellemc_xc_core_xc650_firmware
𝑥
< 1.11.2
ADP
dellemc_xc_core_xc750_firmware
𝑥
< 1.11.2
ADP
Common Weakness Enumeration
References
https://www.dell.com/support/kbdoc/en-us/000223727/dsa-2024-035-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerability
https://www.dell.com/support/kbdoc/en-us/000223727/dsa-2024-035-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerability