CVE-2024-0171

Dell PowerEdge Server BIOS contains an TOCTOU race condition vulnerability. A local low privileged attacker could potentially exploit this vulnerability to gain access to otherwise unauthorized resources.

Published: Jun 25, 2024
Updated: Aug 21, 2024
CVE: CVE-2024-0171
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

CWEs:

CWE-367

Affected Software
References

Software	From	Fixed in
dell / poweredge_r6615_firmware	-	1.8.3
dell / poweredge_r7615_firmware	-	1.8.3
dell / poweredge_r6625_firmware	-	1.8.3
dell / poweredge_r7625_firmware	-	1.8.3
dell / poweredge_c6615_firmware	-	1.3.3
dell / xc_core_xc7625_firmware	-	1.8.3

https://www.dell.com/support/kbdoc/en-us/000226253/dsa-2024-039-security-update-for-dell-amd-based-poweredge-server-vulnerability

Vulnerability Database

290,206

CVE-2024-0171