CVE-2024-38303

Published: Aug 29, 2024Modified: Dec 20, 2024

6.0

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Exploitability: 1.5 / Impact: 4.0

Source: NVD

Description

Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, contains an Improper Input Validation vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.

Affected (31)

Dell

31 products

Emc Xc Core Xcxr2 Firmware

Emc Xc Core Xc940 System Firmware

Emc Xc Core Xc740xd2 Firmware

Emc Xc Core Xc740xd System Firmware

Emc Xc Core Xc640 System Firmware

Emc Xc Core 6420 System Firmware

Emc Storage Nx3340 Firmware

Emc Storage Nx3240 Firmware

Poweredge Xe7440 Firmware

Poweredge Xe7420 Firmware

Poweredge Xe2420 Firmware

Dss 8440 Firmware

Poweredge C4140 Firmware

Poweredge Mx840c Firmware

Poweredge Mx740c Firmware

Poweredge M640 (for Pe Vrtx) Firmware

Poweredge M640 Firmware

Poweredge Fc640 Firmware

Poweredge C6420 Firmware

Poweredge T640 Firmware

Poweredge R940xa Firmware

Poweredge R840 Firmware

Poweredge R740xd2 Firmware

Poweredge Xr2 Firmware

Poweredge T440 Firmware

Poweredge R440 Firmware

Poweredge R540 Firmware

Poweredge R940 Firmware

Poweredge R640 Firmware

Poweredge R740xd Firmware

Poweredge R740 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Emc Xc Core Xcxr2 Firmware	Before 2.22.1

Running on/with	Platform Versions
Dell Emc Xc Core Xcxr2	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Emc Xc Core Xc940 System Firmware	Before 2.22.2

Running on/with	Platform Versions
Dell Emc Xc Core Xc940 System	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Emc Xc Core Xc740xd2 Firmware	Before 2.22.1

Running on/with	Platform Versions
Dell Emc Xc Core Xc740xd2	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Emc Xc Core Xc740xd System Firmware	Before 2.22.2

Running on/with	Platform Versions
Dell Emc Xc Core Xc740xd System	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Emc Xc Core Xc640 System Firmware	Before 2.22.2

Running on/with	Platform Versions
Dell Emc Xc Core Xc640 System	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Emc Xc Core 6420 System Firmware	Before 2.22.2

Running on/with	Platform Versions
Dell Emc Xc Core 6420 System	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Emc Storage Nx3340 Firmware	Before 2.22.2

Running on/with	Platform Versions
Dell Emc Storage Nx3340	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Emc Storage Nx3240 Firmware	Before 2.22.2

Running on/with	Platform Versions
Dell Emc Storage Nx3240	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge Xe7440 Firmware	Before 2.22.2

Running on/with	Platform Versions
Dell Poweredge Xe7440	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge Xe7420 Firmware	Before 2.22.2

Running on/with	Platform Versions
Dell Poweredge Xe7420	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge Xe2420 Firmware	Before 2.22.2

Running on/with	Platform Versions
Dell Poweredge Xe2420	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Dss 8440 Firmware	Before 2.22.2

Running on/with	Platform Versions
Dell Dss 8440	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge C4140 Firmware	Before 2.22.2

Running on/with	Platform Versions
Dell Poweredge C4140	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge Mx840c Firmware	Before 2.22.1

Running on/with	Platform Versions
Dell Poweredge Mx840c	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge Mx740c Firmware	Before 2.22.1

Running on/with	Platform Versions
Dell Poweredge Mx740c	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge M640 (for Pe Vrtx) Firmware	Before 2.22.2

Running on/with	Platform Versions
Dell Poweredge M640 (for Pe Vrtx)	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge M640 Firmware	Before 2.22.2

Running on/with	Platform Versions
Dell Poweredge M640	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge Fc640 Firmware	Before 2.22.2

Running on/with	Platform Versions
Dell Poweredge Fc640	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge C6420 Firmware	Before 2.22.2

Running on/with	Platform Versions
Dell Poweredge C6420	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge T640 Firmware	Before 2.22.1

Running on/with	Platform Versions
Dell Poweredge T640	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge R940xa Firmware	Before 2.22.1

Running on/with	Platform Versions
Dell Poweredge R940xa	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge R840 Firmware	Before 2.22.1

Running on/with	Platform Versions
Dell Poweredge R840	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge R740xd2 Firmware	Before 2.22.1

Running on/with	Platform Versions
Dell Poweredge R740xd2	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge Xr2 Firmware	Before 2.22.1

Running on/with	Platform Versions
Dell Poweredge Xr2	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge T440 Firmware	Before 2.22.1

Running on/with	Platform Versions
Dell Poweredge T440	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge R440 Firmware	Before 2.22.1

Running on/with	Platform Versions
Dell Poweredge R440	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge R540 Firmware	Before 2.22.1

Running on/with	Platform Versions
Dell Poweredge R540	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge R940 Firmware	Before 2.22.2

Running on/with	Platform Versions
Dell Poweredge R940	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge R640 Firmware	Before 2.22.2

Running on/with	Platform Versions
Dell Poweredge R640	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge R740xd Firmware	Before 2.22.2

Running on/with	Platform Versions
Dell Poweredge R740xd	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge R740 Firmware	Before 2.22.2

Running on/with	Platform Versions
Dell Poweredge R740	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (1)

https://www.dell.com/support/kbdoc/en-us/000228135/dsa-2024-309-security-update-for-dell-poweredge-server-for-improper-input-validation-vulnerability

Source: security_alert@emc.com

Vendor Advisory

Timeline

No history available yet.