{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-0162", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2023-12-14T05:30:40.938Z", "datePublished": "2024-03-13T16:18:23.730Z", "dateUpdated": "2024-08-01T20:17:13.932Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "PowerEdge BIOS Intel 16G", "vendor": "Dell", "versions": [{"lessThan": " 2.0.0", "status": "affected", "version": "N/A", "versionType": "semver"}, {"lessThan": "1.7.6", "status": "affected", "version": "N/A", "versionType": "semver"}, {"lessThan": "1.7.2", "status": "affected", "version": "N/A", "versionType": "semver"}, {"lessThan": "1.2.3", "status": "affected", "version": "N/A", "versionType": "semver"}, {"lessThan": "1.13.2", "status": "affected", "version": "N/A", "versionType": "semver"}, {"lessThan": "1.9.1", "status": "affected", "version": "N/A", "versionType": "semver"}, {"lessThan": "1.14.1", "status": "affected", "version": "N/A", "versionType": "semver"}, {"lessThan": "2.14.1", "status": "affected", "version": "N/A", "versionType": "semver"}]}], "datePublic": "2024-03-12T06:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to out-of-bound read/writes to SMRAM."}], "value": "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to out-of-bound read/writes to SMRAM."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-119", "description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2024-03-13T16:18:23.730Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000222812/dsa-2024-004-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T17:41:16.017Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.dell.com/support/kbdoc/en-us/000222812/dsa-2024-004-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-26T13:41:24.076852Z", "id": "CVE-2024-0162", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-01T20:17:13.932Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000222812/dsa-2024-004-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T17:41:16.017Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-0162", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-26T13:41:24.076852Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-26T13:41:27.451Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dell", "product": "PowerEdge BIOS Intel 16G", "versions": [{"status": "affected", "version": "N/A", "lessThan": " 2.0.0", "versionType": "semver"}, {"status": "affected", "version": "N/A", "lessThan": "1.7.6", "versionType": "semver"}, {"status": "affected", "version": "N/A", "lessThan": "1.7.2", "versionType": "semver"}, {"status": "affected", "version": "N/A", "lessThan": "1.2.3", "versionType": "semver"}, {"status": "affected", "version": "N/A", "lessThan": "1.13.2", "versionType": "semver"}, {"status": "affected", "version": "N/A", "lessThan": "1.9.1", "versionType": "semver"}, {"status": "affected", "version": "N/A", "lessThan": "1.14.1", "versionType": "semver"}, {"status": "affected", "version": "N/A", "lessThan": "2.14.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "datePublic": "2024-03-12T06:30:00.000Z", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000222812/dsa-2024-004-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to out-of-bound read/writes to SMRAM.", "supportingMedia": [{"type": "text/html", "value": "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to out-of-bound read/writes to SMRAM.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2024-03-13T16:18:23.730Z"}}}, "cveMetadata": {"cveId": "CVE-2024-0162", "state": "PUBLISHED", "dateUpdated": "2024-08-01T20:17:13.932Z", "dateReserved": "2023-12-14T05:30:40.938Z", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "datePublished": "2024-03-13T16:18:23.730Z", "assignerShortName": "dell"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to out-of-bound read/writes to SMRAM."}, {"lang": "es", "value": "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contienen una vulnerabilidad de verificaci\u00f3n del b\u00fafer de comunicaci\u00f3n SMM incorrecta. Un atacante local con pocos privilegios podr\u00eda explotar esta vulnerabilidad, lo que provocar\u00eda lecturas/escrituras fuera de los l\u00edmites en SMRAM."}], "id": "CVE-2024-0162", "lastModified": "2024-03-13T18:15:58.530", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.1, "impactScore": 3.7, "source": "security_alert@emc.com", "type": "Secondary"}]}, "published": "2024-03-13T17:15:46.617", "references": [{"source": "security_alert@emc.com", "url": "https://www.dell.com/support/kbdoc/en-us/000222812/dsa-2024-004-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "security_alert@emc.com", "type": "Primary"}]}

{}