{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-22453", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2024-01-10T15:26:10.251Z", "datePublished": "2024-03-19T07:42:27.785Z", "dateUpdated": "2024-08-01T22:43:34.929Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "PowerEdge Platform", "vendor": "Dell", "versions": [{"lessThan": "2.19.0", "status": "affected", "version": "N/A", "versionType": "semver"}, {"lessThan": "2.14.0", "status": "affected", "version": "N/A", "versionType": "semver"}, {"lessThan": "1.19.0", "status": "affected", "version": "N/A", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Dell would like to thank schur of BUPT, Dubhe Lab for reporting this issue"}], "datePublic": "2024-03-18T06:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Dell PowerEdge Server BIOS contains a heap-based buffer overflow vulnerability. A local high privileged attacker could potentially exploit this vulnerability to write to otherwise unauthorized memory."}], "value": "Dell PowerEdge Server BIOS contains a heap-based buffer overflow vulnerability. A local high privileged attacker could potentially exploit this vulnerability to write to otherwise unauthorized memory."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2024-03-19T07:42:27.785Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000223209/dsa-2024-105-security-update-for-dell-poweredge-server-bios-for-a-heap-based-buffer-overflow-vulnerability"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-22453", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-19T14:44:45.916921Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:52:52.907Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:43:34.929Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.dell.com/support/kbdoc/en-us/000223209/dsa-2024-105-security-update-for-dell-poweredge-server-bios-for-a-heap-based-buffer-overflow-vulnerability"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000223209/dsa-2024-105-security-update-for-dell-poweredge-server-bios-for-a-heap-based-buffer-overflow-vulnerability", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:43:34.929Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-22453", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-19T14:44:45.916921Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:18.645Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Dell would like to thank schur of BUPT, Dubhe Lab for reporting this issue"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dell", "product": "PowerEdge Platform", "versions": [{"status": "affected", "version": "N/A", "lessThan": "2.19.0", "versionType": "semver"}, {"status": "affected", "version": "N/A", "lessThan": "2.14.0", "versionType": "semver"}, {"status": "affected", "version": "N/A", "lessThan": "1.19.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "datePublic": "2024-03-18T06:30:00.000Z", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000223209/dsa-2024-105-security-update-for-dell-poweredge-server-bios-for-a-heap-based-buffer-overflow-vulnerability", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Dell PowerEdge Server BIOS contains a heap-based buffer overflow vulnerability. A local high privileged attacker could potentially exploit this vulnerability to write to otherwise unauthorized memory.", "supportingMedia": [{"type": "text/html", "value": "Dell PowerEdge Server BIOS contains a heap-based buffer overflow vulnerability. A local high privileged attacker could potentially exploit this vulnerability to write to otherwise unauthorized memory.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2024-03-19T07:42:27.785Z"}}}, "cveMetadata": {"cveId": "CVE-2024-22453", "state": "PUBLISHED", "dateUpdated": "2024-08-01T22:43:34.929Z", "dateReserved": "2024-01-10T15:26:10.251Z", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "datePublished": "2024-03-19T07:42:27.785Z", "assignerShortName": "dell"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Dell PowerEdge Server BIOS contains a heap-based buffer overflow vulnerability. A local high privileged attacker could potentially exploit this vulnerability to write to otherwise unauthorized memory."}, {"lang": "es", "value": "El BIOS del servidor Dell PowerEdge contiene una vulnerabilidad de desbordamiento de b\u00fafer de almacenamiento din\u00e1mico. Un atacante local con privilegios elevados podr\u00eda explotar esta vulnerabilidad para escribir en una memoria que de otro modo no estar\u00eda autorizada."}], "id": "CVE-2024-22453", "lastModified": "2024-03-19T13:26:46.000", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.8, "source": "security_alert@emc.com", "type": "Secondary"}]}, "published": "2024-03-19T08:15:06.480", "references": [{"source": "security_alert@emc.com", "url": "https://www.dell.com/support/kbdoc/en-us/000223209/dsa-2024-105-security-update-for-dell-poweredge-server-bios-for-a-heap-based-buffer-overflow-vulnerability"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "security_alert@emc.com", "type": "Primary"}]}

{}