CVE-2024-25942 MEDIUM

CVE-2024-25942

Vendor Dell

Product PowerEdge Platform

Weakness CWE-20 · Input validation

Published March 19, 2024

Last update August 12, 2024

View on NVD All CVEs

CVSS base score

4.4/10

Attack vector Physical

Attack complexity High

Privileges required High

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Dell PowerEdge Server BIOS contains an Improper SMM communication buffer verification vulnerability. A physical high privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM.

Key dates

02Disclosure timeline

March 19, 2024 CVE published

August 12, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-25942 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html

Related vulnerabilities

Identifiers

CVE CVE-2024-25942

CWE CWE-20

CVSS 4.4 / MEDIUM

Affected versions

Vendor Dell

Product PowerEdge Platform

Affected ≥ N/A and < 2.19.0

Vendor Dell

Product PowerEdge Platform

Affected ≥ N/A and < 2.14.0

Vendor Dell

Product PowerEdge Platform

Affected ≥ N/A and < 1.19.0

CVE-2024-25942

01Description

02Disclosure timeline

03References

04Related CVE