April 14, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – Multiple Microsoft Products Vulnerabilities
March 20, 2024Rewterz Threat Update – Middle East and Africa Targeted in Wave of Cyberattacks Due to Surge in Ransomware-as-a-Service Model
March 20, 2024Rewterz Threat Advisory – Multiple Microsoft Products Vulnerabilities
March 20, 2024Rewterz Threat Update – Middle East and Africa Targeted in Wave of Cyberattacks Due to Surge in Ransomware-as-a-Service Model
March 20, 2024
Severity
Low
Analysis Summary
CVE-2024-0173 CVSS:3.8
Dell PowerEdge and Precision Rack could allow a local authenticated attacker to obtain sensitive information, caused by an improper parameter initialization flaw in the BIOS. By sending a specially crafted request, an attacker could exploit this vulnerability to read the contents of non-SMM stack memory, and use this information to launch further attacks against the affected system.
CVE-2024-0154 CVSS:3.8
Dell PowerEdge and Precision Rack could allow a local authenticated attacker to obtain sensitive information, caused by an improper parameter initialization flaw in the BIOS. By sending a specially crafted request, an attacker could exploit this vulnerability to read the contents of non-SMM stack memory, and use this information to launch further attacks against the affected system.
Impact
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2024-0173
- CVE-2024-0154
Affected Vendors
Dell
Affected Products
- Dell PowerEdge R660
- Dell PowerEdge R760
- Dell PowerEdge C6620
- Dell PowerEdge MX760c
- Dell PowerEdge R860
- Dell PowerEdge R960
Remediation
Refer to Dell Security Advisory for patch, upgrade, or suggested workaround information.
