Severity
Medium
Analysis Summary
CVE-2024-22453 CVSS:7.2
Dell PowerEdge is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the BIOS. By sending a specially crafted request, a local authenticated attacker could overflow a buffer and execute arbitrary code on the system.
CVE-2024-25942 CVSS:4.4
Dell PowerEdge could allow a physical authenticated attacker to bypass security restrictions, caused by improper SMM communication buffer verification in BIOS. By sending a specially crafted request, an attacker could exploit this vulnerability to perform arbitrary writes to SMRAM.
Impact
- Buffer Overflow
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2024-22453
- CVE-2023-25942
Affected Vendors
Dell
Affected Products
- Dell PowerEdge R730
- Dell PowerEdge R730xd
- Dell PowerEdge R630
- Dell PowerEdge R930
- Dell PowerEdge M630
- Dell PowerEdge FC630
Remediation
Refer to Dell Security Advisory for patch, upgrade, or suggested workaround information.