Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-0172

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.

Security Impact Summary

This vulnerability carries a HIGH severity rating with a CVSS v3.1 score of 7.9, requiring local system access to exploit with relatively low complexity without requiring user interaction and does not require pre-existing privileges . The vulnerability impacts integrity (unauthorized modifications), and limited availability for affected systems. Impacting 186 products from dell, from dell, from dell and 183 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2024, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2024-04-03T10:15:08.030

Last Modified

2025-02-04T17:34:14.117

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.9 (HIGH)

Weaknesses

Type: Secondary
CWE-269
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	dell	poweredge_r660_firmware	< 1.5.6	Yes
Hardware	dell	poweredge_r660	-	No
Operating System	dell	poweredge_r760_firmware	< 1.5.6	Yes
Hardware	dell	poweredge_r760	-	No
Operating System	dell	poweredge_c6620_firmware	< 1.5.6	Yes
Hardware	dell	poweredge_c6620	-	No
Operating System	dell	poweredge_mx760c_firmware	< 1.5.6	Yes
Hardware	dell	poweredge_mx760c	-	No
Operating System	dell	poweredge_r860_firmware	< 1.5.6	Yes
Hardware	dell	poweredge_r860	-	No
Operating System	dell	poweredge_r960_firmware	< 1.5.6	Yes
Hardware	dell	poweredge_r960	-	No
Operating System	dell	poweredge_hs5610_firmware	< 1.5.6	Yes
Hardware	dell	poweredge_hs5610	-	No
Operating System	dell	poweredge_hs5620_firmware	< 1.5.6	Yes
Hardware	dell	poweredge_hs5620	-	No
Operating System	dell	poweredge_r660xs_firmware	< 1.5.6	Yes
Hardware	dell	poweredge_r660xs	-	No
Operating System	dell	poweredge_r760xs_firmware	< 1.5.6	Yes
Hardware	dell	poweredge_r760xs	-	No
Operating System	dell	poweredge_r760xd2_firmware	< 1.5.6	Yes
Hardware	dell	poweredge_r760xd2	-	No
Operating System	dell	poweredge_t560_firmware	< 1.5.6	Yes
Hardware	dell	poweredge_t560	-	No
Operating System	dell	poweredge_r760xa_firmware	< 1.1.3	Yes
Hardware	dell	poweredge_r760xa	-	No
Operating System	dell	poweredge_xe9680_firmware	< 1.1.3	Yes
Hardware	dell	poweredge_xe9680	-	No
Operating System	dell	poweredge_xr5610_firmware	< 1.1.4	Yes
Hardware	dell	poweredge_xr5610	-	No
Operating System	dell	poweredge_xr8610t_firmware	< 1.1.3	Yes
Hardware	dell	poweredge_xr8610t	-	No
Operating System	dell	poweredge_xr8620t_firmware	< 1.1.3	Yes
Hardware	dell	poweredge_xr8620t	-	No
Operating System	dell	poweredge_xr7620_firmware	< 1.5.6	Yes
Hardware	dell	poweredge_xr7620	-	No
Operating System	dell	poweredge_xe8640_firmware	< 1.2.5	Yes
Hardware	dell	poweredge_xe8640	-	No
Operating System	dell	poweredge_xe9640_firmware	< 1.3.6	Yes
Hardware	dell	poweredge_xe9640	-	No
Operating System	dell	poweredge_r6615_firmware	< 1.4.6	Yes
Hardware	dell	poweredge_r6615	-	No
Operating System	dell	poweredge_r7615_firmware	< 1.4.6	Yes
Hardware	dell	poweredge_r7615	-	No
Operating System	dell	poweredge_r6625_firmware	< 1.4.6	Yes
Hardware	dell	poweredge_r6625	-	No
Operating System	dell	poweredge_r7625_firmware	< 1.4.6	Yes
Hardware	dell	poweredge_r7625	-	No
Operating System	dell	poweredge_r650_firmware	< 1.11.2	Yes
Hardware	dell	poweredge_r650	-	No
Operating System	dell	poweredge_r750_firmware	< 1.11.2	Yes
Hardware	dell	poweredge_r750	-	No
Operating System	dell	poweredge_r750xa_firmware	< 1.11.2	Yes
Hardware	dell	poweredge_r750xa	-	No
Operating System	dell	poweredge_c6520_firmware	< 1.11.2	Yes
Hardware	dell	poweredge_c6520	-	No
Operating System	dell	poweredge_mx750c_firmware	< 1.11.2	Yes
Hardware	dell	poweredge_mx750c	-	No
Operating System	dell	poweredge_r550_firmware	< 1.11.2	Yes
Hardware	dell	poweredge_r550	-	No
Operating System	dell	poweredge_r450_firmware	< 1.11.2	Yes
Hardware	dell	poweredge_r450	-	No
Operating System	dell	poweredge_r650xs_firmware	< 1.11.2	Yes
Hardware	dell	poweredge_r650xs	-	No
Operating System	dell	poweredge_r750xs_firmware	< 1.11.2	Yes
Hardware	dell	poweredge_r750xs	-	No
Operating System	dell	poweredge_t550_firmware	< 1.11.2	Yes
Hardware	dell	poweredge_t550	-	No
Operating System	dell	poweredge_xr11_firmware	< 1.11.2	Yes
Hardware	dell	poweredge_xr11	-	No
Operating System	dell	poweredge_xr12_firmware	< 1.11.2	Yes
Hardware	dell	poweredge_xr12	-	No
Operating System	dell	poweredge_t150_firmware	< 1.7.3	Yes
Hardware	dell	poweredge_t150	-	No
Operating System	dell	poweredge_t350_firmware	< 1.7.3	Yes
Hardware	dell	poweredge_t350	-	No
Operating System	dell	poweredge_r250_firmware	< 1.7.3	Yes
Hardware	dell	poweredge_r250	-	No
Operating System	dell	poweredge_r350_firmware	< 1.7.3	Yes
Hardware	dell	poweredge_r350	-	No
Operating System	dell	poweredge_xr4510c_firmware	< 1.12.1	Yes
Hardware	dell	poweredge_xr4510c	-	No
Operating System	dell	poweredge_xr4520c_firmware	< 1.12.1	Yes
Hardware	dell	poweredge_xr4520c	-	No
Operating System	dell	poweredge_r6515_firmware	< 2.12.4	Yes
Hardware	dell	poweredge_r6515	-	No
Operating System	dell	poweredge_r6525_firmware	< 2.12.4	Yes
Hardware	dell	poweredge_r6525	-	No
Operating System	dell	poweredge_r7515_firmware	< 2.12.4	Yes
Hardware	dell	poweredge_r7515	-	No
Operating System	dell	poweredge_r7525_firmware	< 2.12.4	Yes
Hardware	dell	poweredge_r7525	-	No
Operating System	dell	poweredge_c6525_firmware	< 2.12.4	Yes
Hardware	dell	poweredge_c6525	-	No
Operating System	dell	poweredge_xe8545_firmware	< 2.12.4	Yes
Hardware	dell	poweredge_xe8545	-	No
Operating System	dell	poweredge_r740_firmware	< 2.19.1	Yes
Hardware	dell	poweredge_r740	-	No
Operating System	dell	poweredge_r740xd_firmware	< 2.19.1	Yes
Hardware	dell	poweredge_r740xd	-	No
Operating System	dell	poweredge_r640_firmware	< 2.19.1	Yes
Hardware	dell	poweredge_r640	-	No
Operating System	dell	poweredge_r940_firmware	< 2.19.1	Yes
Hardware	dell	poweredge_r940	-	No
Operating System	dell	poweredge_r540_firmware	< 2.19.1	Yes
Hardware	dell	poweredge_r540	-	No
Operating System	dell	poweredge_r440_firmware	< 2.19.1	Yes
Hardware	dell	poweredge_r440	-	No
Operating System	dell	poweredge_t440_firmware	< 2.19.1	Yes
Hardware	dell	poweredge_t440	-	No
Operating System	dell	poweredge_xr2_firmware	< 2.19.1	Yes
Hardware	dell	poweredge_xr2	-	No
Operating System	dell	poweredge_r740xd2_firmware	< 2.19.1	Yes
Hardware	dell	poweredge_r740xd2	-	No
Operating System	dell	poweredge_r840_firmware	< 2.19.1	Yes
Hardware	dell	poweredge_r840	-	No
Operating System	dell	poweredge_r940xa_firmware	< 2.19.1	Yes
Hardware	dell	poweredge_r940xa	-	No
Operating System	dell	poweredge_t640_firmware	< 2.19.1	Yes
Hardware	dell	poweredge_t640	-	No
Operating System	dell	poweredge_c6420_firmware	< 2.19.1	Yes
Hardware	dell	poweredge_c6420	-	No
Operating System	dell	poweredge_fc640_firmware	< 2.19.1	Yes
Hardware	dell	poweredge_fc640	-	No
Operating System	dell	poweredge_m640_firmware	< 2.19.1	Yes
Hardware	dell	poweredge_m640	-	No
Operating System	dell	poweredge_m640_\(pe_vrtx\)_firmware	< 2.19.1	Yes
Hardware	dell	poweredge_m640_\(pe_vrtx\)	-	No
Operating System	dell	poweredge_mx740c_firmware	< 2.19.1	Yes
Hardware	dell	poweredge_mx740c	-	No
Operating System	dell	poweredge_mx840c_firmware	< 2.19.1	Yes
Hardware	dell	poweredge_mx840c	-	No
Operating System	dell	poweredge_c4140_firmware	< 2.19.1	Yes
Hardware	dell	poweredge_c4140	-	No
Operating System	dell	dss_8440_firmware	< 2.19.0	Yes
Hardware	dell	dss_8440	-	No
Operating System	dell	poweredge_xe2420_firmware	< 2.19.0	Yes
Hardware	dell	poweredge_xe2420	-	No
Operating System	dell	poweredge_xe7420_firmware	< 2.19.0	Yes
Hardware	dell	poweredge_xe7420	-	No
Operating System	dell	poweredge_xe7440_firmware	< 2.19.0	Yes
Hardware	dell	poweredge_xe7440	-	No
Operating System	dell	poweredge_t140_firmware	< 2.14.1	Yes
Hardware	dell	poweredge_t140	-	No
Operating System	dell	poweredge_t340_firmware	< 2.14.1	Yes
Hardware	dell	poweredge_t340	-	No
Operating System	dell	poweredge_r240_firmware	< 2.14.1	Yes
Hardware	dell	poweredge_r240	-	No
Operating System	dell	poweredge_r340_firmware	< 2.14.1	Yes
Hardware	dell	poweredge_r340	-	No
Operating System	dell	poweredge_r6415_firmware	< 1.20.0	Yes
Hardware	dell	poweredge_r6415	-	No
Operating System	dell	poweredge_r7415_firmware	< 1.20.0	Yes
Hardware	dell	poweredge_r7415	-	No
Operating System	dell	poweredge_r7425_firmware	< 1.20.0	Yes
Hardware	dell	poweredge_r7425	-	No
Operating System	dell	emc_storage_nx3240_firmware	< 2.19.1	Yes
Hardware	dell	emc_storage_nx3240	-	No
Operating System	dell	emc_storage_nx3340_firmware	< 2.19.1	Yes
Hardware	dell	emc_storage_nx3340	-	No
Operating System	dell	nx440_firmware	< 2.14.1	Yes
Hardware	dell	nx440	-	No
Operating System	dell	emc_xc_core_xc450_firmware	< 1.11.2	Yes
Hardware	dell	emc_xc_core_xc450	-	No
Operating System	dell	emc_xc_core_xc650_firmware	< 1.11.2	Yes
Hardware	dell	emc_xc_core_xc650	-	No
Operating System	dell	emc_xc_core_xc750_firmware	< 1.11.2	Yes
Hardware	dell	emc_xc_core_xc750	-	No
Operating System	dell	emc_xc_core_xc750xa_firmware	< 1.11.2	Yes
Hardware	dell	emc_xc_core_xc750xa	-	No
Operating System	dell	emc_xc_core_xc6520_firmware	< 1.11.2	Yes
Hardware	dell	emc_xc_core_xc6520	-	No
Operating System	dell	emc_xc_core_6420_system_firmware	< 2.19.1	Yes
Hardware	dell	emc_xc_core_6420_system	-	No
Operating System	dell	emc_xc_core_xc640_system_firmware	< 2.19.1	Yes
Hardware	dell	emc_xc_core_xc640_system	-	No
Operating System	dell	emc_xc_core_xc740xd_system_firmware	< 2.19.1	Yes
Hardware	dell	emc_xc_core_xc740xd_system	-	No
Operating System	dell	emc_xc_core_xc740xd2_firmware	< 2.19.1	Yes
Hardware	dell	emc_xc_core_xc740xd2	-	No
Operating System	dell	emc_xc_core_xc940_system_firmware	< 2.19.1	Yes
Hardware	dell	emc_xc_core_xc940_system	-	No
Operating System	dell	emc_xc_core_xcxr2_firmware	< 2.19.1	Yes
Hardware	dell	emc_xc_core_xcxr2	-	No
Operating System	dell	emc_xc_core_xc7525_firmware	< 2.12.4	Yes
Hardware	dell	emc_xc_core_xc7525	-	No

References

https://www.dell.com/support/kbdoc/en-us/000223727/dsa-2024-035-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerability Vendor Advisory ([email protected])
https://www.dell.com/support/kbdoc/en-us/000223727/dsa-2024-035-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerability Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For dell's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.