Information disclosure in Dell PowerEdge Server BIOS
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-38303 |
| CWE-ID | CWE-20 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
PowerEdge R740 Hardware solutions / Firmware PowerEdge R740XD Hardware solutions / Firmware PowerEdge R640 Hardware solutions / Firmware PowerEdge R940 Hardware solutions / Firmware PowerEdge R540 Hardware solutions / Firmware PowerEdge R440 Hardware solutions / Firmware PowerEdge T440 Hardware solutions / Firmware PowerEdge XR2 Hardware solutions / Firmware PowerEdge R740XD2 Hardware solutions / Firmware PowerEdge R840 Hardware solutions / Firmware PowerEdge R940XA Hardware solutions / Firmware PowerEdge T640 Hardware solutions / Firmware PowerEdge C6420 Hardware solutions / Firmware PowerEdge FC640 Hardware solutions / Firmware PowerEdge M640 Hardware solutions / Firmware PowerEdge M640 (for PE VRTX) Hardware solutions / Firmware PowerEdge MX740C Hardware solutions / Firmware PowerEdge MX840C Hardware solutions / Firmware PowerEdge C4140 Hardware solutions / Firmware DSS 8440 Hardware solutions / Firmware PowerEdge XE2420 Hardware solutions / Firmware PowerEdge XE7420 Hardware solutions / Firmware PowerEdge XE7440 Hardware solutions / Firmware Dell EMC Storage NX3240 Hardware solutions / Firmware Dell EMC Storage NX3340 Hardware solutions / Firmware Dell EMC XC Core 6420 System Hardware solutions / Firmware Dell EMC XC Core XC640 System Hardware solutions / Firmware Dell EMC XC Core XC740xd System Hardware solutions / Firmware Dell EMC XC Core XC740xd2 Hardware solutions / Firmware Dell EMC XC Core XC940 System Hardware solutions / Firmware Dell EMC XC Core XCXR2 Hardware solutions / Firmware |
| Vendor | Dell |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Input validation error
EUVDB-ID: #VU96638
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38303
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input. A local user can gain access to sensitive information.
Install updates from vendor's website.
Vulnerable software versionsPowerEdge R740: before 2.22.1
PowerEdge R740XD: before 2.22.1
PowerEdge R640: before 2.22.1
PowerEdge R940: before 2.22.1
PowerEdge R540: before 2.22.0
PowerEdge R440: before 2.22.0
PowerEdge T440: before 2.22.0
PowerEdge XR2: before 2.22.0
PowerEdge R740XD2: before 2.22.0
PowerEdge R840: before 2.22.0
PowerEdge R940XA: before 2.22.0
PowerEdge T640: before 2.22.0
PowerEdge C6420: before 2.22.0
PowerEdge FC640: before 2.22.0
PowerEdge M640: before 2.22.0
PowerEdge M640 (for PE VRTX): before 2.22.0
PowerEdge MX740C: before 2.22.0
PowerEdge MX840C: before 2.22.0
PowerEdge C4140: before 2.22.0
DSS 8440: before 2.22.0
PowerEdge XE2420: before 2.22.0
PowerEdge XE7420: before 2.22.0
PowerEdge XE7440: before 2.22.0
Dell EMC Storage NX3240: before 2.22.1
Dell EMC Storage NX3340: before 2.22.1
Dell EMC XC Core 6420 System: before 2.22.0
Dell EMC XC Core XC640 System: before 2.22.1
Dell EMC XC Core XC740xd System: before 2.22.1
Dell EMC XC Core XC740xd2: before 2.22.0
Dell EMC XC Core XC940 System: before 2.22.1
Dell EMC XC Core XCXR2: before 2.22.0
CPE2.3- cpe:2.3:h:dell:poweredge_r740:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r740xd:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r640:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r940:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r540:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r440:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_t440:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xr2:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r740xd2:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r840:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r940xa:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_t640:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_c6420:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_fc640:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_m640:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_m640_for_pe_vrtx:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_mx740c:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_mx840c:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_c4140:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:dss_8440:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xe2420:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xe7420:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xe7440:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:dell_emc_storage_nx3240:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:dell_emc_storage_nx3340:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:dell_emc_xc_core_6420_system:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:dell_emc_xc_core_xc640_system:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:dell_emc_xc_core_xc740xd_system:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:dell_emc_xc_core_xc740xd2:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:dell_emc_xc_core_xc940_system:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:dell_emc_xc_core_xcxr2:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
