CVE-2024-22453

Dell PowerEdge Server BIOS contains a heap-based buffer overflow vulnerability. A local high privileged attacker could potentially exploit this vulnerability to write to otherwise unauthorized memory.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 5.8

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000223209/dsa-2024-105-security-update-for-dell-poweredge-server-bios-for-a-heap-based-buffer-overflow-vulnerability	Vendor Advisory
https://www.dell.com/support/kbdoc/en-us/000223209/dsa-2024-105-security-update-for-dell-poweredge-server-bios-for-a-heap-based-buffer-overflow-vulnerability	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dell:poweredge_r730_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_r730:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:dell:poweredge_r730xd_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_r730xd:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:dell:poweredge_r630_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_r630:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:dell:poweredge_c4130_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_c4130:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:dell:poweredge_r930_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_r930:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:dell:poweredge_m630_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_m630:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:dell:poweredge_m630_\(pe_vrtx\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_m630_\(pe_vrtx\):-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:dell:poweredge_fc630_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_fc630:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:dell:poweredge_fc430_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_fc430:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:dell:poweredge_m830_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_m830:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:dell:poweredge_m830_\(pe_vrtx\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_m830_\(pe_vrtx\):-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:dell:poweredge_fc830_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_fc830:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:dell:poweredge_t630_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_t630:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:dell:poweredge_r530_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_r530:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:dell:poweredge_r430_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_r430:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:dell:poweredge_t430_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_t430:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:dell:poweredge_r830_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_r830:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:dell:poweredge_c6320_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_c6320:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:dell:nx3230_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:nx3230:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:dell:nx3330_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:nx3330:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:dell:xc6320_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:xc6320:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:dell:xc430_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:xc430:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:dell:xc630_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:xc630:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:dell:xc730_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:xc730:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:dell:xc730xd_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:xc730xd:-:*:*:*:*:*:*:*

History

04 Feb 2025, 17:31

Type	Values Removed	Values Added
First Time		Dell poweredge M830 Firmware Dell poweredge M630 Dell poweredge R730xd Firmware Dell poweredge R730 Dell poweredge Fc630 Dell poweredge R930 Dell poweredge Fc430 Firmware Dell nx3330 Dell xc730xd Dell Dell poweredge Fc830 Dell poweredge M830 \(pe Vrtx\) Firmware Dell poweredge T430 Firmware Dell xc730 Dell poweredge R930 Firmware Dell poweredge T630 Dell xc6320 Firmware Dell poweredge M630 \(pe Vrtx\) Firmware Dell poweredge R830 Firmware Dell poweredge C6320 Dell nx3330 Firmware Dell poweredge R730xd Dell poweredge R530 Dell xc430 Dell xc730xd Firmware Dell poweredge Fc430 Dell xc730 Firmware Dell poweredge R730 Firmware Dell nx3230 Dell xc430 Firmware Dell poweredge R430 Dell poweredge M630 Firmware Dell poweredge M830 \(pe Vrtx\) Dell poweredge C4130 Dell nx3230 Firmware Dell poweredge R830 Dell poweredge R430 Firmware Dell poweredge R530 Firmware Dell xc630 Dell poweredge C6320 Firmware Dell poweredge R630 Firmware Dell poweredge M830 Dell xc6320 Dell poweredge Fc830 Firmware Dell poweredge C4130 Firmware Dell poweredge Fc630 Firmware Dell poweredge R630 Dell xc630 Firmware Dell poweredge M630 \(pe Vrtx\) Dell poweredge T430 Dell poweredge T630 Firmware
CWE		CWE-787
References	~~() https://www.dell.com/support/kbdoc/en-us/000223209/dsa-2024-105-security-update-for-dell-poweredge-server-bios-for-a-heap-based-buffer-overflow-vulnerability -~~	() https://www.dell.com/support/kbdoc/en-us/000223209/dsa-2024-105-security-update-for-dell-poweredge-server-bios-for-a-heap-based-buffer-overflow-vulnerability - Vendor Advisory
CPE		cpe:2.3:o:dell:poweredge_r530_firmware:::::::: cpe:2.3:o:dell:xc730xd_firmware:::::::: cpe:2.3:h:dell:poweredge_r930:-:::::::* cpe:2.3:h:dell:poweredge_r730xd:-:::::::* cpe:2.3:h:dell:xc730:-:::::::* cpe:2.3:h:dell:poweredge_m630_\(pe_vrtx\):-:::::::* cpe:2.3:o:dell:xc430_firmware:::::::: cpe:2.3:o:dell:xc730_firmware:::::::: cpe:2.3:o:dell:poweredge_m630_\(pe_vrtx\)_firmware:::::::: cpe:2.3:h:dell:poweredge_r430:-:::::::* cpe:2.3:h:dell:xc630:-:::::::* cpe:2.3:o:dell:poweredge_r730xd_firmware:::::::: cpe:2.3:o:dell:poweredge_r630_firmware:::::::: cpe:2.3:o:dell:poweredge_r730_firmware:::::::: cpe:2.3:o:dell:poweredge_m630_firmware:::::::: cpe:2.3:h:dell:poweredge_c6320:-:::::::* cpe:2.3:h:dell:poweredge_r830:-:::::::* cpe:2.3:o:dell:poweredge_fc830_firmware:::::::: cpe:2.3:o:dell:poweredge_c6320_firmware:::::::: cpe:2.3:o:dell:poweredge_m830_\(pe_vrtx\)_firmware:::::::: cpe:2.3:o:dell:xc630_firmware:::::::: cpe:2.3:o:dell:poweredge_fc430_firmware:::::::: cpe:2.3:o:dell:poweredge_r430_firmware:::::::: cpe:2.3:h:dell:poweredge_r530:-:::::::* cpe:2.3:o:dell:nx3230_firmware:::::::: cpe:2.3:h:dell:xc6320:-:::::::* cpe:2.3:h:dell:poweredge_fc830:-:::::::* cpe:2.3:h:dell:poweredge_fc430:-:::::::* cpe:2.3:h:dell:xc730xd:-:::::::* cpe:2.3:h:dell:poweredge_fc630:-:::::::* cpe:2.3:o:dell:poweredge_t630_firmware:::::::: cpe:2.3:o:dell:nx3330_firmware:::::::: cpe:2.3:h:dell:poweredge_m830_\(pe_vrtx\):-:::::::* cpe:2.3:o:dell:poweredge_r930_firmware:::::::: cpe:2.3:o:dell:poweredge_c4130_firmware:::::::: cpe:2.3:h:dell:poweredge_r630:-:::::::* cpe:2.3:h:dell:poweredge_t630:-:::::::* cpe:2.3:o:dell:xc6320_firmware:::::::: cpe:2.3:o:dell:poweredge_m830_firmware:::::::: cpe:2.3:o:dell:poweredge_t430_firmware:::::::: cpe:2.3:o:dell:poweredge_fc630_firmware:::::::: cpe:2.3:o:dell:poweredge_r830_firmware:::::::: cpe:2.3:h:dell:poweredge_m830:-:::::::* cpe:2.3:h:dell:xc430:-:::::::* cpe:2.3:h:dell:poweredge_t430:-:::::::* cpe:2.3:h:dell:poweredge_c4130:-:::::::* cpe:2.3:h:dell:poweredge_r730:-:::::::* cpe:2.3:h:dell:nx3330:-:::::::* cpe:2.3:h:dell:nx3230:-:::::::* cpe:2.3:h:dell:poweredge_m630:-:::::::*

21 Nov 2024, 08:56

Type	Values Removed	Values Added
References	~~() https://www.dell.com/support/kbdoc/en-us/000223209/dsa-2024-105-security-update-for-dell-poweredge-server-bios-for-a-heap-based-buffer-overflow-vulnerability -~~	() https://www.dell.com/support/kbdoc/en-us/000223209/dsa-2024-105-security-update-for-dell-poweredge-server-bios-for-a-heap-based-buffer-overflow-vulnerability -

19 Mar 2024, 13:26

Type	Values Removed	Values Added
Summary		(es) El BIOS del servidor Dell PowerEdge contiene una vulnerabilidad de desbordamiento de búfer de almacenamiento dinámico. Un atacante local con privilegios elevados podría explotar esta vulnerabilidad para escribir en una memoria que de otro modo no estaría autorizada.

19 Mar 2024, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-19 08:15

Updated : 2025-02-04 17:31

NVD link : CVE-2024-22453

Mitre link : CVE-2024-22453

CVE.ORG link : CVE-2024-22453

JSON object : View

Products Affected

dell

poweredge_r830_firmware
poweredge_r730xd
poweredge_r630
poweredge_m630_firmware
poweredge_fc430_firmware
poweredge_t630
poweredge_r630_firmware
poweredge_c6320_firmware
poweredge_c6320
nx3330
poweredge_m630_\(pe_vrtx\)_firmware
xc730_firmware
nx3230
poweredge_r530_firmware
xc730xd
nx3330_firmware
poweredge_t430_firmware
poweredge_r730xd_firmware
poweredge_m830
xc430_firmware
poweredge_fc630
poweredge_r930
poweredge_r730_firmware
xc630
poweredge_r430_firmware
poweredge_r930_firmware
poweredge_m630
poweredge_fc830
poweredge_r530
poweredge_r730
poweredge_m830_firmware
xc430
xc630_firmware
poweredge_t430
poweredge_fc830_firmware
xc6320_firmware
poweredge_m830_\(pe_vrtx\)_firmware
poweredge_m630_\(pe_vrtx\)
poweredge_fc630_firmware
nx3230_firmware
xc730xd_firmware
xc730
poweredge_r430
xc6320
poweredge_c4130
poweredge_t630_firmware
poweredge_r830
poweredge_fc430
poweredge_m830_\(pe_vrtx\)
poweredge_c4130_firmware

CWE

CWE-122

Heap-based Buffer Overflow

CWE-787

Out-of-bounds Write

7.2 /10