CVE-2024-25942 — MEDIUM (4.4)

Q: How severe is CVE-2024-25942?

CVE-2024-25942 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-25942?

Check the references section above for vendor advisories and patch information. Affected products include: Dell Poweredge R730 Firmware, Dell Poweredge R730, Dell Poweredge R730Xd Firmware, Dell Poweredge R730Xd, Dell Poweredge R630 Firmware.

Vulnerability Description

Dell PowerEdge Server BIOS contains an Improper SMM communication buffer verification vulnerability. A physical high privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM.

CVSS Score

4.4

MEDIUM

CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Dell	Poweredge R730 Firmware	< 2.19.0
Dell	Poweredge R730	-
Dell	Poweredge R730Xd Firmware	< 2.19.0
Dell	Poweredge R730Xd	-
Dell	Poweredge R630 Firmware	< 2.19.0
Dell	Poweredge R630	-
Dell	Poweredge C4130 Firmware	< 2.19.0
Dell	Poweredge C4130	-
Dell	Poweredge R930 Firmware	< 2.14.0
Dell	Poweredge R930	-
Dell	Poweredge M630 Firmware	< 2.19.0
Dell	Poweredge M630	-
Dell	Poweredge M630 \(Pe Vrtx\) Firmware	< 2.19.0
Dell	Poweredge M630 \(Pe Vrtx\)	-
Dell	Poweredge Fc630 Firmware	< 2.19.0
Dell	Poweredge Fc630	-
Dell	Poweredge Fc430 Firmware	< 2.19.0
Dell	Poweredge Fc430	-
Dell	Poweredge M830 Firmware	< 2.19.0
Dell	Poweredge M830	-

Related Weaknesses (CWE)

CWE-20 CWE-787

References

https://www.dell.com/support/kbdoc/en-us/000223210/dsa-2024-104-security-update-Vendor Advisory
https://www.dell.com/support/kbdoc/en-us/000223210/dsa-2024-104-security-update-Vendor Advisory

FAQ

What is CVE-2024-25942?

CVE-2024-25942 is a vulnerability with a CVSS score of 4.4 (MEDIUM). Dell PowerEdge Server BIOS contains an Improper SMM communication buffer verification vulnerability. A physical high privileged attacker could potentially exploit this vulnerability leading to arbitra...

How severe is CVE-2024-25942?

CVE-2024-25942 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-25942?

Check the references section above for vendor advisories and patch information. Affected products include: Dell Poweredge R730 Firmware, Dell Poweredge R730, Dell Poweredge R730Xd Firmware, Dell Poweredge R730Xd, Dell Poweredge R630 Firmware.