Multiple vulnerabilities in Dell PowerEdge Server
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2024-25571 CVE-2024-37020 CVE-2024-21859 CVE-2024-31155 CVE-2024-24852 CVE-2024-36274 CVE-2024-39286 |
| CWE-ID | CWE-20 CWE-1281 CWE-119 CWE-426 CWE-787 CWE-279 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software |
Dell XC Core XC760xa Hardware solutions / Firmware Dell XC Core XC660xs Hardware solutions / Firmware Dell XC Core XC760 Hardware solutions / Firmware Dell XC Core XC660 Hardware solutions / Firmware PowerEdge XE9640 Hardware solutions / Firmware PowerEdge XE8640 Hardware solutions / Firmware PowerEdge XR7620 Hardware solutions / Firmware PowerEdge XR8620t Hardware solutions / Firmware PowerEdge XR8610t Hardware solutions / Firmware PowerEdge XR5610 Hardware solutions / Firmware PowerEdge XE9680 Hardware solutions / Firmware PowerEdge R760xa Hardware solutions / Firmware PowerEdge T560 Hardware solutions / Firmware PowerEdge R760xd2 Hardware solutions / Firmware PowerEdge R760xs Hardware solutions / Firmware PowerEdge R660xs Hardware solutions / Firmware PowerEdge HS5620 Hardware solutions / Firmware PowerEdge HS5610 Hardware solutions / Firmware PowerEdge R960 Hardware solutions / Firmware PowerEdge R860 Hardware solutions / Firmware PowerEdge MX760c Hardware solutions / Firmware PowerEdge C6620 Hardware solutions / Firmware PowerEdge R760 Hardware solutions / Firmware PowerEdge R660 Hardware solutions / Firmware Intel X710, XXV710, and XL710 Adapters Hardware solutions / Firmware Intel I350 and X550 Adapters Hardware solutions / Firmware Intel E810 Adapters and Intel E823 LOM Hardware solutions / Firmware |
| Vendor | Dell |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU103984
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-25571
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A local administrator can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website
Vulnerable software versionsDell XC Core XC760xa: All versions
Dell XC Core XC660xs: All versions
Dell XC Core XC760: All versions
Dell XC Core XC660: All versions
PowerEdge XE9640: All versions
PowerEdge XE8640: All versions
PowerEdge XR7620: All versions
PowerEdge XR8620t: All versions
PowerEdge XR8610t: All versions
PowerEdge XR5610: All versions
PowerEdge XE9680: All versions
PowerEdge R760xa: All versions
PowerEdge T560: All versions
PowerEdge R760xd2: All versions
PowerEdge R760xs: All versions
PowerEdge R660xs: All versions
PowerEdge HS5620: All versions
PowerEdge HS5610: All versions
PowerEdge R960: All versions
PowerEdge R860: All versions
PowerEdge MX760c: All versions
PowerEdge C6620: All versions
PowerEdge R760: All versions
PowerEdge R660: All versions
CPE2.3- cpe:2.3:h:dell:dell_xc_core_xc760xa:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:dell_xc_core_xc660xs:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:dell_xc_core_xc760:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:dell_xc_core_xc660:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xe9640:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xe8640:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xr7620:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xr8620t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xr8610t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xr5610:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xe9680:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r760xa:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_t560:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r760xd2:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r760xs:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r660xs:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_hs5620:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_hs5610:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r960:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r860:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_mx760c:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_c6620:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r760:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r660:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Sequence of processor instructions leads to unexpected behavior
EUVDB-ID: #VU104007
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-37020
CWE-ID:
CWE-1281 - Sequence of Processor Instructions Leads to Unexpected Behavior
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an error related to processing of Sequence of processor instructions. A local user can cause a denial of service condition on the target system.
MitigationInstall updates from vendor's website
Vulnerable software versionsDell XC Core XC760xa: All versions
Dell XC Core XC660xs: All versions
Dell XC Core XC760: All versions
Dell XC Core XC660: All versions
PowerEdge XE9640: All versions
PowerEdge XE8640: All versions
PowerEdge XR7620: All versions
PowerEdge XR8620t: All versions
PowerEdge XR8610t: All versions
PowerEdge XR5610: All versions
PowerEdge XE9680: All versions
PowerEdge R760xa: All versions
PowerEdge T560: All versions
PowerEdge R760xd2: All versions
PowerEdge R760xs: All versions
PowerEdge R660xs: All versions
PowerEdge HS5620: All versions
PowerEdge HS5610: All versions
PowerEdge R960: All versions
PowerEdge R860: All versions
PowerEdge MX760c: All versions
PowerEdge C6620: All versions
PowerEdge R760: All versions
PowerEdge R660: All versions
CPE2.3- cpe:2.3:h:dell:dell_xc_core_xc760xa:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:dell_xc_core_xc660xs:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:dell_xc_core_xc760:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:dell_xc_core_xc660:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xe9640:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xe8640:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xr7620:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xr8620t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xr8610t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xr5610:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xe9680:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r760xa:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_t560:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r760xd2:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r760xs:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r660xs:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_hs5620:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_hs5610:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r960:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r860:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_mx760c:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_c6620:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r760:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r660:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer overflow
EUVDB-ID: #VU104009
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-21859
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a boundary error in the UEFI firmware. A local administrator can trigger memory corruption and gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website
Vulnerable software versionsDell XC Core XC760xa: All versions
Dell XC Core XC660xs: All versions
Dell XC Core XC760: All versions
Dell XC Core XC660: All versions
PowerEdge XE9640: All versions
PowerEdge XE8640: All versions
PowerEdge XR7620: All versions
PowerEdge XR8620t: All versions
PowerEdge XR8610t: All versions
PowerEdge XR5610: All versions
PowerEdge XE9680: All versions
PowerEdge R760xa: All versions
PowerEdge T560: All versions
PowerEdge R760xd2: All versions
PowerEdge R760xs: All versions
PowerEdge R660xs: All versions
PowerEdge HS5620: All versions
PowerEdge HS5610: All versions
PowerEdge R960: All versions
PowerEdge R860: All versions
PowerEdge MX760c: All versions
PowerEdge C6620: All versions
PowerEdge R760: All versions
PowerEdge R660: All versions
CPE2.3- cpe:2.3:h:dell:dell_xc_core_xc760xa:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:dell_xc_core_xc660xs:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:dell_xc_core_xc760:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:dell_xc_core_xc660:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xe9640:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xe8640:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xr7620:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xr8620t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xr8610t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xr5610:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xe9680:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r760xa:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_t560:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r760xd2:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r760xs:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r660xs:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_hs5620:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_hs5610:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r960:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r860:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_mx760c:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_c6620:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r760:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r660:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Buffer overflow
EUVDB-ID: #VU104008
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-31155
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the UEFI firmware. A local administrator can trigger memory corruption and execute arbitrary code on the target system with elevated privileges.
MitigationInstall updates from vendor's website
Vulnerable software versionsDell XC Core XC760xa: All versions
Dell XC Core XC660xs: All versions
Dell XC Core XC760: All versions
Dell XC Core XC660: All versions
PowerEdge XE9640: All versions
PowerEdge XE8640: All versions
PowerEdge XR7620: All versions
PowerEdge XR8620t: All versions
PowerEdge XR8610t: All versions
PowerEdge XR5610: All versions
PowerEdge XE9680: All versions
PowerEdge R760xa: All versions
PowerEdge T560: All versions
PowerEdge R760xd2: All versions
PowerEdge R760xs: All versions
PowerEdge R660xs: All versions
PowerEdge HS5620: All versions
PowerEdge HS5610: All versions
PowerEdge R960: All versions
PowerEdge R860: All versions
PowerEdge MX760c: All versions
PowerEdge C6620: All versions
PowerEdge R760: All versions
PowerEdge R660: All versions
CPE2.3- cpe:2.3:h:dell:dell_xc_core_xc760xa:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:dell_xc_core_xc660xs:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:dell_xc_core_xc760:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:dell_xc_core_xc660:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xe9640:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xe8640:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xr7620:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xr8620t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xr8610t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xr5610:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xe9680:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r760xa:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_t560:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r760xd2:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r760xs:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r660xs:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_hs5620:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_hs5610:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r960:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r860:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_mx760c:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_c6620:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r760:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r660:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Untrusted search path
EUVDB-ID: #VU104010
Risk: Low
CVSSv4.0: 2 [CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-24852
CWE-ID:
CWE-426 - Untrusted Search Path
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to usage of an untrusted search path. A local user can execute arbitrary code with escalated privileges.
MitigationInstall updates from vendor's website
Vulnerable software versionsIntel X710, XXV710, and XL710 Adapters: before 23.0.0
Intel I350 and X550 Adapters: before 23.0.0
Intel E810 Adapters and Intel E823 LOM: before 23.0.0
CPE2.3- cpe:2.3:h:dell:intel_x710_xxv710_and_xl710_adapters:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:intel_i350_and_x550_adapters:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:intel_e810_adapters_and_intel_e823_lom:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds write
EUVDB-ID: #VU104011
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-36274
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in the Intel 800 Series Ethernet Driver. A remote attacker on the local network can trigger an out-of-bounds write and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website
Vulnerable software versionsIntel X710, XXV710, and XL710 Adapters: before 23.0.0
Intel I350 and X550 Adapters: before 23.0.0
Intel E810 Adapters and Intel E823 LOM: before 23.0.0
CPE2.3- cpe:2.3:h:dell:intel_x710_xxv710_and_xl710_adapters:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:intel_i350_and_x550_adapters:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:intel_e810_adapters_and_intel_e823_lom:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Incorrect Execution-Assigned Permissions
EUVDB-ID: #VU104004
Risk: Low
CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-39286
CWE-ID:
CWE-279 - Incorrect Execution-Assigned Permissions
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to incorrect execution-assigned permissions. A local user can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website
Vulnerable software versionsIntel E810 Adapters and Intel E823 LOM: All versions
CPE2.3 External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
