Dell PowerEdge Server update for Intel CPU firmware (2024.4 IPU)
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-31068 |
| CWE-ID | CWE-20 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Dell XC Core XC760xa Hardware solutions / Firmware Dell XC Core XC660xs Hardware solutions / Firmware Dell XC Core XC760 Hardware solutions / Firmware Dell XC Core XC660 Hardware solutions / Firmware PowerEdge XE9640 Hardware solutions / Firmware PowerEdge XE8640 Hardware solutions / Firmware PowerEdge XR7620 Hardware solutions / Firmware PowerEdge XR8620t Hardware solutions / Firmware PowerEdge XR8610t Hardware solutions / Firmware PowerEdge XR5610 Hardware solutions / Firmware PowerEdge XE9680 Hardware solutions / Firmware PowerEdge R760xa Hardware solutions / Firmware PowerEdge T560 Hardware solutions / Firmware PowerEdge R760xd2 Hardware solutions / Firmware PowerEdge R760xs Hardware solutions / Firmware PowerEdge R660xs Hardware solutions / Firmware PowerEdge HS5620 Hardware solutions / Firmware PowerEdge HS5610 Hardware solutions / Firmware PowerEdge R960 Hardware solutions / Firmware PowerEdge R860 Hardware solutions / Firmware PowerEdge MX760c Hardware solutions / Firmware PowerEdge C6620 Hardware solutions / Firmware PowerEdge R760 Hardware solutions / Firmware PowerEdge R660 Hardware solutions / Firmware PowerEdge R360 Hardware solutions / Firmware PowerEdge R260 Hardware solutions / Firmware PowerEdge T360 Hardware solutions / Firmware PowerEdge T160 Hardware solutions / Firmware |
| Vendor | Dell |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Input validation error
EUVDB-ID: #VU104106
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-31068
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper Finite State Machines (FSMs) in Hardware Logic. A local administrator can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsDell XC Core XC760xa: All versions
Dell XC Core XC660xs: All versions
Dell XC Core XC760: All versions
Dell XC Core XC660: All versions
PowerEdge XE9640: All versions
PowerEdge XE8640: All versions
PowerEdge XR7620: All versions
PowerEdge XR8620t: All versions
PowerEdge XR8610t: All versions
PowerEdge XR5610: All versions
PowerEdge XE9680: All versions
PowerEdge R760xa: All versions
PowerEdge T560: All versions
PowerEdge R760xd2: All versions
PowerEdge R760xs: All versions
PowerEdge R660xs: All versions
PowerEdge HS5620: All versions
PowerEdge HS5610: All versions
PowerEdge R960: All versions
PowerEdge R860: All versions
PowerEdge MX760c: All versions
PowerEdge C6620: All versions
PowerEdge R760: All versions
PowerEdge R660: All versions
PowerEdge R360: before 1.5.3
PowerEdge R260: before 1.5.3
PowerEdge T360: before 1.5.3
PowerEdge T160: before 1.5.3
CPE2.3- cpe:2.3:h:dell:dell_xc_core_xc760xa:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:dell_xc_core_xc660xs:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:dell_xc_core_xc760:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:dell_xc_core_xc660:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xe9640:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xe8640:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xr7620:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xr8620t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xr8610t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xr5610:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xe9680:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r760xa:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_t560:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r760xd2:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r760xs:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r660xs:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_hs5620:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_hs5610:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r960:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r860:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_mx760c:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_c6620:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r760:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r660:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r360:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r260:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_t360:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_t160:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
