#VU95141 Permissions, Privileges, and Access Controls in PowerEdge Server BIOS and Precision Rack BIOS - CVE-2024-0172
Published: August 1, 2024
Vulnerability identifier: #VU95141
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2024-0172
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
PowerEdge Server BIOS
Precision Rack BIOS
PowerEdge Server BIOS
Precision Rack BIOS
Software vendor:
Dell
Dell
Description
The vulnerability allows a local user to gain elevated privileges.
The vulnerability exists due to this vulnerability, leading. An authenticated local user could potentially exploit this vulnerability, leading to privilege escalation.
Remediation
Install update from vendor's website.