6.5 - CVE-2024-38304

Executive Summary

Informations
Name	CVE-2024-38304	First vendor Publication	2024-08-29
Vendor	Cve	Last vendor Modification	2024-12-20

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Overall CVSS Score	6.5
Base Score	6.5	Environmental Score	6.5
impact SubScore	4	Temporal Score	6.5
Exploitabality Sub Score	2

Attack Vector	Local	Attack Complexity	Low
Privileges Required	Low	User Interaction	None
Scope	Changed	Confidentiality Impact	High
Integrity Impact	None	Availability Impact	None
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score	N/A	Attack Range	N/A
Cvss Impact Score	N/A	Attack Complexity	N/A
Cvss Expoit Score	N/A	Authentication	N/A
Calculate full CVSS 2.0 Vectors scores

Detail

Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, contains an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38304

CPE : Common Platform Enumeration

Type	Description	Count
Os	Dell Dss 8440 Firmware cpe:2.3:o:dell:dss_8440_firmware::::::::	1
Os	Dell Emc Storage Nx3240 Firmware cpe:2.3:o:dell:emc_storage_nx3240_firmware::::::::	1
Os	Dell Emc Storage Nx3340 Firmware cpe:2.3:o:dell:emc_storage_nx3340_firmware::::::::	1
Os	Dell Emc Xc Core 6420 System Firmware cpe:2.3:o:dell:emc_xc_core_6420_system_firmware::::::::	1
Os	Dell Emc Xc Core Xc640 System Firmware cpe:2.3:o:dell:emc_xc_core_xc640_system_firmware::::::::	1
Os	Dell Emc Xc Core Xc740Xd System Firmware cpe:2.3:o:dell:emc_xc_core_xc740xd_system_firmware::::::::	1
Os	Dell Emc Xc Core Xc740Xd2 Firmware cpe:2.3:o:dell:emc_xc_core_xc740xd2_firmware::::::::	1
Os	Dell Emc Xc Core Xc940 System Firmware cpe:2.3:o:dell:emc_xc_core_xc940_system_firmware::::::::	1
Os	Dell Emc Xc Core Xcxr2 Firmware cpe:2.3:o:dell:emc_xc_core_xcxr2_firmware::::::::	1
Os	Dell Poweredge C4140 Firmware cpe:2.3:o:dell:poweredge_c4140_firmware::::::::	1
Os	Dell Poweredge C6420 Firmware cpe:2.3:o:dell:poweredge_c6420_firmware::::::::	1
Os	Dell Poweredge Fc640 Firmware cpe:2.3:o:dell:poweredge_fc640_firmware::::::::	1
Os	Dell Poweredge M640 (For Pe Vrtx) Firmware cpe:2.3:o:dell:poweredge_m640_(for_pe_vrtx)_firmware::::::::	1
Os	Dell Poweredge M640 Firmware cpe:2.3:o:dell:poweredge_m640_firmware::::::::	1
Os	Dell Poweredge Mx740C Firmware cpe:2.3:o:dell:poweredge_mx740c_firmware::::::::	1
Os	Dell Poweredge Mx840C Firmware cpe:2.3:o:dell:poweredge_mx840c_firmware::::::::	1
Os	Dell Poweredge R440 Firmware cpe:2.3:o:dell:poweredge_r440_firmware::::::::	1
Os	Dell Poweredge R540 Firmware cpe:2.3:o:dell:poweredge_r540_firmware::::::::	1
Os	Dell Poweredge R640 Firmware cpe:2.3:o:dell:poweredge_r640_firmware::::::::	1
Os	Dell Poweredge R740 Firmware cpe:2.3:o:dell:poweredge_r740_firmware::::::::	1
Os	Dell Poweredge R740Xd Firmware cpe:2.3:o:dell:poweredge_r740xd_firmware::::::::	1
Os	Dell Poweredge R740Xd2 Firmware cpe:2.3:o:dell:poweredge_r740xd2_firmware::::::::	1
Os	Dell Poweredge R840 Firmware cpe:2.3:o:dell:poweredge_r840_firmware::::::::	1
Os	Dell Poweredge R940 Firmware cpe:2.3:o:dell:poweredge_r940_firmware::::::::	1
Os	Dell Poweredge R940Xa Firmware cpe:2.3:o:dell:poweredge_r940xa_firmware::::::::	1
Os	Dell Poweredge T440 Firmware cpe:2.3:o:dell:poweredge_t440_firmware::::::::	1
Os	Dell Poweredge T640 Firmware cpe:2.3:o:dell:poweredge_t640_firmware::::::::	1
Os	Dell Poweredge Xe2420 Firmware cpe:2.3:o:dell:poweredge_xe2420_firmware::::::::	1
Os	Dell Poweredge Xe7420 Firmware cpe:2.3:o:dell:poweredge_xe7420_firmware::::::::	1
Os	Dell Poweredge Xe7440 Firmware cpe:2.3:o:dell:poweredge_xe7440_firmware::::::::	1
Os	Dell Poweredge Xr2 Firmware cpe:2.3:o:dell:poweredge_xr2_firmware::::::::	1

OpenVAS Exploits

Date	Description
2010-04-13	Name : MoinMoin Wiki Security Bypass Vulnerability File : nvt/gb_moinmoin_wiki_bypass_vuln.nasl

Nessus® Vulnerability Scanner

Date	Description
2010-04-01	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2024.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

https://www.dell.com/support/kbdoc/en-us/000228137/dsa-2024-310-security-upda...

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-12-20 17:20:38	Multiple Updates
2024-08-29 17:27:27	First insertion

Global Informations

Type	Count
CPE ID(s)	31
Sources(s)	1
Openvas Exploit(s)	1
Nessus® Exploit(s)	1

	Related
5	DSA-2024
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

6.5 - CVE-2024-38304

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CPE : Common Platform Enumeration

OpenVAS Exploits

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU