CVE-2024-0172

{"id": "CVE-2024-0172", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.9, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.7, "exploitabilityScore": 2.5}]}, "published": "2024-04-03T10:15:08.030", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000223727/dsa-2024-035-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerability", "source": "security_alert@emc.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation."}, {"lang": "es", "value": "El BIOS del servidor Dell PowerEdge y el BIOS del rack Dell Precision contienen una vulnerabilidad de seguridad de administraci\u00f3n de privilegios inadecuada. Un atacante local no autenticado podr\u00eda explotar esta vulnerabilidad, lo que provocar\u00eda una escalada de privilegios."}], "lastModified": "2024-04-03T12:38:04.840", "sourceIdentifier": "security_alert@emc.com"}