CVE & CISA-KEV Catalog

CVE-2024-0163

MEDIUM
5.3
CVSS v3
NVD

Description

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain a TOCTOU race condition vulnerability. A local low privileged attacker could potentially exploit this vulnerability to gain access to otherwise unauthorized resources.

How to fix

Remediation Available
emc xc core xc450 firmwareNVD
Affected:< 1.13.2Fixed in:1.13.2CVE-2024-0163derived from NVD
emc xc core xc650 firmwareNVD
Affected:< 1.13.2Fixed in:1.13.2CVE-2024-0163derived from NVD
emc xc core xc6520 firmwareNVD
Affected:< 1.13.2Fixed in:1.13.2CVE-2024-0163derived from NVD
emc xc core xc750 firmwareNVD
Affected:< 1.13.2Fixed in:1.13.2CVE-2024-0163derived from NVD
emc xc core xc750xa firmwareNVD
Affected:< 1.13.2Fixed in:1.13.2CVE-2024-0163derived from NVD
emc xc core xc7525 firmwareNVD
Affected:< 2.14.1Fixed in:2.14.1CVE-2024-0163derived from NVD
poweredge c6520 firmwareNVD
Affected:< 1.13.2Fixed in:1.13.2CVE-2024-0163derived from NVD
poweredge c6525 firmwareNVD
Affected:< 2.14.1Fixed in:2.14.1CVE-2024-0163derived from NVD
poweredge c6615 firmwareNVD
Affected:< 1.2.3Fixed in:1.2.3CVE-2024-0163derived from NVD
poweredge c6620 firmwareNVD
Affected:< 2.0.0Fixed in:2.0.0CVE-2024-0163derived from NVD
poweredge hs5610 firmwareNVD
Affected:< 2.0.0Fixed in:2.0.0CVE-2024-0163derived from NVD
poweredge hs5620 firmwareNVD
Affected:< 2.0.0Fixed in:2.0.0CVE-2024-0163derived from NVD
poweredge mx750c firmwareNVD
Affected:< 1.13.2Fixed in:1.13.2CVE-2024-0163derived from NVD
poweredge mx760c firmwareNVD
Affected:< 2.0.0Fixed in:2.0.0CVE-2024-0163derived from NVD
poweredge r250 firmwareNVD
Affected:< 1.9.1Fixed in:1.9.1CVE-2024-0163derived from NVD
poweredge r350 firmwareNVD
Affected:< 1.9.1Fixed in:1.9.1CVE-2024-0163derived from NVD
poweredge r450 firmwareNVD
Affected:< 1.13.2Fixed in:1.13.2CVE-2024-0163derived from NVD
poweredge r550 firmwareNVD
Affected:< 1.13.2Fixed in:1.13.2CVE-2024-0163derived from NVD
poweredge r650 firmwareNVD
Affected:< 1.13.2Fixed in:1.13.2CVE-2024-0163derived from NVD
poweredge r650xs firmwareNVD
Affected:< 1.13.2Fixed in:1.13.2CVE-2024-0163derived from NVD
poweredge r6515 firmwareNVD
Affected:< 2.14.1Fixed in:2.14.1CVE-2024-0163derived from NVD
poweredge r6525 firmwareNVD
Affected:< 2.14.1Fixed in:2.14.1CVE-2024-0163derived from NVD
poweredge r660 firmwareNVD
Affected:< 2.0.0Fixed in:2.0.0CVE-2024-0163derived from NVD
poweredge r660xs firmwareNVD
Affected:< 2.0.0Fixed in:2.0.0CVE-2024-0163derived from NVD
poweredge r6615 firmwareNVD
Affected:< 1.7.2Fixed in:1.7.2CVE-2024-0163derived from NVD
poweredge r6625 firmwareNVD
Affected:< 1.7.2Fixed in:1.7.2CVE-2024-0163derived from NVD
poweredge r750 firmwareNVD
Affected:< 1.13.2Fixed in:1.13.2CVE-2024-0163derived from NVD
poweredge r750xa firmwareNVD
Affected:< 1.13.2Fixed in:1.13.2CVE-2024-0163derived from NVD
poweredge r750xs firmwareNVD
Affected:< 1.13.2Fixed in:1.13.2CVE-2024-0163derived from NVD
poweredge r7515 firmwareNVD
Affected:< 2.14.1Fixed in:2.14.1CVE-2024-0163derived from NVD
poweredge r7525 firmwareNVD
Affected:< 2.14.1Fixed in:2.14.1CVE-2024-0163derived from NVD
poweredge r760 firmwareNVD
Affected:< 2.0.0Fixed in:2.0.0CVE-2024-0163derived from NVD
poweredge r760xa firmwareNVD
Affected:< 2.0.0Fixed in:2.0.0CVE-2024-0163derived from NVD
poweredge r760xd2 firmwareNVD
Affected:< 2.0.0Fixed in:2.0.0CVE-2024-0163derived from NVD
poweredge r760xs firmwareNVD
Affected:< 2.0.0Fixed in:2.0.0CVE-2024-0163derived from NVD
poweredge r7615 firmwareNVD
Affected:< 1.7.2Fixed in:1.7.2CVE-2024-0163derived from NVD
poweredge r7625 firmwareNVD
Affected:< 1.7.2Fixed in:1.7.2CVE-2024-0163derived from NVD
poweredge r860 firmwareNVD
Affected:< 1.8.0Fixed in:1.8.0CVE-2024-0163derived from NVD
poweredge r960 firmwareNVD
Affected:< 1.8.0Fixed in:1.8.0CVE-2024-0163derived from NVD
poweredge t150 firmwareNVD
Affected:< 1.9.1Fixed in:1.9.1CVE-2024-0163derived from NVD
poweredge t350 firmwareNVD
Affected:< 1.9.1Fixed in:1.9.1CVE-2024-0163derived from NVD
poweredge t550 firmwareNVD
Affected:< 1.13.2Fixed in:1.13.2CVE-2024-0163derived from NVD
poweredge t560 firmwareNVD
Affected:< 2.0.0Fixed in:2.0.0CVE-2024-0163derived from NVD
poweredge xe8545 firmwareNVD
Affected:< 2.14.1Fixed in:2.14.1CVE-2024-0163derived from NVD
poweredge xe8640 firmwareNVD
Affected:< 1.8.0Fixed in:1.8.0CVE-2024-0163derived from NVD
poweredge xe9640 firmwareNVD
Affected:< 1.8.0Fixed in:1.8.0CVE-2024-0163derived from NVD
poweredge xe9680 firmwareNVD
Affected:< 1.8.0Fixed in:1.8.0CVE-2024-0163derived from NVD
poweredge xr11 firmwareNVD
Affected:< 1.13.2Fixed in:1.13.2CVE-2024-0163derived from NVD
poweredge xr12 firmwareNVD
Affected:< 1.13.2Fixed in:1.13.2CVE-2024-0163derived from NVD
poweredge xr4510c firmwareNVD
Affected:< 1.14.1Fixed in:1.14.1CVE-2024-0163derived from NVD
poweredge xr4520c firmwareNVD
Affected:< 1.14.1Fixed in:1.14.1CVE-2024-0163derived from NVD
poweredge xr5610 firmwareNVD
Affected:< 1.8.0Fixed in:1.8.0CVE-2024-0163derived from NVD
poweredge xr7620 firmwareNVD
Affected:< 1.8.0Fixed in:1.8.0CVE-2024-0163derived from NVD
poweredge xr8610t firmwareNVD
Affected:< 1.8.0Fixed in:1.8.0CVE-2024-0163derived from NVD
poweredge xr8620t firmwareNVD
Affected:< 1.8.0Fixed in:1.8.0CVE-2024-0163derived from NVD
xc core xc660 firmwareNVD
Affected:< 2.0.0Fixed in:2.0.0CVE-2024-0163derived from NVD
xc core xc760 firmwareNVD
Affected:< 2.0.0Fixed in:2.0.0CVE-2024-0163derived from NVD
xc core xc7625 firmwareNVD
Affected:< 1.7.2Fixed in:1.7.2CVE-2024-0163derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeChanged

Impact

ConfidentialityLow
IntegrityLow
AvailabilityLow

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

Exploit Intelligence

0.11%probability of exploitation in 30 days
2ndpercentile

Low risk: more likely to be exploited than 2% of all known CVEs.

References

Vendor Advisory1

Related Vulnerabilities

Other CWE-367 (TOCTOU Race Condition) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2022-36980High8.183%-Fix
CVE-2024-30088High7.068%KEV + RansomFix
CVE-2004-0594Medium5.155%-Fix
CVE-2024-50379Critical9.844%-Fix
CVE-2023-38146High8.839%-Fix
CVE-2024-0132Critical9.037%-Fix
Embed a live status badge for CVE-2024-0163
CVE-2024-0163 severity badge

Markdown

[![CVE-2024-0163](https://tridentstack.com/cve/badge/CVE-2024-0163.svg)](https://tridentstack.com/cve/CVE-2024-0163)

HTML

<a href="https://tridentstack.com/cve/CVE-2024-0163"><img src="https://tridentstack.com/cve/badge/CVE-2024-0163.svg" alt="CVE-2024-0163"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-01-31.