CVE-2024-0163

Home/CVE/Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain a TOCTOU race condition vulnerability. A local low privi

CVE

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain a TOCTOU race condition vulnerability. A local low privi

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain a TOCTOU race condition vulnerability. A local low privileged attacker could potentially exploit this vulnerability to gain access to otherwise unauthorized resources.

MEDIUM · CVSS 5.3 EPSS 0.00072

Monitor

No active-exploitation, high-EPSS, or public-exploit signals - routine patching cadence

Sigma rules0 YARA rules0

⬡

Weakness Classification

CWE-367Time-of-check Time-of-use (TOCTOU) Race Condition

▤

Affected Products & Versions

dell poweredge r660 firmware< 2.0.0
dell poweredge r760 firmware< 2.0.0
dell poweredge c6620 firmware< 2.0.0
dell poweredge mx760c firmware< 2.0.0
dell poweredge r860 firmware< 1.8.0
dell poweredge r960 firmware< 1.8.0
dell poweredge hs5610 firmware< 2.0.0
dell poweredge hs5620 firmware< 2.0.0
Show all 58 affected productsdell poweredge r660xs firmware< 2.0.0
dell poweredge r760xs firmware< 2.0.0
dell poweredge r760xd2 firmware< 2.0.0
dell poweredge t560 firmware< 2.0.0
dell poweredge r760xa firmware< 2.0.0
dell poweredge xe9680 firmware< 1.8.0
dell poweredge xr5610 firmware< 1.8.0
dell poweredge xr8610t firmware< 1.8.0
dell poweredge xr8620t firmware< 1.8.0
dell poweredge xr7620 firmware< 1.8.0
dell poweredge xe8640 firmware< 1.8.0
dell poweredge xe9640 firmware< 1.8.0
dell poweredge r6615 firmware< 1.7.2
dell poweredge r7615 firmware< 1.7.2
dell poweredge r6625 firmware< 1.7.2
dell poweredge r7625 firmware< 1.7.2
dell poweredge c6615 firmware< 1.2.3
dell poweredge r650 firmware< 1.13.2
dell poweredge r750 firmware< 1.13.2
dell poweredge r750xa firmware< 1.13.2
dell poweredge c6520 firmware< 1.13.2
dell poweredge mx750c firmware< 1.13.2
dell poweredge r550 firmware< 1.13.2
dell poweredge r450 firmware< 1.13.2
dell poweredge r650xs firmware< 1.13.2
dell poweredge r750xs firmware< 1.13.2
dell poweredge t550 firmware< 1.13.2
dell poweredge xr11 firmware< 1.13.2
dell poweredge xr12 firmware< 1.13.2
dell poweredge t150 firmware< 1.9.1
dell poweredge t350 firmware< 1.9.1
dell poweredge r250 firmware< 1.9.1
dell poweredge r350 firmware< 1.9.1
dell poweredge xr4510c firmware< 1.14.1
dell poweredge xr4520c firmware< 1.14.1
dell poweredge r6515 firmware< 2.14.1
dell poweredge r6525 firmware< 2.14.1
dell poweredge r7515 firmware< 2.14.1
dell poweredge r7525 firmware< 2.14.1
dell poweredge c6525 firmware< 2.14.1
dell poweredge xe8545 firmware< 2.14.1
dell xc core xc660 firmware< 2.0.0
dell xc core xc760 firmware< 2.0.0
dell xc core xc7625 firmware< 1.7.2
dell emc xc core xc450 firmware< 1.13.2
dell emc xc core xc650 firmware< 1.13.2
dell emc xc core xc750 firmware< 1.13.2
dell emc xc core xc750xa firmware< 1.13.2
dell emc xc core xc6520 firmware< 1.13.2
dell emc xc core xc7525 firmware< 2.14.1

▣

Scoring & Timeline

5.3

MEDIUM · CVSS v3.1 · security_alert@emc.com

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD13 Mar 2024 · 05:15 PM

CVSS VectorCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

SSVC triage · cisa-vulnrichment

Exploitation

none

Automatable

Technical impact

partial

SSVC asks the questions that actually drive patch urgency: is it being exploited, can attacks be automated, and how total is the impact.

🔗

References & Sources

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

https://www.dell.com/support/kbdoc/en-us/000222756/dsa-2024-003-security-update-for-dell-poweredge-server-bios-for-a-time-of-check-time-of-use-toctou-vulnerabilityVendor Advisory

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin