CVE-2024-0171 – Dell PowerEdge Server BIOS contains a Time-of-C... (How to Fix)

Q: What is the severity of CVE-2024-0171?

CVE-2024-0171 has a CVSS score of 5.3 (MEDIUM). Dell PowerEdge Server BIOS contains a Time-of-Check Time-of-Use (TOCTOU) race condition vulnerability that allows a local low-privileged attacker to potentially access unauthorized resources. This affects Dell PowerEdge servers with AMD-based BIOS. Attackers must already have local access to the system.

📋 TL;DR

Dell PowerEdge Server BIOS contains a Time-of-Check Time-of-Use (TOCTOU) race condition vulnerability that allows a local low-privileged attacker to potentially access unauthorized resources. This affects Dell PowerEdge servers with AMD-based BIOS. Attackers must already have local access to the system.

💻 Affected Systems

Products:

Dell PowerEdge Servers with AMD-based BIOS

Versions: Specific versions not detailed in advisory - check Dell advisory for exact affected versions

Operating Systems: Any OS running on affected PowerEdge servers

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Dell PowerEdge servers with AMD processors. Requires local access to the system.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to gain unauthorized access to BIOS-level resources or sensitive system information

🟠

Likely Case

Limited information disclosure or unauthorized access to specific BIOS resources by authenticated low-privileged users

🟢

If Mitigated

No impact if proper access controls and patching are implemented

🌐 Internet-Facing: LOW - Requires local access to the server

🏢 Internal Only: MEDIUM - Internal attackers with local access could exploit this vulnerability

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and race condition timing. No public exploits known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: BIOS updates specified in DSA-2024-039

Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000226253/dsa-2024-039-security-update-for-dell-amd-based-poweredge-server-vulnerability

Restart Required: Yes

Instructions:

1. Identify your PowerEdge server model and current BIOS version. 2. Download appropriate BIOS update from Dell Support site. 3. Apply BIOS update following Dell's update procedures. 4. Reboot server to complete installation.

🔧 Temporary Workarounds

Restrict Local Access

all

Limit physical and remote local access to PowerEdge servers to trusted administrators only

Implement Least Privilege

all

Ensure users only have necessary permissions and cannot execute arbitrary code locally

🧯 If You Can't Patch

Implement strict access controls to limit who can log into affected servers locally
Monitor for suspicious local activity and BIOS access attempts

🔍 How to Verify

Check if Vulnerable:

Check BIOS version against Dell's advisory. Use iDRAC or OS commands to check current BIOS version.

Check Version:

On Linux: 'dmidecode -s bios-version'. On Windows: 'wmic bios get smbiosbiosversion'. Via iDRAC: Check BIOS version in System Information.

Verify Fix Applied:

Verify BIOS version has been updated to patched version specified in Dell advisory

📡 Detection & Monitoring

Log Indicators:

Unusual BIOS access attempts
Multiple rapid BIOS function calls
Failed privilege escalation attempts

Network Indicators:

N/A - Local vulnerability only

SIEM Query:

Search for multiple BIOS-related access attempts from non-admin users within short time windows

📊 Metadata

CVE ID: CVE-2024-0171

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

CWE: CWE-367

Published: June 25, 2024

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-0171, you might also want to check these: