阿里云漏洞库

漏洞描述

Dell PowerEdge Server BIOS是戴尔（Dell）的一款系统更新驱动程序。

Dell PowerEdge Server 存在安全漏洞，攻击者可利用该漏洞导致在系统管理模式下拒绝服务、任意代码执行或信息公开。

解决建议

目前厂商已发布升级补丁以修复漏洞，补丁获取链接：
https://www.dell.com/support/kbdoc/000187958

参考链接
https://www.dell.com/support/kbdoc/000187958

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	系统	dell	poweredge_c4140_firmware	*		Up to (excluding) 2.11.2
	运行在以下环境
	系统	dell	poweredge_c6420_firmware	*		Up to (excluding) 2.11.2
	运行在以下环境
	系统	dell	poweredge_c6525_firmware	*		Up to (excluding) 2.2.4
	运行在以下环境
	系统	dell	poweredge_fc640_firmware	*		Up to (excluding) 2.11.2
	运行在以下环境
	系统	dell	poweredge_m640p_firmware	*		Up to (excluding) 2.11.2
	运行在以下环境
	系统	dell	poweredge_m640_firmware	*		Up to (excluding) 2.11.2
	运行在以下环境
	系统	dell	poweredge_mx740c_firmware	*		Up to (excluding) 2.11.2
	运行在以下环境
	系统	dell	poweredge_mx840c_firmware	*		Up to (excluding) 2.11.2
	运行在以下环境
	系统	dell	poweredge_r240_firmware	*		Up to (excluding) 2.5.1
	运行在以下环境
	系统	dell	poweredge_r340_firmware	*		Up to (excluding) 2.5.1
	运行在以下环境
	系统	dell	poweredge_r440_firmware	*		Up to (excluding) 2.11.2
	运行在以下环境
	系统	dell	poweredge_r540_firmware	*		Up to (excluding) 2.11.2
	运行在以下环境
	系统	dell	poweredge_r640_firmware	*		Up to (excluding) 2.11.2
	运行在以下环境
	系统	dell	poweredge_r6415_firmware	*		Up to (excluding) 1.16.1
	运行在以下环境
	系统	dell	poweredge_r6515_firmware	*		Up to (excluding) 2.2.4
	运行在以下环境
	系统	dell	poweredge_r6525_firmware	*		Up to (excluding) 2.2.5
	运行在以下环境
	系统	dell	poweredge_r740xd2_firmware	*		Up to (excluding) 2.11.2
	运行在以下环境
	系统	dell	poweredge_r740xd_firmware	*		Up to (excluding) 2.11.2
	运行在以下环境
	系统	dell	poweredge_r740_firmware	*		Up to (excluding) 2.11.2
	运行在以下环境
	系统	dell	poweredge_r7415_firmware	*		Up to (excluding) 1.16.1
	运行在以下环境
	系统	dell	poweredge_r7425_firmware	*		Up to (excluding) 1.16.1
	运行在以下环境
	系统	dell	poweredge_r7515_firmware	*		Up to (excluding) 2.2.4
	运行在以下环境
	系统	dell	poweredge_r7525_firmware	*		Up to (excluding) 2.2.5
	运行在以下环境
	系统	dell	poweredge_r840_firmware	*		Up to (excluding) 2.11.2
	运行在以下环境
	系统	dell	poweredge_r940xa_firmware	*		Up to (excluding) 2.11.2
	运行在以下环境
	系统	dell	poweredge_r940_firmware	*		Up to (excluding) 2.11.2
	运行在以下环境
	系统	dell	poweredge_t140_firmware	*		Up to (excluding) 2.5.1
	运行在以下环境
	系统	dell	poweredge_t340_firmware	*		Up to (excluding) 2.5.1
	运行在以下环境
	系统	dell	poweredge_t440_firmware	*		Up to (excluding) 2.11.2
	运行在以下环境
	系统	dell	poweredge_t640_firmware	*		Up to (excluding) 2.11.2
	运行在以下环境
	系统	dell	poweredge_xr2_firmware	*		Up to (excluding) 2.11.2
	运行在以下环境
硬件	dell	poweredge_c4140	-	-
运行在以下环境
硬件	dell	poweredge_c6420	-	-
运行在以下环境
硬件	dell	poweredge_c6525	-	-
运行在以下环境
硬件	dell	poweredge_fc640	-	-
运行在以下环境
硬件	dell	poweredge_m640	-	-
运行在以下环境
硬件	dell	poweredge_m640p	-	-
运行在以下环境
硬件	dell	poweredge_mx740c	-	-
运行在以下环境
硬件	dell	poweredge_mx840c	-	-
运行在以下环境
硬件	dell	poweredge_r240	-	-
运行在以下环境
硬件	dell	poweredge_r340	-	-
运行在以下环境
硬件	dell	poweredge_r440	-	-
运行在以下环境
硬件	dell	poweredge_r540	-	-
运行在以下环境
硬件	dell	poweredge_r640	-	-
运行在以下环境
硬件	dell	poweredge_r6415	-	-
运行在以下环境
硬件	dell	poweredge_r6515	-	-
运行在以下环境
硬件	dell	poweredge_r6525	-	-
运行在以下环境
硬件	dell	poweredge_r740	-	-
运行在以下环境
硬件	dell	poweredge_r740xd	-	-
运行在以下环境
硬件	dell	poweredge_r740xd2	-	-
运行在以下环境
硬件	dell	poweredge_r7415	-	-
运行在以下环境
硬件	dell	poweredge_r7425	-	-
运行在以下环境
硬件	dell	poweredge_r7515	-	-
运行在以下环境
硬件	dell	poweredge_r7525	-	-
运行在以下环境
硬件	dell	poweredge_r840	-	-
运行在以下环境
硬件	dell	poweredge_r940	-	-
运行在以下环境
硬件	dell	poweredge_r940xa	-	-
运行在以下环境
硬件	dell	poweredge_t140	-	-
运行在以下环境
硬件	dell	poweredge_t340	-	-
运行在以下环境
硬件	dell	poweredge_t440	-	-
运行在以下环境
硬件	dell	poweredge_t640	-	-
运行在以下环境
硬件	dell	poweredge_xr2	-	-

攻击路径

本地
攻击复杂度

低
权限要求

高
影响范围

未更改
用户交互

无
可用性

高
保密性

高
完整性

高

CWE-ID	漏洞类型
CWE-119	内存缓冲区边界内操作的限制不恰当
CWE-125	跨界内存读

dell poweredge_r640_firmware 内存缓冲区边界内操作的限制不恰当

漏洞描述

解决建议

参考链接

受影响软件情况