DATABASE RESOURCES PRICING ABOUT US

{"id": "CVE-2023-24571", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2023-24571", "description": "Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with administrator privileges could potentially exploit this vulnerability to perform arbitrary code execution.", "published": "2023-03-16T10:15:00", "modified": "2023-03-21T22:30:00", "epss": [{"cve": "CVE-2023-24571", "epss": 0.00042, "percentile": 0.05676, "modified": "2023-05-31"}], "cvss": {"score": 4.0, "vector": "AV:L/AC:L/Au:M/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:M/C:P/I:P/A:P", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "MULTIPLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 4.0}, "severity": "MEDIUM", "exploitabilityScore": 2.5, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 0.8, "impactScore": 5.9}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24571", "reporter": "secure@dell.com", "references": ["https://www.dell.com/support/kbdoc/en-us/000210955/dsa-2023-046"], "cvelist": ["CVE-2023-24571"], "immutableFields": [], "lastseen": "2023-05-31T17:44:52", "viewCount": 12, "enchantments": {"score": {"value": 5.5, "vector": "NONE"}, "affected_software": {"major_version": [{"name": "dell embedded box pc 3000 firmware", "version": 1}]}, "epss": [{"cve": "CVE-2023-24571", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}], "dependencies": {"references": [{"type": "nessus", "idList": ["DELL_BIOS_DSA-2023-046.NASL"]}]}, "vulnersScore": 5.5}, "_state": {"dependencies": 1685578091, "score": 1685555322, "affected_software_major_version": 0, "epss": 0}, "_internal": {"score_hash": "aacf51d27f4d155cdc88d7cf08c667cc"}, "cna_cvss": {"cna": "Dell", "cvss": {"3": {"vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "score": 7.5}}}, "cpe": [], "cpe23": [], "cwe": ["CWE-20"], "affectedSoftware": [{"cpeName": "dell:embedded_box_pc_3000_firmware", "version": "1.18.0", "operator": "lt", "name": "dell embedded box pc 3000 firmware"}], "affectedConfiguration": [{"name": "dell embedded box pc 3000", "cpeName": "dell:embedded_box_pc_3000", "version": "-", "operator": "eq"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:dell:embedded_box_pc_3000_firmware:1.18.0:*:*:*:*:*:*:*", "versionEndExcluding": "1.18.0", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:dell:embedded_box_pc_3000:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}]}, "extraReferences": [{"url": "https://www.dell.com/support/kbdoc/en-us/000210955/dsa-2023-046", "name": "https://www.dell.com/support/kbdoc/en-us/000210955/dsa-2023-046", "refsource": "MISC", "tags": ["Vendor Advisory"]}], "product_info": [{"vendor": "Dell", "product": "Embedded Box PC 3000 , CPG BIOS"}], "solutions": [], "workarounds": [], "impacts": [], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20: Improper Input Validation", "lang": "en", "type": "CWE"}]}], "exploits": []}

{"nessus": [{"lastseen": "2023-05-17T16:46:17", "description": "The Dell BIOS on the remote device is missing a security patch and is, therefore, affected by a remote code execution vulnerability due to improper input validation. A locally authenticated malicious user with admin privileges could exploit this vulnerability to perform arbitrary code execution.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-03-23T00:00:00", "type": "nessus", "title": "Dell Client BIOS RCE (DSA-2023-046)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2023-24571"], "modified": "2023-03-24T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "DELL_BIOS_DSA-2023-046.NASL", "href": "https://www.tenable.com/plugins/nessus/173294", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(173294);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/24\");\n\n script_cve_id(\"CVE-2023-24571\");\n script_xref(name:\"IAVA\", value:\"2023-A-0150\");\n\n script_name(english:\"Dell Client BIOS RCE (DSA-2023-046)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch\");\n script_set_attribute(attribute:\"description\", value:\n\"The Dell BIOS on the remote device is missing a security patch and is, therefore, affected by a remote code execution\nvulnerability due to improper input validation. A locally authenticated malicious user with admin privileges could\nexploit this vulnerability to perform arbitrary code execution.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.dell.com/support/kbdoc/en-ie/000210955/dsa-2023-046\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the security patch in accordance with the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:M/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-24571\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/03/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"bios_get_info_wmi.nbin\");\n script_require_keys(\"BIOS/Model\", \"BIOS/Version\", \"BIOS/Vendor\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_name = 'Dell Inc.';\nvar app_info = vcf::dell_bios_win::get_app_info(app:app_name);\nvar model = app_info['model'];\n\nvar fix = '';\n# Check model\nif (model)\n{\n if (model == 'Embedded Box PC 3000') fix = '1.18.0';\n else\n {\n audit(AUDIT_HOST_NOT, 'an affected model');\n }\n}\nelse\n{\n exit(0, 'The model of the device running the Dell BIOS could not be identified.');\n}\n\nvar constraints = [{ 'fixed_version' : fix, 'fixed_display': fix + ' for ' + model }];\n# Have a more useful audit message\napp_info.app = 'Dell System BIOS for ' + model;\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}]}