Lucene search

[email protected]CVE-2023-25537

HistoryMay 22, 2023 - 11:15 a.m.

CVE-2023-25537

2023-05-2211:15:09

CWE-787

[email protected]

web.nvd.nist.gov

cve-2023-25537

dell

poweredge

14g

bios

out of bounds write

vulnerability

smram

system management mode

arbitrary code execution

privilege escalation

nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.

Affected configurations

NVD

Node

dellpoweredge_r740_firmwareRange<2.18.1

AND

dellpoweredge_r740Match-

Node

dellpoweredge_r740xd_firmwareRange<2.18.1

AND

dellpoweredge_r740xdMatch-

Node

dellpoweredge_r640_firmwareRange<2.18.1

AND

dellpoweredge_r640Match-

Node

dellpoweredge_r940_firmwareRange<2.18.1

AND

dellpoweredge_r940Match-

Node

dellpoweredge_r540_firmwareRange<2.18.1

AND

dellpoweredge_r540Match-

Node

dellpoweredge_r440_firmwareRange<2.18.1

AND

dellpoweredge_r440Match-

Node

dellpoweredge_t440_firmwareRange<2.18.1

AND

dellpoweredge_t440Match-

Node

dellpoweredge_xr2_firmwareRange<2.18.1

AND

dellpoweredge_xr2Match-

Node

dellpoweredge_r740xd2_firmwareRange<2.18.1

AND

dellpoweredge_r740xd2Match-

Node

dellpoweredge_r840_firmwareRange<2.18.1

AND

dellpoweredge_r840Match-

Node

dellpoweredge_r940xa_firmwareRange<2.18.1

AND

dellpoweredge_r940xaMatch-

Node

dellpoweredge_t640_firmwareRange<2.18.1

AND

dellpoweredge_t640Match-

Node

dellpoweredge_c6420_firmwareRange<2.18.1

AND

dellpoweredge_c6420Match-

Node

dellpoweredge_fc640_firmwareRange<2.18.1

AND

dellpoweredge_fc640Match-

Node

dellpoweredge_m640_firmwareRange<2.18.1

AND

dellpoweredge_m640Match-

Node

dellpoweredge_mx740c_firmwareRange<2.18.1

AND

dellpoweredge_mx740cMatch-

Node

dellpoweredge_mx840c_firmwareRange<2.18.1

AND

dellpoweredge_mx840cMatch-

Node

dellpoweredge_c4140_firmwareRange<2.18.1

AND

dellpoweredge_c4140Match-

Node

delldss_8440_firmwareRange<2.18.1

AND

delldss_8440Match-

Node

dellpoweredge_xe2420_firmwareRange<2.18.1

AND

dellpoweredge_xe2420Match-

Node

dellpoweredge_xe7420_firmwareRange<2.18.1

AND

dellpoweredge_xe7420Match-

Node

dellpoweredge_xe7440_firmwareRange<2.18.1

AND

dellpoweredge_xe7440Match-

Node

dellemc_storage_nx3240_firmwareRange<2.18.1

AND

dellemc_storage_nx3240Match-

Node

dellemc_storage_nx3340_firmwareRange<2.18.1

AND

dellemc_storage_nx3340Match-

Node

dellemc_xc_core_6420_firmwareRange<2.18.1

AND

dellemc_xc_core_6420Match-

Node

dellemc_xc_core_xc640_firmwareRange<2.18.1

AND

dellemc_xc_core_xc640Match-

Node

dellemc_xc_core_xc740xd_firmwareRange<2.18.1

AND

dellemc_xc_core_xc740xdMatch-

Node

dellemc_xc_core_xc740xd2_firmwareRange<2.18.1

AND

dellemc_xc_core_xc740xd2Match-

Node

dellemc_xc_core_xc940_firmwareRange<2.18.1

AND

dellemc_xc_core_xc940Match-

Node

dellemc_xc_core_xcxr2_firmwareRange<2.18.1

AND

dellemc_xc_core_xcxr2Match-

CPENameOperatorVersion
dell:poweredge_r740_firmwaredell poweredge r740 firmwarelt2.18.1

CPE	Name	Operator	Version
dell:poweredge_r740_firmware	dell poweredge r740 firmware	lt	2.18.1

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "BIOS",
      "PowerEdge R740",
      "PowerEdge R740XD",
      "PowerEdge R640",
      "PowerEdge R940",
      "PowerEdge R540",
      "PowerEdge R440",
      "PowerEdge T440",
      "PowerEdge XR2",
      "PowerEdge R740xD2",
      "PowerEdge R840",
      "PowerEdge R940xa",
      "PowerEdge T640",
      "PowerEdge C6420",
      "PowerEdge FC640",
      "PowerEdge M640",
      "PowerEdge M640 (for PE VRTX)",
      "PowerEdge MX740c",
      "PowerEdge MX840c",
      "PowerEdge C4140",
      "DSS 8440",
      "PowerEdge XE2420",
      "PowerEdge XE7420",
      "PowerEdge XE7440",
      "Dell EMC Storage NX3240",
      "Dell EMC Storage NX3340",
      "Dell EMC XC Core 6420 System",
      "Dell EMC XC Core XC640 System",
      "Dell EMC XC Core XC740xd System",
      "Dell EMC XC Core XC740xd2",
      "Dell EMC XC Core XC940 System",
      "Dell EMC XC Core XCXR2"
    ],
    "product": "PowerEdge Platform",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": "Versions prior to 2.18.1 "
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000213550/dsa-2023-098-security-update-for-dell-poweredge-14g-server-bios-for-an-out-of-bounds-write-vulnerability

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2023-25537

cvelist1 prion1 nvd1