Lucene search

[email protected]CVE-2023-32460

HistoryDec 08, 2023 - 6:15 a.m.

CVE-2023-32460

2023-12-0806:15:45

CWE-306

[email protected]

web.nvd.nist.gov

cve-2023-32460

dell poweredge

bios

privilege management

vulnerability

nvd

cve

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.

Affected configurations

NVD

Node

dellpoweredge_r660_firmwareRange<1.6.6

AND

dellpoweredge_r660Match-

Node

dellpoweredge_r760_firmwareRange<1.6.6

AND

dellpoweredge_r760Match-

Node

dellpoweredge_c6620_firmwareRange<1.6.6

AND

dellpoweredge_c6620Match-

Node

dellpoweredge_mx760c_firmwareRange<1.6.6

AND

dellpoweredge_mx760cMatch-

Node

dellpoweredge_r860_firmwareRange<1.6.6

AND

dellpoweredge_r860Match-

Node

dellpoweredge_r960_firmwareRange<1.6.6

AND

dellpoweredge_r960Match-

Node

dellpoweredge_hs5610_firmwareRange<1.6.6

AND

dellpoweredge_hs5610Match-

Node

dellpoweredge_hs5620_firmwareRange<1.6.6

AND

dellpoweredge_hs5620Match-

Node

dellpoweredge_r660xs_firmwareRange<1.6.6

AND

dellpoweredge_r660xsMatch-

Node

dellpoweredge_r760xs_firmwareRange<1.6.6

AND

dellpoweredge_r760xsMatch-

Node

dellpoweredge_r760xd2_firmwareRange<1.6.6

AND

dellpoweredge_r760xd2Match-

Node

dellpoweredge_t560_firmwareRange<1.6.6

AND

dellpoweredge_t560Match-

Node

dellpoweredge_r760xa_firmwareRange<1.6.6

AND

dellpoweredge_r760xaMatch-

Node

dellpoweredge_xr5610_firmwareRange<1.6.6

AND

dellpoweredge_xr5610Match-

Node

dellpoweredge_xr8610t_firmwareRange<1.6.6

AND

dellpoweredge_xr8610tMatch-

Node

dellpoweredge_xr8620t_firmwareRange<1.6.6

AND

dellpoweredge_xr8620tMatch-

Node

dellpoweredge_r6615_firmwareRange<1.6.6

AND

dellpoweredge_r6615Match-

Node

dellpoweredge_r7615_firmwareRange<1.6.6

AND

dellpoweredge_r7615Match-

Node

dellpoweredge_xr7620_firmwareRange<1.6.6

AND

dellpoweredge_xr7620Match-

Node

dellpoweredge_xe8640_firmwareRange<1.3.6

AND

dellpoweredge_xe8640Match-

Node

dellpoweredge_xe9640_firmwareRange<1.3.6

AND

dellpoweredge_xe9640Match-

Node

dellpoweredge_xe9680_firmwareRange<1.3.6

AND

dellpoweredge_xe9680Match-

Node

dellpoweredge_r6625_firmwareRange<1.6.8

AND

dellpoweredge_r6625Match-

Node

dellpoweredge_r7625_firmwareRange<1.6.8

AND

dellpoweredge_r7625Match-

Node

dellpoweredge_c6615_firmwareRange<1.1.2

AND

dellpoweredge_c6615Match-

Node

dellpoweredge_r650_firmwareRange<1.12.1

AND

dellpoweredge_r650Match-

Node

dellpoweredge_r750_firmwareRange<1.12.1

AND

dellpoweredge_r750Match-

Node

dellpoweredge_r750xa_firmwareRange<1.12.1

AND

dellpoweredge_r750xaMatch-

Node

dellpoweredge_c6520_firmwareRange<1.12.1

AND

dellpoweredge_c6520Match-

Node

dellpoweredge_mx750c_firmwareRange<1.12.1

AND

dellpoweredge_mx750cMatch-

Node

dellpoweredge_r550_firmwareRange<1.12.1

AND

dellpoweredge_r550Match-

Node

dellpoweredge_r450_firmwareRange<1.12.1

AND

dellpoweredge_r450Match-

Node

dellpoweredge_r650xs_firmwareRange<1.12.1

AND

dellpoweredge_r650xsMatch-

Node

dellpoweredge_r750xs_firmwareRange<1.12.1

AND

dellpoweredge_r750xsMatch-

Node

dellpoweredge_t550_firmwareRange<1.12.1

AND

dellpoweredge_t550Match-

Node

dellpoweredge_xr11_firmwareRange<1.12.1

AND

dellpoweredge_xr11Match-

Node

dellpoweredge_xr12_firmwareRange<1.12.1

AND

dellpoweredge_xr12Match-

Node

dellpoweredge_t150_firmwareRange<1.8.1

AND

dellpoweredge_t150Match-

Node

dellpoweredge_t350_firmwareRange<1.8.1

AND

dellpoweredge_t350Match-

Node

dellpoweredge_r250_firmwareRange<1.8.1

AND

dellpoweredge_r250Match-

Node

dellpoweredge_r350_firmwareRange<1.8.1

AND

dellpoweredge_r350Match-

Node

dellpoweredge_xr4510c_firmwareRange<1.13.3

AND

dellpoweredge_xr4510cMatch-

Node

dellpoweredge_xr4520c_firmwareRange<1.13.3

AND

dellpoweredge_xr4520cMatch-

Node

dellpoweredge_r6515_firmwareRange<2.13.3

AND

dellpoweredge_r6515Match-

Node

dellpoweredge_r6525_firmwareRange<2.13.3

AND

dellpoweredge_r6525Match-

Node

dellpoweredge_r7515_firmwareRange<2.13.3

AND

dellpoweredge_r7515Match-

Node

dellpoweredge_r7525_firmwareRange<2.13.3

AND

dellpoweredge_r7525Match-

Node

dellpoweredge_c6525_firmwareRange<2.13.3

AND

dellpoweredge_c6525Match-

Node

dellpoweredge_xe8545_firmwareRange<2.13.3

AND

dellpoweredge_xe8545Match-

Node

dellpoweredge_r740_firmwareRange<2.20.1

AND

dellpoweredge_r740Match-

Node

dellpoweredge_r640_firmwareRange<2.20.1

AND

dellpoweredge_r640Match-

Node

dellpoweredge_r940_firmwareRange<2.20.1

AND

dellpoweredge_r940Match-

Node

dellpoweredge_r540_firmwareRange<2.20.1

AND

dellpoweredge_r540Match-

Node

dellpoweredge_r440_firmwareRange<2.20.1

AND

dellpoweredge_r440Match-

Node

dellpoweredge_t440_firmwareRange<2.20.1

AND

dellpoweredge_t440Match-

Node

dellpoweredge_xr2_firmwareRange<2.20.1

AND

dellpoweredge_xr2Match-

Node

dellpoweredge_r840_firmwareRange<2.20.1

AND

dellpoweredge_r840Match-

Node

dellpoweredge_t640_firmwareRange<2.20.1

AND

dellpoweredge_t640Match-

Node

dellpoweredge_c6420_firmwareRange<2.20.1

AND

dellpoweredge_c6420Match-

Node

dellpoweredge_fc640_firmwareRange<2.20.1

AND

dellpoweredge_fc640Match-

Node

dellpoweredge_m640_firmwareRange<2.20.1

AND

dellpoweredge_m640Match-

Node

dellpoweredge_c4140_firmwareRange<2.20.1

AND

dellpoweredge_c4140Match-

Node

dellpoweredge_mx740c_firmwareRange<2.20.1

AND

dellpoweredge_mx740cMatch-

Node

dellpoweredge_mx840c_firmwareRange<2.20.1

AND

dellpoweredge_mx840cMatch-

Node

dellpoweredge_r740xd_firmwareRange<2.20.1

AND

dellpoweredge_r740xdMatch-

Node

dellpoweredge_r740xd2_firmwareRange<2.20.1

AND

dellpoweredge_r740xd2Match-

Node

dellpoweredge_r940xa_firmwareRange<2.20.1

AND

dellpoweredge_r940xaMatch-

Node

dellpoweredge_xe2420_firmwareRange<2.20.0

AND

dellpoweredge_xe2420Match-

Node

dellpoweredge_xe7420_firmwareRange<2.20.0

AND

dellpoweredge_xe7420Match-

Node

dellpoweredge_xe7440_firmwareRange<2.20.0

AND

dellpoweredge_xe7440Match-

Node

dellpoweredge_t140_firmwareRange<2.15.1

AND

dellpoweredge_t140Match-

Node

dellpoweredge_t340_firmwareRange<2.15.1

AND

dellpoweredge_t340Match-

Node

dellpoweredge_r240_firmwareRange<2.15.1

AND

dellpoweredge_r240Match-

Node

dellpoweredge_r340_firmwareRange<2.15.1

AND

dellpoweredge_r340Match-

Node

dellpoweredge_r6415_firmwareRange<1.21.0

AND

dellpoweredge_r6415Match-

Node

dellpoweredge_r7415_firmwareRange<1.21.0

AND

dellpoweredge_r7415Match-

Node

dellpoweredge_r7425_firmwareRange<1.21.0

AND

dellpoweredge_r7425Match-

Node

dellpoweredge_r930Match-

AND

dellpoweredge_r930_firmwareRange<2.13.0

Node

dellpoweredge_r730Match-

AND

dellpoweredge_r730_firmwareRange<2.18.1

Node

dellpoweredge_r730xdMatch-

AND

dellpoweredge_r730xd_firmwareRange<2.18.1

Node

dellpoweredge_r630Match-

AND

dellpoweredge_r630_firmwareRange<2.18.1

Node

dellpoweredge_c4130Match-

AND

dellpoweredge_c4130_firmwareRange<2.18.1

Node

dellpoweredge_m630Match-

AND

dellpoweredge_m630_firmwareRange<2.18.1

Node

dellpoweredge_fc630Match-

AND

dellpoweredge_fc630_firmwareRange<2.18.1

Node

dellpoweredge_fc430_firmwareRange<2.18.1

AND

dellpoweredge_fc430Match-

Node

dellpoweredge_m830_firmwareRange<2.18.1

AND

dellpoweredge_m830Match-

Node

dellpoweredge_fc830_firmwareRange<2.18.1

AND

dellpoweredge_fc830Match-

Node

dellpoweredge_t630_firmwareRange<2.18.2

AND

dellpoweredge_t630Match-

Node

dellpoweredge_r530_firmwareRange<2.18.2

AND

dellpoweredge_r530Match-

Node

dellpoweredge_r430_firmwareRange<2.18.2

AND

dellpoweredge_r430Match-

Node

dellpoweredge_t430_firmwareRange<2.18.2

AND

dellpoweredge_t430Match-

Node

dellpoweredge_c6320_firmwareRange<2.18.2

AND

dellpoweredge_c6320Match-

Node

dellpoweredge_t130_firmwareRange<2.19.1

AND

dellpoweredge_t130Match-

Node

dellpoweredge_r230_firmwareRange<2.19.1

AND

dellpoweredge_r230Match-

Node

dellpoweredge_t330_firmwareRange<2.19.1

AND

dellpoweredge_t330Match-

Node

dellpoweredge_r330_firmwareRange<2.19.1

AND

dellpoweredge_r330Match-

Node

dellpoweredge_r830_firmwareRange<1.18.1

AND

dellpoweredge_r830Match-

Node

dellpoweredge_m640_\(pe_vrtx\)_firmwareRange<2.20.1

AND

dellpoweredge_m640_\(pe_vrtx\)Match-

Node

dellpoweredge_m630_\(pe_vrtx\)_firmwareRange<2.18.1

AND

dellpoweredge_m630_\(pe_vrtx\)Match-

Node

dellpoweredge_m830_\(pe_vrtx\)_firmwareRange<2.18.1

AND

dellpoweredge_m830_\(pe_vrtx\)Match-

Node

delldss_8440_firmwareRange<2.20.0

AND

delldss_8440Match-

Node

dellnx3230_firmwareRange<2.18.1

AND

dellnx3230Match-

Node

dellnx3330_firmwareRange<2.18.1

AND

dellnx3330Match-

Node

dellnx430_firmwareRange<2.19.1

AND

dellnx430Match-

Node

dellemc_storage_nx3240_firmwareRange<2.20.1

AND

dellemc_storage_nx3240Match-

Node

dellemc_storage_nx3340_firmwareRange<2.20.1

AND

dellemc_storage_nx3340Match-

Node

dellemc_nx440_firmwareRange<2.15.1

AND

dellnx440Match-

Node

dellemc_xc_core_xc450_firmwareRange<1.12.1

AND

dellemc_xc_core_xc450Match-

Node

dellemc_xc_core_xc650_firmwareRange<1.12.1

AND

dellemc_xc_core_xc650Match-

Node

dellemc_xc_core_xc750_firmwareRange<1.12.1

AND

dellemc_xc_core_xc750Match-

Node

dellemc_xc_core_xc750xa_firmwareRange<1.12.1

AND

dellemc_xc_core_xc750xaMatch-

Node

dellemc_xc_core_xc6520_firmwareRange<1.12.1

AND

dellemc_xc_core_xc6520Match-

Node

dellemc_xc_core_xcxr2_firmwareRange<2.20.1

AND

dellemc_xc_core_xcxr2Match-

Node

dellemc_xc_core_xc740xd2_firmwareRange<2.20.1

AND

dellemc_xc_core_xc740xd2Match-

Node

dellemc_xc_core_xc7525_firmwareRange<2.13.3

AND

dellemc_xc_core_xc7525Match-

Node

dellemc_xc_core_6420_firmwareRange<2.20.1

AND

dellemc_xc_core_6420Match-

Node

dellemc_xc_core_xc640_firmwareRange<2.20.1

AND

dellemc_xc_core_xc640Match-

Node

dellemc_xc_core_xc740xd_firmwareRange<2.20.1

AND

dellemc_xc_core_xc740xdMatch-

Node

dellemc_xc_core_xc940_firmwareRange<2.20.1

AND

dellemc_xc_core_xc940Match-

Node

dellxc_core_xc660_firmwareRange<1.6.6

AND

dellxc_core_xc660Match-

Node

dellxc_core_xc760_firmwareRange<1.6.6

AND

dellxc_core_xc760Match-

Node

dellxc6320_hyperconverged_appliance_firmwareRange<2.18.2

AND

dellxc6320_hyperconverged_applianceMatch-

Node

dellxc430_hyperconverged_appliance_firmwareRange<2.18.2

AND

dellxc430_hyperconverged_applianceMatch-

Node

dellxc630_hyperconverged_appliance_firmwareRange<2.18.1

AND

dellxc630_hyperconverged_applianceMatch-

Node

dellxc730_hyperconverged_appliance_firmwareRange<2.18.1

AND

dellxc730_hyperconverged_applianceMatch-

Node

dellxc730xd_hyperconverged_appliance_firmwareRange<2.18.1

AND

dellxc730xd_hyperconverged_applianceMatch-

CPENameOperatorVersion
dell:poweredge_r660_firmwaredell poweredge r660 firmwarelt1.6.6

CPE	Name	Operator	Version
dell:poweredge_r660_firmware	dell poweredge r660 firmware	lt	1.6.6

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "BIOS"
    ],
    "product": "PowerEdge Platform",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": "Versions prior to 1.6.6"
      },
      {
        "status": "affected",
        "version": "Versions prior to 1.3.6"
      },
      {
        "status": "affected",
        "version": "Versions prior to 1.1.2"
      },
      {
        "status": "affected",
        "version": "Versions prior to 1.12.1"
      },
      {
        "status": "affected",
        "version": "Versions prior to 1.8.1"
      },
      {
        "status": "affected",
        "version": "Versions prior to 1.13.3"
      },
      {
        "status": "affected",
        "version": "Versions prior to 2.13.3"
      },
      {
        "status": "affected",
        "version": "Versions prior to 2.20.1"
      },
      {
        "status": "affected",
        "version": "Versions prior to 2.20.0"
      },
      {
        "status": "affected",
        "version": "Versions prior to 2.15.1"
      },
      {
        "status": "affected",
        "version": "Versions prior to 1.21.0"
      },
      {
        "status": "affected",
        "version": "Versions prior to 2.18.1 "
      },
      {
        "status": "affected",
        "version": "Versions prior to 2.13.0  "
      },
      {
        "status": "affected",
        "version": "Versions prior to 2.18.2 "
      },
      {
        "status": "affected",
        "version": "Versions prior to 1.18.1  "
      },
      {
        "status": "affected",
        "version": "Versions prior to 2.19.1  "
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000219550/dsa-2023-361-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerability

Social References

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2023-32460

cvelist1 prion1 nvd1