Lucene search

[email protected]CVE-2023-39251

HistoryDec 22, 2023 - 6:15 p.m.

CVE-2023-39251

2023-12-2218:15:07

CWE-20

[email protected]

web.nvd.nist.gov

cve-2023-39251

dell

bios

improper input validation

vulnerability

memory corruption

nvd

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Dell BIOS contains an Improper Input Validation vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability in order to corrupt memory on the system.

Affected configurations

NVD

Node

dellinspiron_7510Match-

AND

dellinspiron_7510_firmwareRange<1.20.0

Node

dellinspiron_7610Match-

AND

dellinspiron_7610_firmwareRange<1.20.0

Node

delllatitude_5430_ruggedMatch-

AND

delllatitude_5430_rugged_firmwareRange<1.23.0

Node

delllatitude_5521Match-

AND

delllatitude_5521_firmwareRange<1.27.0

Node

delllatitude_7330_ruggedMatch-

AND

delllatitude_7330_rugged_firmwareRange<1.23.0

Node

dellprecision_3561Match-

AND

dellprecision_3561_firmwareRange<1.27.0

Node

dellprecision_5560Match-

AND

dellprecision_5560_firmwareRange<1.25.0

Node

dellprecision_5760Match-

AND

dellprecision_5760_firmwareRange<1.24.0

Node

dellprecision_7560_firmwareRange<1.27.0

AND

dellprecision_7560Match-

Node

dellprecision_7760_firmwareRange<1.27.0

AND

dellprecision_7760Match-

Node

dellvostro_7510_firmwareRange<1.20.0

AND

dellvostro_7510Match-

Node

dellxps_15_9510_firmwareRange<1.25.0

AND

dellxps_15_9510Match-

Node

dellxps_17_9710_firmwareRange<1.24.0

AND

dellxps_17_9710Match-

CPENameOperatorVersion
dell:inspiron_7510_firmwaredell inspiron 7510 firmwarelt1.20.0

CPE	Name	Operator	Version
dell:inspiron_7510_firmware	dell inspiron 7510 firmware	lt	1.20.0

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Inspiron 7510",
      "Inspiron 7610",
      "Latitude 5430 Rugged Laptop",
      "Latitude 5521",
      "Latitude 7330 Rugged Laptop",
      "Precision 3561",
      "Precision 5560",
      "Precision 5760",
      "Precision 7560",
      "Precision 7760",
      "Vostro 7510",
      "XPS 15 9510",
      "XPS 17 9710"
    ],
    "product": "CPG BIOS",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": "Versions prior to 1.20.0"
      },
      {
        "status": "affected",
        "version": "Versions prior to 1.23.0"
      },
      {
        "status": "affected",
        "version": "Versions prior to 1.27.0"
      },
      {
        "status": "affected",
        "version": "Versions prior to 1.25.0"
      },
      {
        "status": "affected",
        "version": "Versions prior to 1.24.0"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000217707/dsa-2023-342

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2023-39251

nvd1 prion1 nessus1 cvelist1