Lucene search

[email protected]CVE-2023-44297

HistoryDec 05, 2023 - 4:15 p.m.

CVE-2023-44297

2023-12-0516:15:07

CWE-1234

CWE-667

[email protected]

web.nvd.nist.gov

cve-2023-44297

dell

poweredge

precision

bios

vulnerability

debug code

security

7.1 High

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.2%

JSON

Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information disclosure, information tampering, code execution, denial of service.

Affected configurations

NVD

Node

dellpoweredge_r660Match-

AND

dellpoweredge_r660_firmwareMatch1.4.4

Node

dellpoweredge_r760Match-

AND

dellpoweredge_r760_firmwareMatch1.4.4

Node

dellpoweredge_c6620Match-

AND

dellpoweredge_c6620_firmwareMatch1.4.4

Node

dellpoweredge_mx760cMatch-

AND

dellpoweredge_mx760c_firmwareMatch1.4.4

Node

dellpoweredge_r860Match-

AND

dellpoweredge_r860_firmwareMatch1.4.4

Node

dellpoweredge_r960Match-

AND

dellpoweredge_r960_firmwareMatch1.4.4

Node

dellpoweredge_hs5610_firmwareMatch1.4.4

AND

dellpoweredge_hs5610Match-

Node

dellpoweredge_hs5620_firmwareMatch1.4.4

AND

dellpoweredge_hs5620Match-

Node

dellpoweredge_r660xs_firmwareMatch1.4.4

AND

dellpoweredge_r660xsMatch-

Node

dellpoweredge_r760xs_firmwareMatch1.4.4

AND

dellpoweredge_r760xsMatch-

Node

dellpoweredge_r760xd2_firmwareMatch1.4.4

AND

dellpoweredge_r760xd2Match-

Node

dellpoweredge_t560_firmwareMatch1.4.4

AND

dellpoweredge_t560Match-

Node

dellpoweredge_r760xa_firmwareMatch1.4.4

AND

dellpoweredge_r760xaMatch-

CPENameOperatorVersion
dell:poweredge_r660_firmwaredell poweredge r660 firmwareeq1.4.4

CPE	Name	Operator	Version
dell:poweredge_r660_firmware	dell poweredge r660 firmware	eq	1.4.4

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "PowerEdge R660",
      "PowerEdge R760",
      "PowerEdge C6620",
      "PowerEdge MX760c",
      "PowerEdge R860",
      "PowerEdge R960",
      "PowerEdge HS5610",
      "PowerEdge HS5620",
      "PowerEdge R660xs",
      "PowerEdge R760xs",
      "PowerEdge R760xd2",
      "PowerEdge T560",
      "PowerEdge R760xa"
    ],
    "product": "PowerEdge BIOS",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": "Version 1.4.4"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000220047/dsa-2023-429-security-update-for-dell-16g-poweredge-server-bios-for-a-debug-code-security-vulnerability

7.1 High

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.2%

JSON

Related for CVE-2023-44297

prion1 nvd1 cvelist1