Lucene search

DellCVE-2023-48674

HistoryMar 01, 2024 - 1:15 p.m.

CVE-2023-48674

2024-03-0113:15:07

CWE-170

dell

web.nvd.nist.gov

cve-2023-48674

dell

platform

bios

vulnerability

null termination

high privilege

network access

system

malicious data

services

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

AI Score

6.4

Confidence

High

EPSS

Percentile

9.0%

JSON

Dell Platform BIOS contains an Improper Null Termination vulnerability. A high privilege user with network access to the system could potentially send malicious data to the device in order to cause some services to cease to function.

Affected configurations

Vulners

Node

dellcpg_biosRange≤1.28.0

dellcpg_biosRange≤1.27.1

dellcpg_biosRange≤1.24.0

dellcpg_biosRange≤1.12.0

dellcpg_biosRange≤1.32.0

dellcpg_biosRange≤1.26.0

dellcpg_biosRange≤1.27.0

dellcpg_biosRange≤1.11.0

dellcpg_biosRange≤1.20.0

dellcpg_biosRange≤1.9.0

dellcpg_biosRange≤3.20.0

dellcpg_biosRange≤1.17.0

VendorProductVersionCPE
dellcpg_bios*cpe:2.3:o:dell:cpg_bios:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	cpg_bios	*	cpe:2.3:o:dell:cpg_bios::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "CPG BIOS",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "1.28.0",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      },
      {
        "lessThan": "1.27.1",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      },
      {
        "lessThan": "1.24.0",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      },
      {
        "lessThan": "1.12.0",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      },
      {
        "lessThan": "1.32.0",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      },
      {
        "lessThan": "1.26.0",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      },
      {
        "lessThan": "1.27.0",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      },
      {
        "lessThan": "1.11.0",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      },
      {
        "lessThan": "1.20.0",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      },
      {
        "lessThan": "1.9.0",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      },
      {
        "lessThan": "3.20.0",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      },
      {
        "lessThan": "1.17.0",
        "status": "affected",
        "version": "N/A",
        "versionType": "semver"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000220410/dsa-2023-467

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

AI Score

6.4

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2023-48674