Lucene search

DellCVELIST:CVE-2023-32461

HistorySep 15, 2023 - 6:56 a.m.

CVE-2023-32461

2023-09-1506:56:54

CWE-122

dell

www.cve.org

dell poweredge bios

dell precision bios

buffer overflow vulnerability

local malicious user

high privileges

memory corruption

privilege escalation

cve-2023-32461

5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L

0.0004 Low

EPSS

Percentile

9.1%

JSON

Dell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, leading to corrupt memory and potentially escalate privileges.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "packageName": "BIOS",
    "platforms": [
      "PowerEdge R660",
      "PowerEdge R760",
      "PowerEdge C6620",
      "PowerEdge MX760c",
      "PowerEdge R860",
      "PowerEdge R960",
      "PowerEdge HS5610",
      "PowerEdge HS5620",
      "PowerEdge R660xs",
      "PowerEdge R760xs",
      "PowerEdge R760xd2",
      "PowerEdge T560",
      "PowerEdge R760xa",
      "PowerEdge XE9680",
      "PowerEdge XR5610",
      "PowerEdge XR8620t",
      "PowerEdge XR7620",
      "PowerEdge XE8640",
      "PowerEdge R6615",
      "PowerEdge R7615",
      "PowerEdge R6625",
      "PowerEdge R7625",
      "PowerEdge R650",
      "PowerEdge R750",
      "PowerEdge R750XA",
      "PowerEdge C6520",
      "PowerEdge MX750C",
      "PowerEdge R550",
      "PowerEdge R450",
      "PowerEdge R650XS",
      "PowerEdge R750XS",
      "PowerEdge T550",
      "PowerEdge XR11",
      "PowerEdge XR12",
      "PowerEdge T150",
      "PowerEdge T350",
      "PowerEdge R250",
      "PowerEdge R350",
      "PowerEdge XR4510c",
      "PowerEdge XR4520c",
      "PowerEdge R6515",
      "PowerEdge R6525",
      "PowerEdge R7515",
      "PowerEdge R7525",
      "PowerEdge C6525",
      "PowerEdge XE8545",
      "Dell EMC XC Core XC450",
      "Dell EMC XC Core XC650",
      "Dell EMC XC Core XC750",
      "Dell EMC XC Core XC750xa",
      "Dell EMC XC Core XC6520",
      "Dell EMC XC Core XC7525"
    ],
    "product": "PowerEdge Platform",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": "Versions prior to 1.5.6"
      },
      {
        "status": "affected",
        "version": "Versions prior to 1.1.3"
      },
      {
        "status": "affected",
        "version": "Versions prior to 1.1.4"
      },
      {
        "status": "affected",
        "version": "Versions prior to 1.2.5"
      },
      {
        "status": "affected",
        "version": "Versions prior to 1.3.11"
      },
      {
        "status": "affected",
        "version": "Versions prior to 1.10.2"
      },
      {
        "status": "affected",
        "version": "Versions prior to 1.6.3"
      },
      {
        "status": "affected",
        "version": "Versions prior to 1.10.4"
      },
      {
        "status": "affected",
        "version": "Versions prior to 2.11.4"
      },
      {
        "status": "affected",
        "version": "Versions prior to 2.11.3"
      },
      {
        "status": "affected",
        "version": "Versions prior to Before 1.11.2"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000216543/dsa-2023-292-security-update-for-dell-poweredge-server-bios-vulnerability

5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2023-32461