CVE-2013-3582 - Vulnerability Details

Buffer overflow in Dell BIOS on Dell Latitude D###, E####, XT2, and Z600 devices, and Dell Precision M#### devices, allows local users to bypass intended BIOS signing requirements and install arbitrary BIOS images by leveraging administrative privileges and providing a crafted rbu_packet.pktNum value in conjunction with a crafted rbu_packet.pktSize value.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dell	Latitude D530 Latitude D531 Latitude D630 Latitude D631 Latitude D830 Latitude E4200 Latitude E4300 Latitude E5400 Latitude E5500 Latitude E6400 Latitude E6400 Atg Latitude E6400 Atg Xfr Latitude E6500 Latitude Xt2 Latitude Z600 Precision M2300 Precision M2400 Precision M4300 Precision M4400 Precision M6300 Precision M6400 Precision M6500

Configuration 1 [-]

OR	cpe:2.3:h:dell:latitude_d530:-:::::::*
	cpe:2.3:h:dell:latitude_d531:-:::::::*
	cpe:2.3:h:dell:latitude_d630:-:::::::*
	cpe:2.3:h:dell:latitude_d631:-:::::::*
	cpe:2.3:h:dell:latitude_d830:-:::::::*
	cpe:2.3:h:dell:latitude_e4200:-:::::::*
	cpe:2.3:h:dell:latitude_e4300:-:::::::*
	cpe:2.3:h:dell:latitude_e5400:-:::::::*
	cpe:2.3:h:dell:latitude_e5500:-:::::::*
	cpe:2.3:h:dell:latitude_e6400:-:::::::*
	cpe:2.3:h:dell:latitude_e6400_atg:-:::::::*
	cpe:2.3:h:dell:latitude_e6400_atg_xfr:-:::::::*
	cpe:2.3:h:dell:latitude_e6500:-:::::::*
	cpe:2.3:h:dell:latitude_xt2:-:::::::*
	cpe:2.3:h:dell:latitude_z600:-:::::::*
	cpe:2.3:h:dell:precision_m2300:-:::::::*
	cpe:2.3:h:dell:precision_m2400:-:::::::*
	cpe:2.3:h:dell:precision_m4300:-:::::::*
	cpe:2.3:h:dell:precision_m4400:-:::::::*
	cpe:2.3:h:dell:precision_m6300:-:::::::*
	cpe:2.3:h:dell:precision_m6400:-:::::::*
	cpe:2.3:h:dell:precision_m6500:-:::::::*

No data.

References

Link	Providers
http://www.kb.cert.org/vuls/id/912156
http://www.kb.cert.org/vuls/id/BLUU-99HSLA
https://media.blackhat.com/us-13/US-13-Butterworth-BIOS-Security-Slides.pdf
https://media.blackhat.com/us-13/US-13-Butterworth-BIOS-Security-WP.pdf
https://www.blackhat.com/us-13/archives.html#Butterworth

History

No history.

MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2013-08-28T10:00:00Z

Updated: 2024-09-17T03:43:31.413Z

Reserved: 2013-05-21T00:00:00Z

Link: CVE-2013-3582

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-08-28T13:13:58.223

Modified: 2024-11-21T01:53:55.670

Link: CVE-2013-3582

Redhat

No data.

Metrics

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object