Dell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, leading to corrupt memory and potentially escalate privileges.  

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00065.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Dell PowerEdge Platform unaffected
Version Status Constraints
Versions prior to 1.5.6 affected
Versions prior to 1.1.3 affected
Versions prior to 1.1.4 affected
Versions prior to 1.2.5 affected
Versions prior to 1.3.11 affected
Versions prior to 1.10.2 affected
Versions prior to 1.6.3 affected
Versions prior to 1.10.4 affected
Versions prior to 2.11.4 affected
Versions prior to 2.11.3 affected
Versions prior to Before 1.11.2 affected

Configuration 1 [-]

AND
cpe:2.3:o:dell:poweredge_r660_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r660:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:dell:poweredge_r760_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r760:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:dell:poweredge_c6620_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_c6620:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:dell:poweredge_mx760c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_mx760c:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:dell:poweredge_r860_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r860:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:dell:poweredge_r960_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r960:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:dell:poweredge_hs5610_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_hs5610:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:dell:poweredge_hs5620_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_hs5620:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:dell:poweredge_r660xs_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r660xs:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:dell:poweredge_r760xs_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r760xs:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:dell:poweredge_r760xd2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r760xd2:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:dell:poweredge_t560_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_t560:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:dell:poweredge_r760xa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r760xa:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:dell:poweredge_xe9680_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_xe9680:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:dell:poweredge_xr5610_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_xr5610:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:dell:poweredge_xr8620t_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_xr8620t:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
cpe:2.3:o:dell:poweredge_xr7620_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_xr7620:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND
cpe:2.3:o:dell:poweredge_xe8640_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_xe8640:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND
cpe:2.3:o:dell:poweredge_r6615_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r6615:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND
cpe:2.3:o:dell:poweredge_r7615_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r7615:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND
cpe:2.3:o:dell:poweredge_r6625_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r6625:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND
cpe:2.3:o:dell:poweredge_r7625_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r7625:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND
cpe:2.3:o:dell:poweredge_r650_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r650:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND
cpe:2.3:o:dell:poweredge_r750_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r750:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND
cpe:2.3:o:dell:poweredge_r750xa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r750xa:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND
cpe:2.3:o:dell:poweredge_c6520_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_c6520:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND
cpe:2.3:o:dell:poweredge_mx750c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_mx750c:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND
cpe:2.3:o:dell:poweredge_r550_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r550:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND
cpe:2.3:o:dell:poweredge_r450_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r450:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND
cpe:2.3:o:dell:poweredge_r650xs_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r650xs:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND
cpe:2.3:o:dell:poweredge_r750xs_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r750xs:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND
cpe:2.3:o:dell:poweredge_t550_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_t550:-:*:*:*:*:*:*:*

Configuration 33 [-]

AND
cpe:2.3:o:dell:poweredge_xr11_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_xr11:-:*:*:*:*:*:*:*

Configuration 34 [-]

AND
cpe:2.3:o:dell:poweredge_xr12_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_xr12:-:*:*:*:*:*:*:*

Configuration 35 [-]

AND
cpe:2.3:o:dell:poweredge_t150_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_t150:-:*:*:*:*:*:*:*

Configuration 36 [-]

AND
cpe:2.3:o:dell:poweredge_t350_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_t350:-:*:*:*:*:*:*:*

Configuration 37 [-]

AND
cpe:2.3:o:dell:poweredge_r250_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r250:-:*:*:*:*:*:*:*

Configuration 38 [-]

AND
cpe:2.3:o:dell:poweredge_r350_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r350:-:*:*:*:*:*:*:*

Configuration 39 [-]

AND
cpe:2.3:o:dell:poweredge_xr4510c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_xr4510c:-:*:*:*:*:*:*:*

Configuration 40 [-]

AND
OR cpe:2.3:o:dell:poweredge_xr4520c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:poweredge_xr4520c_firmware:1.10.4:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_xr4520c:-:*:*:*:*:*:*:*

Configuration 41 [-]

AND
cpe:2.3:o:dell:poweredge_r6515_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r6515:-:*:*:*:*:*:*:*

Configuration 42 [-]

AND
cpe:2.3:o:dell:poweredge_r6525_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r6525:-:*:*:*:*:*:*:*

Configuration 43 [-]

AND
cpe:2.3:o:dell:poweredge_r7515_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r7515:-:*:*:*:*:*:*:*

Configuration 44 [-]

AND
cpe:2.3:o:dell:poweredge_r7525_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r7525:-:*:*:*:*:*:*:*

Configuration 45 [-]

AND
cpe:2.3:o:dell:poweredge_c6525_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_c6525:-:*:*:*:*:*:*:*

Configuration 46 [-]

AND
cpe:2.3:o:dell:poweredge_xe8545_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_xe8545:-:*:*:*:*:*:*:*

Configuration 47 [-]

AND
cpe:2.3:o:dell:emc_xc_core_xc450_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:emc_xc_core_xc450:-:*:*:*:*:*:*:*

Configuration 48 [-]

AND
cpe:2.3:o:dell:emc_xc_core_xc650_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:emc_xc_core_xc650:-:*:*:*:*:*:*:*

Configuration 49 [-]

AND
cpe:2.3:o:dell:emc_xc_core_xc750_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:emc_xc_core_xc750:-:*:*:*:*:*:*:*

Configuration 50 [-]

AND
cpe:2.3:o:dell:emc_xc_core_xc750xa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:emc_xc_core_xc750xa:-:*:*:*:*:*:*:*

Configuration 51 [-]

AND
cpe:2.3:o:dell:emc_xc_core_xc6520_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:emc_xc_core_xc6520:-:*:*:*:*:*:*:*

Configuration 52 [-]

AND
cpe:2.3:o:dell:emc_xc_core_xc7525_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:emc_xc_core_xc7525:-:*:*:*:*:*:*:*

No data.

No data.

Project Subscriptions

Vendors Products
Dell Subscribe
Emc Xc Core Xc450 Subscribe
Emc Xc Core Xc450 Firmware Subscribe
Emc Xc Core Xc650 Subscribe
Emc Xc Core Xc650 Firmware Subscribe
Emc Xc Core Xc6520 Subscribe
Emc Xc Core Xc6520 Firmware Subscribe
Emc Xc Core Xc750 Subscribe
Emc Xc Core Xc750 Firmware Subscribe
Emc Xc Core Xc750xa Subscribe
Emc Xc Core Xc750xa Firmware Subscribe
Emc Xc Core Xc7525 Subscribe
Emc Xc Core Xc7525 Firmware Subscribe
Poweredge C6520 Subscribe
Poweredge C6520 Firmware Subscribe
Poweredge C6525 Subscribe
Poweredge C6525 Firmware Subscribe
Poweredge C6620 Subscribe
Poweredge C6620 Firmware Subscribe
Poweredge Hs5610 Subscribe
Poweredge Hs5610 Firmware Subscribe
Poweredge Hs5620 Subscribe
Poweredge Hs5620 Firmware Subscribe
Poweredge Mx750c Subscribe
Poweredge Mx750c Firmware Subscribe
Poweredge Mx760c Subscribe
Poweredge Mx760c Firmware Subscribe
Poweredge R250 Subscribe
Poweredge R250 Firmware Subscribe
Poweredge R350 Subscribe
Poweredge R350 Firmware Subscribe
Poweredge R450 Subscribe
Poweredge R450 Firmware Subscribe
Poweredge R550 Subscribe
Poweredge R550 Firmware Subscribe
Poweredge R650 Subscribe
Poweredge R650 Firmware Subscribe
Poweredge R650xs Subscribe
Poweredge R650xs Firmware Subscribe
Poweredge R6515 Subscribe
Poweredge R6515 Firmware Subscribe
Poweredge R6525 Subscribe
Poweredge R6525 Firmware Subscribe
Poweredge R660 Subscribe
Poweredge R660 Firmware Subscribe
Poweredge R660xs Subscribe
Poweredge R660xs Firmware Subscribe
Poweredge R6615 Subscribe
Poweredge R6615 Firmware Subscribe
Poweredge R6625 Subscribe
Poweredge R6625 Firmware Subscribe
Poweredge R750 Subscribe
Poweredge R750 Firmware Subscribe
Poweredge R750xa Subscribe
Poweredge R750xa Firmware Subscribe
Poweredge R750xs Subscribe
Poweredge R750xs Firmware Subscribe
Poweredge R7515 Subscribe
Poweredge R7515 Firmware Subscribe
Poweredge R7525 Subscribe
Poweredge R7525 Firmware Subscribe
Poweredge R760 Subscribe
Poweredge R760 Firmware Subscribe
Poweredge R760xa Subscribe
Poweredge R760xa Firmware Subscribe
Poweredge R760xd2 Subscribe
Poweredge R760xd2 Firmware Subscribe
Poweredge R760xs Subscribe
Poweredge R760xs Firmware Subscribe
Poweredge R7615 Subscribe
Poweredge R7615 Firmware Subscribe
Poweredge R7625 Subscribe
Poweredge R7625 Firmware Subscribe
Poweredge R860 Subscribe
Poweredge R860 Firmware Subscribe
Poweredge R960 Subscribe
Poweredge R960 Firmware Subscribe
Poweredge T150 Subscribe
Poweredge T150 Firmware Subscribe
Poweredge T350 Subscribe
Poweredge T350 Firmware Subscribe
Poweredge T550 Subscribe
Poweredge T550 Firmware Subscribe
Poweredge T560 Subscribe
Poweredge T560 Firmware Subscribe
Poweredge Xe8545 Subscribe
Poweredge Xe8545 Firmware Subscribe
Poweredge Xe8640 Subscribe
Poweredge Xe8640 Firmware Subscribe
Poweredge Xe9680 Subscribe
Poweredge Xe9680 Firmware Subscribe
Poweredge Xr11 Subscribe
Poweredge Xr11 Firmware Subscribe
Poweredge Xr12 Subscribe
Poweredge Xr12 Firmware Subscribe
Poweredge Xr4510c Subscribe
Poweredge Xr4510c Firmware Subscribe
Poweredge Xr4520c Subscribe
Poweredge Xr4520c Firmware Subscribe
Poweredge Xr5610 Subscribe
Poweredge Xr5610 Firmware Subscribe
Poweredge Xr7620 Subscribe
Poweredge Xr7620 Firmware Subscribe
Poweredge Xr8620t Subscribe
Poweredge Xr8620t Firmware Subscribe
Advisories
Source ID Title
EUVD EUVD EUVD-2023-36705 Dell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, leading to corrupt memory and potentially escalate privileges.  
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://www.dell.com/support/kbdoc/en-us/000216543/dsa-2023-292-security-update-for-dell-poweredge-server-bios-vulnerability cve-icon cve-icon
History

Wed, 25 Sep 2024 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2024-09-25T14:12:53.858Z

Reserved: 2023-05-09T06:05:24.994Z

Link: CVE-2023-32461

cve-icon Vulnrichment

Updated: 2024-08-02T15:18:37.226Z

cve-icon NVD

Status : Modified

Published: 2023-09-15T07:15:09.550

Modified: 2024-11-21T08:03:23.967

Link: CVE-2023-32461

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses