CVE-2023-39251 - Vulnerability Details

Dell BIOS contains an Improper Input Validation vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability in order to corrupt memory on the system.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00035.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Dell

CPG BIOS

unaffected

Version	Status	Constraints
`Versions prior to 1.20.0`	affected	—
`Versions prior to 1.23.0`	affected	—
`Versions prior to 1.27.0`	affected	—
`Versions prior to 1.25.0`	affected	—
`Versions prior to 1.24.0`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:dell:inspiron_7510_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_7510:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:dell:inspiron_7610_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_7610:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:dell:latitude_5430_rugged_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:latitude_5430_rugged:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:dell:latitude_5521_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:latitude_5521:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:dell:latitude_7330_rugged_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:latitude_7330_rugged:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:dell:precision_3561_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:precision_3561:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:dell:precision_5560_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:precision_5560:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:dell:precision_5760_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:precision_5760:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:dell:precision_7560_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:precision_7560:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:dell:precision_7760_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:precision_7760:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:dell:vostro_7510_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vostro_7510:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:dell:xps_15_9510_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:xps_15_9510:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:dell:xps_17_9710_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:xps_17_9710:-:*:*:*:*:*:*:*

No data.

Project Subscriptions

Vendors	Products
Dell Subscribe	Inspiron 7510 Subscribe Inspiron 7510 Firmware Subscribe Inspiron 7610 Subscribe Inspiron 7610 Firmware Subscribe Latitude 5430 Rugged Subscribe Latitude 5430 Rugged Firmware Subscribe Latitude 5521 Subscribe Latitude 5521 Firmware Subscribe Latitude 7330 Rugged Subscribe Latitude 7330 Rugged Firmware Subscribe Precision 3561 Subscribe Precision 3561 Firmware Subscribe Precision 5560 Subscribe Precision 5560 Firmware Subscribe Precision 5760 Subscribe Precision 5760 Firmware Subscribe Precision 7560 Subscribe Precision 7560 Firmware Subscribe Precision 7760 Subscribe Precision 7760 Firmware Subscribe Vostro 7510 Subscribe Vostro 7510 Firmware Subscribe Xps 15 9510 Subscribe Xps 15 9510 Firmware Subscribe Xps 17 9710 Subscribe Xps 17 9710 Firmware Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2023-42985	Dell BIOS contains an Improper Input Validation vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability in order to corrupt memory on the system.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.dell.com/support/kbdoc/en-us/000217707/dsa-2023-342

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2023-12-22T17:55:18.705Z

Updated: 2024-08-02T18:02:06.678Z

Reserved: 2023-07-26T08:15:44.773Z

Link: CVE-2023-39251

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-12-22T18:15:07.317

Modified: 2024-11-21T08:14:59.697

Link: CVE-2023-39251

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact Low

User Interaction None

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object