CVE-2023-39251 - OpenCVE

Dell BIOS contains an Improper Input Validation vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability in order to corrupt memory on the system.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dell	Inspiron 7510 Inspiron 7510 Firmware Inspiron 7610 Inspiron 7610 Firmware Latitude 5430 Rugged Latitude 5430 Rugged Firmware Latitude 5521 Latitude 5521 Firmware Latitude 7330 Rugged Latitude 7330 Rugged Firmware Precision 3561 Precision 3561 Firmware Precision 5560 Precision 5560 Firmware Precision 5760 Precision 5760 Firmware Precision 7560 Precision 7560 Firmware Precision 7760 Precision 7760 Firmware Vostro 7510 Vostro 7510 Firmware Xps 15 9510 Xps 15 9510 Firmware Xps 17 9710 Xps 17 9710 Firmware

Configuration 1 [-]

AND

cpe:2.3:h:dell:inspiron_7510:-:*:*:*:*:*:*:*

cpe:2.3:o:dell:inspiron_7510_firmware:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:dell:inspiron_7610:-:*:*:*:*:*:*:*

cpe:2.3:o:dell:inspiron_7610_firmware:*:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:h:dell:latitude_5430_rugged:-:*:*:*:*:*:*:*

cpe:2.3:o:dell:latitude_5430_rugged_firmware:*:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:h:dell:latitude_5521:-:*:*:*:*:*:*:*

cpe:2.3:o:dell:latitude_5521_firmware:*:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:h:dell:latitude_7330_rugged:-:*:*:*:*:*:*:*

cpe:2.3:o:dell:latitude_7330_rugged_firmware:*:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:h:dell:precision_3561:-:*:*:*:*:*:*:*

cpe:2.3:o:dell:precision_3561_firmware:*:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:h:dell:precision_5560:-:*:*:*:*:*:*:*

cpe:2.3:o:dell:precision_5560_firmware:*:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:h:dell:precision_5760:-:*:*:*:*:*:*:*

cpe:2.3:o:dell:precision_5760_firmware:*:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:dell:precision_7560_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:precision_7560:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:dell:precision_7760_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:precision_7760:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:dell:vostro_7510_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vostro_7510:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:dell:xps_15_9510_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:xps_15_9510:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:dell:xps_17_9710_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:xps_17_9710:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.dell.com/support/kbdoc/en-us/000217707/dsa-2023-342

History

No history.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2023-12-22T17:55:18.705Z

Updated: 2024-08-02T18:02:06.678Z

Reserved: 2023-07-26T08:15:44.773Z

Link: CVE-2023-39251

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-12-22T18:15:07.317

Modified: 2024-02-20T18:50:54.943

Link: CVE-2023-39251

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact Low

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact Low

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object