{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-39251", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2023-07-26T08:15:44.773Z", "datePublished": "2023-12-22T17:55:18.705Z", "dateUpdated": "2024-08-02T18:02:06.678Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Inspiron 7510", "Inspiron 7610", "Latitude 5430 Rugged Laptop", "Latitude 5521", "Latitude 7330 Rugged Laptop", "Precision 3561", "Precision 5560", "Precision 5760", "Precision 7560", "Precision 7760", "Vostro 7510", "XPS 15 9510", "XPS 17 9710"], "product": "CPG BIOS", "vendor": "Dell", "versions": [{"status": "affected", "version": "Versions prior to 1.20.0"}, {"status": "affected", "version": "Versions prior to 1.23.0"}, {"status": "affected", "version": "Versions prior to 1.27.0"}, {"status": "affected", "version": "Versions prior to 1.25.0"}, {"status": "affected", "version": "Versions prior to 1.24.0"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Dell Technologies would like to thank Eason for reporting this issue."}], "datePublic": "2023-12-19T06:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Dell BIOS contains an Improper Input Validation vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability in order to corrupt memory on the system.</span>\n\n"}], "value": "\nDell BIOS contains an Improper Input Validation vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability in order to corrupt memory on the system.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20: Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2023-12-22T17:55:18.705Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000217707/dsa-2023-342"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:02:06.678Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.dell.com/support/kbdoc/en-us/000217707/dsa-2023-342"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:inspiron_7510_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7CCD50FE-E4F3-48E3-A0D1-B9347E7414B5", "versionEndExcluding": "1.20.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:inspiron_7510:-:*:*:*:*:*:*:*", "matchCriteriaId": "2793ECA0-0C7B-41A1-BC9B-F388D6E6B8B9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:inspiron_7610_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D1AC697E-9535-42E1-AAF7-6A59A270B38B", "versionEndExcluding": "1.20.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:inspiron_7610:-:*:*:*:*:*:*:*", "matchCriteriaId": "FD64EB37-6B29-432A-A698-302F7CEE6E39", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:latitude_5430_rugged_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9A289588-85FE-419E-BB73-D92A7214E825", "versionEndExcluding": "1.23.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:latitude_5430_rugged:-:*:*:*:*:*:*:*", "matchCriteriaId": "706F3E4E-57D8-4F01-AE71-C71B19D42FAE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:latitude_5521_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6E48645B-5253-4617-811A-70FD13BC34E9", "versionEndExcluding": "1.27.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:latitude_5521:-:*:*:*:*:*:*:*", "matchCriteriaId": "1BA0B010-1BD4-4D73-A67A-F89694606BAB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:latitude_7330_rugged_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EA3DD9BB-F853-456E-B1A2-BEB1815B1999", "versionEndExcluding": "1.23.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:latitude_7330_rugged:-:*:*:*:*:*:*:*", "matchCriteriaId": "9E66577E-7CA6-4D09-81C2-55CD31C228E2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:precision_3561_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "348FF513-FBFC-4D76-A2C9-91E7799AC13F", "versionEndExcluding": "1.27.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:precision_3561:-:*:*:*:*:*:*:*", "matchCriteriaId": "464062AC-12E9-4EF6-A20B-71DF0DA4AC60", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:precision_5560_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "00E7FB25-485A-497F-AE83-0F51CD629BD0", "versionEndExcluding": "1.25.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:precision_5560:-:*:*:*:*:*:*:*", "matchCriteriaId": "5574BCEC-24B9-4C6C-8918-968972E39513", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:precision_5760_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3743575A-B225-46D5-912C-27880F5E7787", "versionEndExcluding": "1.24.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:precision_5760:-:*:*:*:*:*:*:*", "matchCriteriaId": "EDFA9122-5B13-4653-AF92-751EB72F40F6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:precision_7560_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "682A12DB-0554-47AF-AFA6-41A29374BFC5", "versionEndExcluding": "1.27.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:precision_7560:-:*:*:*:*:*:*:*", "matchCriteriaId": "23528F3E-4F26-4C23-BA0B-629597AD1991", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:precision_7760_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C7E722FD-30B9-4028-9528-CDB5B8C91667", "versionEndExcluding": "1.27.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:precision_7760:-:*:*:*:*:*:*:*", "matchCriteriaId": "D9DBAAF4-D6A8-4447-B592-DC27609B373F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:vostro_7510_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5F08CB51-37EE-4C85-B27A-6077E4B99F74", "versionEndExcluding": "1.20.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:vostro_7510:-:*:*:*:*:*:*:*", "matchCriteriaId": "FA54293A-A09E-4089-B86B-B49616F01AF2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:xps_15_9510_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "69263598-26EC-4484-864A-72BD4504779C", "versionEndExcluding": "1.25.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:xps_15_9510:-:*:*:*:*:*:*:*", "matchCriteriaId": "C80D4578-6ABA-4E78-B8CB-385968AD2D75", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:xps_17_9710_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4F6D8A92-39F3-4A02-8D07-CF271F3DA054", "versionEndExcluding": "1.24.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:xps_17_9710:-:*:*:*:*:*:*:*", "matchCriteriaId": "EF4DACC8-3DBD-442D-807D-6A5AFDF00B56", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "\nDell BIOS contains an Improper Input Validation vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability in order to corrupt memory on the system.\n\n"}, {"lang": "es", "value": "Dell BIOS contiene una vulnerabilidad de validaci\u00f3n de entrada incorrecta. Un usuario malicioso local con altos privilegios podr\u00eda explotar esta vulnerabilidad para da\u00f1ar la memoria del sistema."}], "id": "CVE-2023-39251", "lastModified": "2024-11-21T08:14:59.697", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 4.7, "source": "security_alert@emc.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-12-22T18:15:07.317", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000217707/dsa-2023-342"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000217707/dsa-2023-342"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "security_alert@emc.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}