{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-44298", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2023-09-28T09:44:52.814Z", "datePublished": "2023-12-05T15:57:54.738Z", "dateUpdated": "2024-08-02T19:59:51.962Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["PowerEdge R660", "PowerEdge R760", "PowerEdge C6620", "PowerEdge MX760c", "PowerEdge R860", "PowerEdge R960", "PowerEdge HS5610", "PowerEdge HS5620", "PowerEdge R660xs", "PowerEdge R760xs", "PowerEdge R760xd2", "PowerEdge T560", "PowerEdge R760xa"], "product": "PowerEdge BIOS", "vendor": "Dell", "versions": [{"status": "affected", "version": "Version 1.4.4"}]}], "datePublic": "2023-12-04T06:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information tampering, code execution, denial of service.</span>\n\n"}], "value": "\nDell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information tampering, code execution, denial of service.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "LOW", "baseScore": 3.6, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1234", "description": "CWE-1234: Hardware Internal or Debug Modes Allow Override of Locks", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2023-12-05T15:57:54.738Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000220047/dsa-2023-429-security-update-for-dell-16g-poweredge-server-bios-for-a-debug-code-security-vulnerability"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:59:51.962Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.dell.com/support/kbdoc/en-us/000220047/dsa-2023-429-security-update-for-dell-16g-poweredge-server-bios-for-a-debug-code-security-vulnerability"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_r660_firmware:1.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "A9F11A33-BA61-4554-A0B2-8F789EA8BE3C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_r660:-:*:*:*:*:*:*:*", "matchCriteriaId": "86AC134C-EFB7-46B8-B60F-5BD2663D7168", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_r760_firmware:1.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "C301E8C7-01F7-4CBE-8666-74C0FD0BD58E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_r760:-:*:*:*:*:*:*:*", "matchCriteriaId": "89E8485C-4298-4DA0-95AD-50C21BC2C798", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_c6620_firmware:1.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "18D7C139-E796-4361-9FE6-530D154D7062", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_c6620:-:*:*:*:*:*:*:*", "matchCriteriaId": "D360EB7D-5AB4-483C-BF00-53473B2D8AF4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_mx760c_firmware:1.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "65443057-DC40-47A6-B739-E5984B7AEC43", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_mx760c:-:*:*:*:*:*:*:*", "matchCriteriaId": "2670A942-4200-46F2-A4FC-6D2F0E2074B9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_r860_firmware:1.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "1AC33C77-1C2C-4E44-A60F-14AE343666F8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_r860:-:*:*:*:*:*:*:*", "matchCriteriaId": "B53D6488-A6E3-4505-8093-8232DC4219BD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_r960_firmware:1.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "9881FD7F-DA34-47F2-840B-929226E0D1CC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_r960:-:*:*:*:*:*:*:*", "matchCriteriaId": "D5B42153-ED7B-433A-9070-9CAC972322BA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_hs5610_firmware:1.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "2B1E8504-EF8A-47D0-9762-5E944DD1ECDF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_hs5610:-:*:*:*:*:*:*:*", "matchCriteriaId": "08A9C14A-7D1A-4724-BBBD-62FC4C66FCE1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_hs5620_firmware:1.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "29F3D281-2810-4663-BD0F-F4EA67B1A321", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_hs5620:-:*:*:*:*:*:*:*", "matchCriteriaId": "447BE381-9C9B-4339-B308-71D90DB60294", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_r660xs_firmware:1.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "1E9ADAB6-42D2-44DE-8C0C-6DC4166DA705", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_r660xs:-:*:*:*:*:*:*:*", "matchCriteriaId": "17FF7F29-F169-49B5-BEBA-6F20E3CDF1E6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_r760xs_firmware:1.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "A99A3EEE-20D7-4E99-98FE-99012DA2393B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_r760xs:-:*:*:*:*:*:*:*", "matchCriteriaId": "B3364A3E-BA9B-4588-89E5-A2C6C17B5D97", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_r760xd2_firmware:1.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "D5992CD2-83BA-4941-B3FF-42144036325E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_r760xd2:-:*:*:*:*:*:*:*", "matchCriteriaId": "B21CBCD8-266A-4BCD-933D-2EF5F479B119", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_t560_firmware:1.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "033EB4DA-6B83-436C-AD42-63605EED7324", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_t560:-:*:*:*:*:*:*:*", "matchCriteriaId": "D4A86D53-1352-48FB-A26A-C898B2C6425E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_r760xa_firmware:1.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "3310CC98-2D26-42EF-8E10-13F2EB0D4FDB", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_r760xa:-:*:*:*:*:*:*:*", "matchCriteriaId": "62603619-611F-4343-B75E-D45C50D1EA2F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "\nDell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information tampering, code execution, denial of service.\n\n"}, {"lang": "es", "value": "Las plataformas Dell PowerEdge 16G Intel E5 BIOS y Dell Precision BIOS, versi\u00f3n 1.4.4, contienen una vulnerabilidad de seguridad de c\u00f3digo de depuraci\u00f3n activa. Un atacante f\u00edsico no autenticado podr\u00eda explotar esta vulnerabilidad, lo que provocar\u00eda manipulaci\u00f3n de informaci\u00f3n, ejecuci\u00f3n de c\u00f3digo y denegaci\u00f3n de servicio."}], "id": "CVE-2023-44298", "lastModified": "2024-11-21T08:25:37.030", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "LOW", "baseScore": 3.6, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 2.7, "source": "security_alert@emc.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-12-05T16:15:07.333", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000220047/dsa-2023-429-security-update-for-dell-16g-poweredge-server-bios-for-a-debug-code-security-vulnerability"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000220047/dsa-2023-429-security-update-for-dell-16g-poweredge-server-bios-for-a-debug-code-security-vulnerability"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1234"}], "source": "security_alert@emc.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-667"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}