CVE-2023-32453 | ByteOS Network

Vulnerability Details :

CVE-2023-32453

Assigner-dell

Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe

Published At-16 Aug, 2023 | 19:22

Updated At-02 Oct, 2024 | 16:01

Dell BIOS contains an improper authentication vulnerability. A malicious user with physical access to the system may potentially exploit this vulnerability in order to modify a security-critical UEFI variable without knowledge of the BIOS administrator.

EPSS History

Score

Latest Score

-

N/A

Percentile

Latest Percentile

-

N/A

▼Common Vulnerabilities and Exposures (CVE)

Assigner:dell

Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe

Published At:16 Aug, 2023 | 19:22

Updated At:02 Oct, 2024 | 16:01

▼CVE Numbering Authority (CNA)

Dell BIOS contains an improper authentication vulnerability. A malicious user with physical access to the system may potentially exploit this vulnerability in order to modify a security-critical UEFI variable without knowledge of the BIOS administrator.

Affected Products

Vendor

Product

Default Status

unaffected

Versions

Affected

All versions

Problem Types

Type	CWE ID	Description
CWE	CWE-287	CWE-287: Improper Authentication

Type: CWE

CWE ID: CWE-287

Description: CWE-287: Improper Authentication

Metrics

Version	Base score	Base severity	Vector
3.1	4.6	MEDIUM	CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L

Version: 3.1

Base score: 4.6

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L

References

Hyperlink	Resource
https://www.dell.com/support/kbdoc/en-us/000215217/dsa-2023-190-dell-client-bios	vendor-advisory

Hyperlink: https://www.dell.com/support/kbdoc/en-us/000215217/dsa-2023-190-dell-client-bios

Resource:

vendor-advisory

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
https://www.dell.com/support/kbdoc/en-us/000215217/dsa-2023-190-dell-client-bios	vendor-advisory x_transferred

Hyperlink: https://www.dell.com/support/kbdoc/en-us/000215217/dsa-2023-190-dell-client-bios

Resource:

vendor-advisory

x_transferred

2. CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

Source:security_alert@emc.com

Published At:16 Aug, 2023 | 20:15

Updated At:23 Aug, 2023 | 16:37

Dell BIOS contains an improper authentication vulnerability. A malicious user with physical access to the system may potentially exploit this vulnerability in order to modify a security-critical UEFI variable without knowledge of the BIOS administrator.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	3.9	LOW	CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Secondary	3.1	4.6	MEDIUM	CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L

Type: Primary

Version: 3.1

Base score: 3.9

Base severity: LOW

Vector:

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Type: Secondary

Version: 3.1

Base score: 4.6

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L

CPE Matches

>>alienware_m15_r7_firmware>>Versions before 1.18.0(exclusive)

cpe:2.3:o:dell:alienware_m15_r7_firmware:*:*:*:*:*:*:*:*

>>alienware_m15_r7>>-

cpe:2.3:h:dell:alienware_m15_r7:-:*:*:*:*:*:*:*

>>alienware_m16_firmware>>Versions before 1.10.1(exclusive)

cpe:2.3:o:dell:alienware_m16_firmware:*:*:*:*:*:*:*:*

>>alienware_m16>>-

cpe:2.3:h:dell:alienware_m16:-:*:*:*:*:*:*:*

>>alienware_m18_firmware>>Versions before 1.10.1(exclusive)

cpe:2.3:o:dell:alienware_m18_firmware:*:*:*:*:*:*:*:*

>>alienware_m18>>-

cpe:2.3:h:dell:alienware_m18:-:*:*:*:*:*:*:*

>>chengming_3900_firmware>>Versions before 1.15.0(exclusive)

cpe:2.3:o:dell:chengming_3900_firmware:*:*:*:*:*:*:*:*

>>chengming_3900>>-

cpe:2.3:h:dell:chengming_3900:-:*:*:*:*:*:*:*

>>chengming_3901_firmware>>Versions before 1.15.0(exclusive)

cpe:2.3:o:dell:chengming_3901_firmware:*:*:*:*:*:*:*:*

>>chengming_3901>>-

cpe:2.3:h:dell:chengming_3901:-:*:*:*:*:*:*:*

>>chengming_3910_firmware>>Versions before 1.6.0(exclusive)

cpe:2.3:o:dell:chengming_3910_firmware:*:*:*:*:*:*:*:*

>>chengming_3910>>-

cpe:2.3:h:dell:chengming_3910:-:*:*:*:*:*:*:*

>>chengming_3911_firmware>>Versions before 1.6.0(exclusive)

cpe:2.3:o:dell:chengming_3911_firmware:*:*:*:*:*:*:*:*

>>chengming_3911>>-

cpe:2.3:h:dell:chengming_3911:-:*:*:*:*:*:*:*

>>g15_5520_firmware>>Versions before 1.18.0(exclusive)

cpe:2.3:o:dell:g15_5520_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:g15_5520:-:*:*:*:*:*:*:*

>>g16_7620_firmware>>Versions before 1.18.0(exclusive)

cpe:2.3:o:dell:g16_7620_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:g16_7620:-:*:*:*:*:*:*:*

>>g3_3500_firmware>>Versions before 1.26.0(exclusive)

cpe:2.3:o:dell:g3_3500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:g3_3500:-:*:*:*:*:*:*:*

>>g5_15_5500_firmware>>Versions before 1.26.0(exclusive)

cpe:2.3:o:dell:g5_15_5500_firmware:*:*:*:*:*:*:*:*

>>g5_15_5500>>-

cpe:2.3:h:dell:g5_15_5500:-:*:*:*:*:*:*:*

>>g7_15_7500_firmware>>Versions before 1.26.0(exclusive)

cpe:2.3:o:dell:g7_15_7500_firmware:*:*:*:*:*:*:*:*

>>g7_15_7500>>-

cpe:2.3:h:dell:g7_15_7500:-:*:*:*:*:*:*:*

>>g7_17_7700_firmware>>Versions before 1.26.0(exclusive)

cpe:2.3:o:dell:g7_17_7700_firmware:*:*:*:*:*:*:*:*

>>g7_17_7700>>-

cpe:2.3:h:dell:g7_17_7700:-:*:*:*:*:*:*:*

>>precision_5680_firmware>>Versions before 1.4.1(exclusive)

cpe:2.3:o:dell:precision_5680_firmware:*:*:*:*:*:*:*:*

>>precision_5680>>-

cpe:2.3:h:dell:precision_5680:-:*:*:*:*:*:*:*

>>inspiron_14_5410_firmware>>Versions before 2.20.0(exclusive)

cpe:2.3:o:dell:inspiron_14_5410_firmware:*:*:*:*:*:*:*:*

>>inspiron_14_5410>>-

cpe:2.3:h:dell:inspiron_14_5410:-:*:*:*:*:*:*:*

>>inspiron_14_5418_firmware>>Versions before 2.20.0(exclusive)

cpe:2.3:o:dell:inspiron_14_5418_firmware:*:*:*:*:*:*:*:*

>>inspiron_14_5418>>-

cpe:2.3:h:dell:inspiron_14_5418:-:*:*:*:*:*:*:*

>>inspiron_15_3511_firmware>>Versions before 1.23.0(exclusive)

cpe:2.3:o:dell:inspiron_15_3511_firmware:*:*:*:*:*:*:*:*

>>inspiron_15_3511>>-

cpe:2.3:h:dell:inspiron_15_3511:-:*:*:*:*:*:*:*

>>inspiron_15_5510_firmware>>Versions before 2.20.0(exclusive)

cpe:2.3:o:dell:inspiron_15_5510_firmware:*:*:*:*:*:*:*:*

>>inspiron_15_5510>>-

cpe:2.3:h:dell:inspiron_15_5510:-:*:*:*:*:*:*:*

>>inspiron_15_5518_firmware>>Versions before 2.20.0(exclusive)

cpe:2.3:o:dell:inspiron_15_5518_firmware:*:*:*:*:*:*:*:*

>>inspiron_15_5518>>-

cpe:2.3:h:dell:inspiron_15_5518:-:*:*:*:*:*:*:*

>>inspiron_24_5420_all-in-one_firmware>>Versions before 1.4.0(exclusive)

cpe:2.3:o:dell:inspiron_24_5420_all-in-one_firmware:*:*:*:*:*:*:*:*

>>inspiron_24_5420_all-in-one>>-

cpe:2.3:h:dell:inspiron_24_5420_all-in-one:-:*:*:*:*:*:*:*

>>inspiron_24_5421_all-in-one_firmware>>Versions before 1.4.0(exclusive)

cpe:2.3:o:dell:inspiron_24_5421_all-in-one_firmware:*:*:*:*:*:*:*:*

>>inspiron_24_5421_all-in-one>>-

cpe:2.3:h:dell:inspiron_24_5421_all-in-one:-:*:*:*:*:*:*:*

>>inspiron_27_7720_all-in-one_firmware>>Versions before 1.4.0(exclusive)

cpe:2.3:o:dell:inspiron_27_7720_all-in-one_firmware:*:*:*:*:*:*:*:*

>>inspiron_27_7720_all-in-one>>-

cpe:2.3:h:dell:inspiron_27_7720_all-in-one:-:*:*:*:*:*:*:*

>>inspiron_3020_small_desktop_firmware>>Versions up to 1.6.0(inclusive)

cpe:2.3:o:dell:inspiron_3020_small_desktop_firmware:*:*:*:*:*:*:*:*

>>inspiron_3020_small_desktop>>-

cpe:2.3:h:dell:inspiron_3020_small_desktop:-:*:*:*:*:*:*:*

>>inspiron_3020_desktop_firmware>>Versions before 1.6.0(exclusive)

cpe:2.3:o:dell:inspiron_3020_desktop_firmware:*:*:*:*:*:*:*:*

>>inspiron_3020_desktop>>-

cpe:2.3:h:dell:inspiron_3020_desktop:-:*:*:*:*:*:*:*

>>inspiron_3493_firmware>>Versions before 1.27.0(exclusive)

cpe:2.3:o:dell:inspiron_3493_firmware:*:*:*:*:*:*:*:*

>>inspiron_3493>>-

cpe:2.3:h:dell:inspiron_3493:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-287	Primary	security_alert@emc.com

CWE ID: CWE-287

Type: Primary

Source: security_alert@emc.com

References

Hyperlink	Source	Resource
https://www.dell.com/support/kbdoc/en-us/000215217/dsa-2023-190-dell-client-bios	security_alert@emc.com	Vendor Advisory

Hyperlink: https://www.dell.com/support/kbdoc/en-us/000215217/dsa-2023-190-dell-client-bios

Source: security_alert@emc.com

Resource:

Vendor Advisory