TROYANOSYVIRUS
Retour aux CVEs

CVE-2023-25537

MEDIUM
6.1

Description

Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.

Details CVE

Score CVSS v3.16.1
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Vecteur d'attaqueLOCAL
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie5/22/2023
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0

Produits affectes

dell:dss_8440dell:dss_8440_firmwaredell:emc_storage_nx3240dell:emc_storage_nx3240_firmwaredell:emc_storage_nx3340dell:emc_storage_nx3340_firmwaredell:emc_xc_core_6420dell:emc_xc_core_6420_firmwaredell:emc_xc_core_xc640dell:emc_xc_core_xc640_firmwaredell:emc_xc_core_xc740xddell:emc_xc_core_xc740xd2dell:emc_xc_core_xc740xd2_firmwaredell:emc_xc_core_xc740xd_firmwaredell:emc_xc_core_xc940dell:emc_xc_core_xc940_firmwaredell:emc_xc_core_xcxr2dell:emc_xc_core_xcxr2_firmwaredell:poweredge_c4140dell:poweredge_c4140_firmwaredell:poweredge_c6420dell:poweredge_c6420_firmwaredell:poweredge_fc640dell:poweredge_fc640_firmwaredell:poweredge_m640dell:poweredge_m640_firmwaredell:poweredge_mx740cdell:poweredge_mx740c_firmwaredell:poweredge_mx840cdell:poweredge_mx840c_firmwaredell:poweredge_r440dell:poweredge_r440_firmwaredell:poweredge_r540dell:poweredge_r540_firmwaredell:poweredge_r640dell:poweredge_r640_firmwaredell:poweredge_r740dell:poweredge_r740_firmwaredell:poweredge_r740xddell:poweredge_r740xd2dell:poweredge_r740xd2_firmwaredell:poweredge_r740xd_firmwaredell:poweredge_r840dell:poweredge_r840_firmwaredell:poweredge_r940dell:poweredge_r940_firmwaredell:poweredge_r940xadell:poweredge_r940xa_firmwaredell:poweredge_t440dell:poweredge_t440_firmwaredell:poweredge_t640dell:poweredge_t640_firmwaredell:poweredge_xe2420dell:poweredge_xe2420_firmwaredell:poweredge_xe7420dell:poweredge_xe7420_firmwaredell:poweredge_xe7440dell:poweredge_xe7440_firmwaredell:poweredge_xr2dell:poweredge_xr2_firmware

Faiblesses (CWE)

CWE-787

References

https://www.dell.com/support/kbdoc/en-us/000213550/dsa-2023-098-security-update-for-dell-poweredge-14g-server-bios-for-an-out-of-bounds-write-vulnerability(security_alert@emc.com)
https://www.dell.com/support/kbdoc/en-us/000213550/dsa-2023-098-security-update-for-dell-poweredge-14g-server-bios-for-an-out-of-bounds-write-vulnerability(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.