{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-25537", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2023-02-07T09:35:27.079Z", "datePublished": "2023-05-22T10:48:45.847Z", "dateUpdated": "2025-01-21T15:07:54.481Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["BIOS", "PowerEdge R740", "PowerEdge R740XD", "PowerEdge R640", "PowerEdge R940", "PowerEdge R540", "PowerEdge R440", "PowerEdge T440", "PowerEdge XR2", "PowerEdge R740xD2", "PowerEdge R840", "PowerEdge R940xa", "PowerEdge T640", "PowerEdge C6420", "PowerEdge FC640", "PowerEdge M640", "PowerEdge M640 (for PE VRTX)", "PowerEdge MX740c", "PowerEdge MX840c", "PowerEdge C4140", "DSS 8440", "PowerEdge XE2420", "PowerEdge XE7420", "PowerEdge XE7440", "Dell EMC Storage NX3240", "Dell EMC Storage NX3340", "Dell EMC XC Core 6420 System", "Dell EMC XC Core XC640 System", "Dell EMC XC Core XC740xd System", "Dell EMC XC Core XC740xd2", "Dell EMC XC Core XC940 System", "Dell EMC XC Core XCXR2"], "product": "PowerEdge Platform", "vendor": "Dell", "versions": [{"status": "affected", "version": "Versions prior to 2.18.1 "}]}], "datePublic": "2023-05-15T06:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.</span>\n\n"}], "value": "\nDell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2023-05-22T10:48:45.847Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000213550/dsa-2023-098-security-update-for-dell-poweredge-14g-server-bios-for-an-out-of-bounds-write-vulnerability"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:25:18.634Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.dell.com/support/kbdoc/en-us/000213550/dsa-2023-098-security-update-for-dell-poweredge-14g-server-bios-for-an-out-of-bounds-write-vulnerability"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-21T15:06:34.370163Z", "id": "CVE-2023-25537", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-21T15:07:54.481Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000213550/dsa-2023-098-security-update-for-dell-poweredge-14g-server-bios-for-an-out-of-bounds-write-vulnerability", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:25:18.634Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-25537", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-21T15:06:34.370163Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-21T15:06:42.265Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dell", "product": "PowerEdge Platform", "versions": [{"status": "affected", "version": "Versions prior to 2.18.1 "}], "platforms": ["BIOS", "PowerEdge R740", "PowerEdge R740XD", "PowerEdge R640", "PowerEdge R940", "PowerEdge R540", "PowerEdge R440", "PowerEdge T440", "PowerEdge XR2", "PowerEdge R740xD2", "PowerEdge R840", "PowerEdge R940xa", "PowerEdge T640", "PowerEdge C6420", "PowerEdge FC640", "PowerEdge M640", "PowerEdge M640 (for PE VRTX)", "PowerEdge MX740c", "PowerEdge MX840c", "PowerEdge C4140", "DSS 8440", "PowerEdge XE2420", "PowerEdge XE7420", "PowerEdge XE7440", "Dell EMC Storage NX3240", "Dell EMC Storage NX3340", "Dell EMC XC Core 6420 System", "Dell EMC XC Core XC640 System", "Dell EMC XC Core XC740xd System", "Dell EMC XC Core XC740xd2", "Dell EMC XC Core XC940 System", "Dell EMC XC Core XCXR2"], "defaultStatus": "unaffected"}], "datePublic": "2023-05-15T06:30:00.000Z", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000213550/dsa-2023-098-security-update-for-dell-poweredge-14g-server-bios-for-an-out-of-bounds-write-vulnerability", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "\nDell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.</span>\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2023-05-22T10:48:45.847Z"}}}, "cveMetadata": {"cveId": "CVE-2023-25537", "state": "PUBLISHED", "dateUpdated": "2025-01-21T15:07:54.481Z", "dateReserved": "2023-02-07T09:35:27.079Z", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "datePublished": "2023-05-22T10:48:45.847Z", "assignerShortName": "dell"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_r740_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B37675EF-6040-4F8A-A5C2-44E715B8AD21", "versionEndExcluding": "2.18.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_r740:-:*:*:*:*:*:*:*", "matchCriteriaId": "DE562535-3D9B-4A82-AC0D-6A2225E63E8D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_r740xd_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "60523971-FED3-440E-A82C-AF88D48DEA44", "versionEndExcluding": "2.18.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_r740xd:-:*:*:*:*:*:*:*", "matchCriteriaId": "868ECD3F-77CD-4F5D-86E5-61689E4C5BA0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_r640_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E95A1EDC-D580-4976-8A54-EB5D1A992DBA", "versionEndExcluding": "2.18.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_r640:-:*:*:*:*:*:*:*", "matchCriteriaId": "81416C16-D7FA-4165-BB0E-6458A4EA5AEE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_r940_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "222DF748-DA7B-4DF2-868B-67E6674FAE7C", "versionEndExcluding": "2.18.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_r940:-:*:*:*:*:*:*:*", "matchCriteriaId": "B581E1DE-4E94-49E5-B5CF-2A94B2570708", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_r540_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "947180B0-04CE-4BAE-BC7A-625656A90631", "versionEndExcluding": "2.18.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_r540:-:*:*:*:*:*:*:*", "matchCriteriaId": "73B27F54-3CE3-4A5F-BBA1-2C6ED5316B47", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_r440_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A142530D-DD9C-4EA5-BE09-10A8DDBBB957", "versionEndExcluding": "2.18.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_r440:-:*:*:*:*:*:*:*", "matchCriteriaId": "EBC3957E-791A-4052-A9C4-F3ECBD746E37", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_t440_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "15D9902E-9BDF-4E56-9A72-FC2D84DDBB6F", "versionEndExcluding": "2.18.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_t440:-:*:*:*:*:*:*:*", "matchCriteriaId": "28F97F1A-B41E-4CC5-B668-8C194CE2C29E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_xr2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CF6D1AA1-7DC5-48B1-9A0D-D18101C66BB0", "versionEndExcluding": "2.18.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_xr2:-:*:*:*:*:*:*:*", "matchCriteriaId": "88EC4390-C39F-4E56-9631-B8A22986690D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_r740xd2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FC4EC25A-5544-4B3F-B173-FF0A54FD9F39", "versionEndExcluding": "2.18.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_r740xd2:-:*:*:*:*:*:*:*", "matchCriteriaId": "A5395D3F-58D4-49F9-AA2F-0D5C6D8C4651", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_r840_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3B1CF99B-0D79-4A02-B847-D32E473529FF", "versionEndExcluding": "2.18.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_r840:-:*:*:*:*:*:*:*", "matchCriteriaId": "E058B9C6-CD1C-42F5-8781-05450254E9E5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_r940xa_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E901926A-84F1-4799-8B6F-1C8A481210A1", "versionEndExcluding": "2.18.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_r940xa:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D143853-3D62-4AD7-B899-F726036A34D2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_t640_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A675F7CB-D3C3-4378-A322-1ED1299D05DC", "versionEndExcluding": "2.18.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_t640:-:*:*:*:*:*:*:*", "matchCriteriaId": "1DEC0235-DDA1-4EE4-B3F8-512F1B29AFC6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_c6420_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FF28AE6F-A2D3-4972-8777-FD91B9F6DEFF", "versionEndExcluding": "2.18.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_c6420:-:*:*:*:*:*:*:*", "matchCriteriaId": "027D86DE-076F-4CE9-9DE9-E6976C655E8F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_fc640_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6E643BF-C1E1-4B72-9904-0EDD5AD6FD60", "versionEndExcluding": "2.18.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_fc640:-:*:*:*:*:*:*:*", "matchCriteriaId": "E9C59D4B-1122-4782-A686-559E7DF8C3C9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_m640_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C8D7ED32-1674-4F10-B1F8-B30FCF5232A8", "versionEndExcluding": "2.18.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_m640:-:*:*:*:*:*:*:*", "matchCriteriaId": "5F8B50A1-577F-451E-8D03-C8A6A78000DC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_mx740c_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "296BDDBF-6C54-4D65-8C9D-C4639074A9AD", "versionEndExcluding": "2.18.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_mx740c:-:*:*:*:*:*:*:*", "matchCriteriaId": "757039D5-60B9-40B0-B719-38E27409BDDE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_mx840c_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "31A27B9B-3B03-41C5-913F-1119B6E7E238", "versionEndExcluding": "2.18.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_mx840c:-:*:*:*:*:*:*:*", "matchCriteriaId": "E4305D0F-CB59-49D5-8D21-8ECC3342C36C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_c4140_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "630E8769-99DD-4062-8BC4-A793816C5D76", "versionEndExcluding": "2.18.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_c4140:-:*:*:*:*:*:*:*", "matchCriteriaId": "F9ACC9B8-C046-4304-BA58-7D6D7945BE95", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:dss_8440_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F862C85D-F4DC-4B11-826A-C6AD3AEBB0A8", "versionEndExcluding": "2.18.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:dss_8440:-:*:*:*:*:*:*:*", "matchCriteriaId": "239C2103-C4BB-4C6A-8E09-C6F7D52024D3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_xe2420_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AAF0FAAA-AD3C-476D-AAF5-C566A1B1E865", "versionEndExcluding": "2.18.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_xe2420:-:*:*:*:*:*:*:*", "matchCriteriaId": "30D12E41-8F03-435C-B137-CD3465923E5C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_xe7420_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "43348CD0-0B16-4798-85B3-58017417B7C2", "versionEndExcluding": "2.18.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_xe7420:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB402EFE-DEFF-40D1-B1C8-8A7D6923669E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_xe7440_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "372DC8AD-61A4-4353-B7DE-71DFA5440401", "versionEndExcluding": "2.18.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_xe7440:-:*:*:*:*:*:*:*", "matchCriteriaId": "EB265071-7294-4317-A854-0D90844CDC17", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:emc_storage_nx3240_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "58815A75-5427-48FE-98E5-6FBF5D022E46", "versionEndExcluding": "2.18.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:emc_storage_nx3240:-:*:*:*:*:*:*:*", "matchCriteriaId": "EFCDCB3C-4995-4211-8592-3D7F94098A26", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:emc_storage_nx3340_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6C5E7C0-E28C-4D45-AC2D-518FC3E72D49", "versionEndExcluding": "2.18.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:emc_storage_nx3340:-:*:*:*:*:*:*:*", "matchCriteriaId": "66F375D2-85E4-4994-AE90-99D25A50F9AD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:emc_xc_core_6420_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B14BA9CF-84BE-406F-AE9C-48418E9045B3", "versionEndExcluding": "2.18.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:emc_xc_core_6420:-:*:*:*:*:*:*:*", "matchCriteriaId": "A54DBA6D-E506-4557-8659-1707F6C9D02F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:emc_xc_core_xc640_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4884D9D6-3EE9-4041-9D9D-188215F8C73D", "versionEndExcluding": "2.18.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:emc_xc_core_xc640:-:*:*:*:*:*:*:*", "matchCriteriaId": "8EE5A591-AFD4-43B0-9383-B2F306940679", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:emc_xc_core_xc740xd_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D897026E-70E2-40E7-A59C-E6A1F0FDFA02", "versionEndExcluding": "2.18.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:emc_xc_core_xc740xd:-:*:*:*:*:*:*:*", "matchCriteriaId": "7AD7E6DE-4B9B-4C23-81A1-D8D52D2E4215", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:emc_xc_core_xc740xd2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B1D21691-AA78-4603-9E46-12D3B4D64411", "versionEndExcluding": "2.18.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:emc_xc_core_xc740xd2:-:*:*:*:*:*:*:*", "matchCriteriaId": "0127228B-FBC4-4C66-AFA1-749C151F79C5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:emc_xc_core_xc940_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "533FF26E-95F7-4CD7-BBCA-9A80831489A9", "versionEndExcluding": "2.18.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:emc_xc_core_xc940:-:*:*:*:*:*:*:*", "matchCriteriaId": "0A160D84-3C5D-4789-8AF3-B006A5956B3F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:emc_xc_core_xcxr2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "120AA799-23AE-4D51-8EC2-11A59A1E0EAB", "versionEndExcluding": "2.18.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:emc_xc_core_xcxr2:-:*:*:*:*:*:*:*", "matchCriteriaId": "2FF8CC72-C32F-476D-86D3-CFF022185D76", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "\nDell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.\n\n"}], "id": "CVE-2023-25537", "lastModified": "2024-11-21T07:49:41.453", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "security_alert@emc.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-05-22T11:15:09.333", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000213550/dsa-2023-098-security-update-for-dell-poweredge-14g-server-bios-for-an-out-of-bounds-write-vulnerability"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000213550/dsa-2023-098-security-update-for-dell-poweredge-14g-server-bios-for-an-out-of-bounds-write-vulnerability"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "security_alert@emc.com", "type": "Secondary"}]}

{}