CVE-2023-32469 - Vulnerability Details - OpenCVE

Dell Precision Tower BIOS contains an Improper Input Validation vulnerability. A locally authenticated malicious user with admin privileges could potentially exploit this vulnerability to perform arbitrary code execution.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dell	Precision 5820 Precision 5820 Firmware Precision 7820 Precision 7820 Firmware Precision 7920 Precision 7920 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:dell:precision_5820_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:precision_5820:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:dell:precision_7820_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:precision_7820:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:dell:precision_7920_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:precision_7920:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.dell.com/support/kbdoc/en-us/000216242/dsa-2023-223-security-update-for-a-dell-precision-tower-bios-vulnerability

History

No history.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2023-11-16T08:14:46.815Z

Updated: 2024-08-02T15:18:37.134Z

Reserved: 2023-05-09T06:07:41.364Z

Link: CVE-2023-32469

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-11-16T09:15:07.077

Modified: 2024-11-21T08:03:25.190

Link: CVE-2023-32469

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-32469", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2023-05-09T06:07:41.364Z", "datePublished": "2023-11-16T08:14:46.815Z", "dateUpdated": "2024-08-02T15:18:37.134Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["BIOS"], "product": "Dell Precision 5820 Tower, Dell Precision 7820 Tower, Dell Precision 7920 Tower", "vendor": "Dell", "versions": [{"status": "affected", "version": "Versions prior to 2.32.0"}, {"status": "affected", "version": "Versions prior to 2.36.0"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "another1024"}], "datePublic": "2023-11-14T06:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Dell Precision Tower BIOS contains an Improper Input Validation vulnerability. A locally authenticated malicious user with admin privileges could potentially exploit this vulnerability to perform arbitrary code execution.</span>\n\n"}], "value": "\nDell Precision Tower BIOS contains an Improper Input Validation vulnerability. A locally authenticated malicious user with admin privileges could potentially exploit this vulnerability to perform arbitrary code execution.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20: Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2023-11-16T08:14:46.815Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000216242/dsa-2023-223-security-update-for-a-dell-precision-tower-bios-vulnerability"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:18:37.134Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.dell.com/support/kbdoc/en-us/000216242/dsa-2023-223-security-update-for-a-dell-precision-tower-bios-vulnerability"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:precision_5820_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9D9FE138-FF30-4105-94D6-80E1EA7D7B3C", "versionEndExcluding": "2.32.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:precision_5820:-:*:*:*:*:*:*:*", "matchCriteriaId": "E12F96DC-54C7-4891-8723-D1B240165CBC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:precision_7820_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2D5945F9-7C84-4CB7-82B8-1706AAF683FF", "versionEndExcluding": "2.36.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:precision_7820:-:*:*:*:*:*:*:*", "matchCriteriaId": "FA0FD696-4C1F-416C-95EB-36FEA77BEB6F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:precision_7920_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C0B22610-AFC8-40EA-AB4D-179038E0D1D6", "versionEndExcluding": "2.36.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:precision_7920:-:*:*:*:*:*:*:*", "matchCriteriaId": "0BCCF11B-05BD-4E70-AD26-6B26A7E701FA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "\nDell Precision Tower BIOS contains an Improper Input Validation vulnerability. A locally authenticated malicious user with admin privileges could potentially exploit this vulnerability to perform arbitrary code execution.\n\n"}, {"lang": "es", "value": "El BIOS Dell Precision Tower contiene una vulnerabilidad de validaci\u00f3n de entrada incorrecta. Un usuario malicioso autenticado localmente con privilegios de administrador podr\u00eda explotar esta vulnerabilidad para realizar la ejecuci\u00f3n de c\u00f3digo arbitrario."}], "id": "CVE-2023-32469", "lastModified": "2024-11-21T08:03:25.190", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 6.0, "source": "security_alert@emc.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-16T09:15:07.077", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000216242/dsa-2023-223-security-update-for-a-dell-precision-tower-bios-vulnerability"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000216242/dsa-2023-223-security-update-for-a-dell-precision-tower-bios-vulnerability"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "security_alert@emc.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}