7.8

CVE-2023-25537

Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.

Data is provided by the National Vulnerability Database (NVD)
DellPoweredge R740 Firmware Version < 2.18.1
   DellPoweredge R740 Version-
DellPoweredge R740xd Firmware Version < 2.18.1
   DellPoweredge R740xd Version-
DellPoweredge R640 Firmware Version < 2.18.1
   DellPoweredge R640 Version-
DellPoweredge R940 Firmware Version < 2.18.1
   DellPoweredge R940 Version-
DellPoweredge R540 Firmware Version < 2.18.1
   DellPoweredge R540 Version-
DellPoweredge R440 Firmware Version < 2.18.1
   DellPoweredge R440 Version-
DellPoweredge T440 Firmware Version < 2.18.1
   DellPoweredge T440 Version-
DellPoweredge Xr2 Firmware Version < 2.18.1
   DellPoweredge Xr2 Version-
DellPoweredge R740xd2 Firmware Version < 2.18.1
   DellPoweredge R740xd2 Version-
DellPoweredge R840 Firmware Version < 2.18.1
   DellPoweredge R840 Version-
DellPoweredge R940xa Firmware Version < 2.18.1
   DellPoweredge R940xa Version-
DellPoweredge T640 Firmware Version < 2.18.1
   DellPoweredge T640 Version-
DellPoweredge C6420 Firmware Version < 2.18.1
   DellPoweredge C6420 Version-
DellPoweredge Fc640 Firmware Version < 2.18.1
   DellPoweredge Fc640 Version-
DellPoweredge M640 Firmware Version < 2.18.1
   DellPoweredge M640 Version-
DellPoweredge Mx740c Firmware Version < 2.18.1
   DellPoweredge Mx740c Version-
DellPoweredge Mx840c Firmware Version < 2.18.1
   DellPoweredge Mx840c Version-
DellPoweredge C4140 Firmware Version < 2.18.1
   DellPoweredge C4140 Version-
DellDss 8440 Firmware Version < 2.18.1
   DellDss 8440 Version-
DellPoweredge Xe2420 Firmware Version < 2.18.1
   DellPoweredge Xe2420 Version-
DellPoweredge Xe7420 Firmware Version < 2.18.1
   DellPoweredge Xe7420 Version-
DellPoweredge Xe7440 Firmware Version < 2.18.1
   DellPoweredge Xe7440 Version-
DellEmc Storage Nx3240 Firmware Version < 2.18.1
   DellEmc Storage Nx3240 Version-
DellEmc Storage Nx3340 Firmware Version < 2.18.1
   DellEmc Storage Nx3340 Version-
DellEmc Xc Core 6420 Firmware Version < 2.18.1
   DellEmc Xc Core 6420 Version-
DellEmc Xc Core Xc640 Firmware Version < 2.18.1
   DellEmc Xc Core Xc640 Version-
DellEmc Xc Core Xc740xd Firmware Version < 2.18.1
   DellEmc Xc Core Xc740xd Version-
DellEmc Xc Core Xc740xd2 Firmware Version < 2.18.1
   DellEmc Xc Core Xc740xd2 Version-
DellEmc Xc Core Xc940 Firmware Version < 2.18.1
   DellEmc Xc Core Xc940 Version-
DellEmc Xc Core Xcxr2 Firmware Version < 2.18.1
   DellEmc Xc Core Xcxr2 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.03% 0.085
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
security_alert@emc.com 6.1 1.8 4.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.