CVE-2023-32480

EPSS 0.06%
Published 23.06.2023 11:15:09
Last modified 21.11.2024 08:03:26
Source security_alert@emc.com
Teams watchlist Login
Open Login

Dell BIOS contains an Improper Input Validation vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability to perform arbitrary code execution.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Dell ≫ Alienware M15 R7 Firmware Version < 1.17.0

Dell ≫ Alienware M15 R7 Version-

Dell ≫ G15 5510 Firmware Version < 1.19.0

Dell ≫ G15 5510 Version-

Dell ≫ G15 5520 Firmware Version < 1.17.0

Dell ≫ G15 5520 Version-

Dell ≫ Inspiron 14 5410 Firmware Version < 2.19.1

Dell ≫ Inspiron 14 5410 Version-

Dell ≫ Inspiron 14 5418 Firmware Version < 2.19.1

Dell ≫ Inspiron 14 5418 Version-

Dell ≫ Inspiron 15 5510 Firmware Version < 2.19.1

Dell ≫ Inspiron 15 5510 Version-

Dell ≫ Inspiron 15 5518 Firmware Version < 2.19.1

Dell ≫ Inspiron 15 5518 Version-

Dell ≫ Inspiron 16 7620 2-in-1 Firmware Version < 1.12.1

Dell ≫ Inspiron 16 7620 2-in-1 Version-

Dell ≫ Inspiron 3520 Firmware Version < 1.15.0

Dell ≫ Inspiron 3520 Version-

Dell ≫ Inspiron 5410 Firmware Version < 2.19.1

Dell ≫ Inspiron 5410 Version-

Dell ≫ Inspiron 5420 Firmware Version < 1.14.1

Dell ≫ Inspiron 5420 Version-

Dell ≫ Inspiron 5620 Firmware Version < 1.14.1

Dell ≫ Inspiron 5620 Version-

Dell ≫ Inspiron 7420 Firmware Version < 1.12.1

Dell ≫ Inspiron 7420 Version-

Dell ≫ Inspiron 7510 Firmware Version < 1.16.1

Dell ≫ Inspiron 7510 Version-

Dell ≫ Inspiron 7610 Firmware Version < 1.16.1

Dell ≫ Inspiron 7610 Version-

Dell ≫ Latitude 3320 Firmware Version < 1.22.2

Dell ≫ Latitude 3320 Version-

Dell ≫ Latitude 3420 Firmware Version < 1.29.0

Dell ≫ Latitude 3420 Version-

Dell ≫ Latitude 3430 Firmware Version < 1.10.1

Dell ≫ Latitude 3430 Version-

Dell ≫ Latitude 3520 Firmware Version < 1.29.0

Dell ≫ Latitude 3520 Version-

Dell ≫ Latitude 3530 Firmware Version < 1.10.1

Dell ≫ Latitude 3530 Version-

Dell ≫ Precision 5760 Firmware Version < 1.20.1

Dell ≫ Precision 5760 Version-

Dell ≫ Precision 5770 Firmware Version < 1.17.1

Dell ≫ Precision 5770 Version-

Dell ≫ Vostro 3420 Firmware Version < 1.15.0

Dell ≫ Vostro 3420 Version-

Dell ≫ Vostro 3520 Firmware Version < 1.15.0

Dell ≫ Vostro 3520 Version-

Dell ≫ Vostro 5410 Firmware Version < 2.19.1

Dell ≫ Vostro 5410 Version-

Dell ≫ Vostro 5510 Firmware Version < 2.19.1

Dell ≫ Vostro 5510 Version-

Dell ≫ Vostro 5620 Firmware Version < 1.14.1

Dell ≫ Vostro 5620 Version-

Dell ≫ Vostro 7510 Firmware Version < 1.16.1

Dell ≫ Vostro 7510 Version-

Dell ≫ Xps 13 9315 2-in-1 Firmware Version < 1.8.1

Dell ≫ Xps 13 9315 2-in-1 Version-

Dell ≫ Xps 17 9710 Firmware Version < 1.20.1

Dell ≫ Xps 17 9710 Version-

Dell ≫ Xps 17 9720 Firmware Version < 1.17.1

Dell ≫ Xps 17 9720 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.184

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	0.9	5.9	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security_alert@emc.com	6.8	0.9	5.9	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://www.dell.com/support/kbdoc/en-us/000214779/dsa-2023-175-dell-client-bios-security-update-for-an-improper-input-validation-vulnerability

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-32480

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-32480

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-32480

EUVD