6.8

CVE-2023-44298

Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information tampering, code execution, denial of service.

Data is provided by the National Vulnerability Database (NVD)
DellPoweredge R660 Firmware Version1.4.4
   DellPoweredge R660 Version-
DellPoweredge R760 Firmware Version1.4.4
   DellPoweredge R760 Version-
DellPoweredge C6620 Firmware Version1.4.4
   DellPoweredge C6620 Version-
DellPoweredge Mx760c Firmware Version1.4.4
   DellPoweredge Mx760c Version-
DellPoweredge R860 Firmware Version1.4.4
   DellPoweredge R860 Version-
DellPoweredge R960 Firmware Version1.4.4
   DellPoweredge R960 Version-
DellPoweredge Hs5610 Firmware Version1.4.4
   DellPoweredge Hs5610 Version-
DellPoweredge Hs5620 Firmware Version1.4.4
   DellPoweredge Hs5620 Version-
DellPoweredge R660xs Firmware Version1.4.4
   DellPoweredge R660xs Version-
DellPoweredge R760xs Firmware Version1.4.4
   DellPoweredge R760xs Version-
DellPoweredge R760xd2 Firmware Version1.4.4
   DellPoweredge R760xd2 Version-
DellPoweredge T560 Firmware Version1.4.4
   DellPoweredge T560 Version-
DellPoweredge R760xa Firmware Version1.4.4
   DellPoweredge R760xa Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.05% 0.166
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.8 0.9 5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security_alert@emc.com 3.6 0.5 2.7
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L
CWE-1234 Hardware Internal or Debug Modes Allow Override of Locks

System configuration protection may be bypassed during debug mode.

CWE-667 Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.