CVE-2023-32469

Dell Precision Tower BIOS contains an Improper Input Validation vulnerability. A locally authenticated malicious user with admin privileges could potentially exploit this vulnerability to perform arbitrary code execution.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000216242/dsa-2023-223-security-update-for-a-dell-precision-tower-bios-vulnerability	Vendor Advisory
https://www.dell.com/support/kbdoc/en-us/000216242/dsa-2023-223-security-update-for-a-dell-precision-tower-bios-vulnerability	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dell:precision_5820_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:precision_5820:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:dell:precision_7820_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:precision_7820:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:dell:precision_7920_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:precision_7920:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:03

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~6.7~~	v2 : unknown v3 : 7.5
References	~~() https://www.dell.com/support/kbdoc/en-us/000216242/dsa-2023-223-security-update-for-a-dell-precision-tower-bios-vulnerability - Vendor Advisory~~	() https://www.dell.com/support/kbdoc/en-us/000216242/dsa-2023-223-security-update-for-a-dell-precision-tower-bios-vulnerability - Vendor Advisory

29 Nov 2023, 19:49

Type	Values Removed	Values Added
First Time		Dell precision 7920 Dell precision 5820 Firmware Dell precision 7820 Firmware Dell Dell precision 7820 Dell precision 5820 Dell precision 7920 Firmware
CWE		CWE-20
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.7
CPE		cpe:2.3:h:dell:precision_7920:-:::::::* cpe:2.3:h:dell:precision_7820:-:::::::* cpe:2.3:h:dell:precision_5820:-:::::::* cpe:2.3:o:dell:precision_5820_firmware:::::::: cpe:2.3:o:dell:precision_7920_firmware:::::::: cpe:2.3:o:dell:precision_7820_firmware::::::::
References	~~() https://www.dell.com/support/kbdoc/en-us/000216242/dsa-2023-223-security-update-for-a-dell-precision-tower-bios-vulnerability -~~	() https://www.dell.com/support/kbdoc/en-us/000216242/dsa-2023-223-security-update-for-a-dell-precision-tower-bios-vulnerability - Vendor Advisory

16 Nov 2023, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-16 09:15

Updated : 2024-11-21 08:03

NVD link : CVE-2023-32469

Mitre link : CVE-2023-32469

CVE.ORG link : CVE-2023-32469

JSON object : View

Products Affected

dell

precision_7920_firmware
precision_7820_firmware
precision_5820_firmware
precision_7920
precision_5820
precision_7820

CWE

CWE-20

Improper Input Validation

7.5 /10