Search
Find a vulnerability
Search criteria
2 vulnerabilities found for alienware_m16_r1_amd_firmware by dell
CVE-2023-32475 (GCVE-0-2023-32475)
Vulnerability from nvd – Published: 2024-06-07 02:13 – Updated: 2024-08-02 15:18
VLAI
Summary
Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially bypass security mechanisms to run arbitrary code on the system.
Severity
7.6 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-353 - Missing Support for Integrity Check
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00021564… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | CPG BIOS |
Affected:
N/A , < 2.6.0
(semver)
Affected: N/A , < 1.13.0 (semver) Unaffected: N/A , < 2.16.0 (semver) Affected: N/A , < 1.15.0 (semver) Affected: N/A , < 1.16.0 (semver) Affected: N/A , < 1.9.0 (semver) Affected: N/A , < 1.5.0 (semver) Affected: N/A , < 1.18.0 (semver) Affected: N/A , < 1.8.0 (semver) Affected: N/A , < 1.15.1 (semver) Affected: N/A , < 1.12.0 (semver) Affected: N/A , < 1.17.0 (semver) Affected: N/A , < 1.14.0 (semver) Affected: N/A , < 1.19.0 (semver) |
|
| dell | cpg_bios |
Affected:
0 , ≤ 2.6
(custom)
cpe:2.3:o:dell:cpg_bios:*:*:*:*:*:*:*:* |
Date Public
2023-12-12 06:30
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dell:cpg_bios:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "cpg_bios",
"vendor": "dell",
"versions": [
{
"lessThanOrEqual": "2.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32475",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-07T16:59:56.060370Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-07T17:00:46.144Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:18:37.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000215644/dsa-2023-222-security-update-for-an-amd-bios-vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.6.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.13.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.16.0",
"status": "unaffected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.15.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.16.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.9.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.5.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.18.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.8.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.15.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.12.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.17.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.14.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.19.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-12-12T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially bypass security mechanisms to run arbitrary code on the system."
}
],
"value": "Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially bypass security mechanisms to run arbitrary code on the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-353",
"description": "CWE-353: Missing Support for Integrity Check",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-07T02:13:17.515Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000215644/dsa-2023-222-security-update-for-an-amd-bios-vulnerability"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2023-32475",
"datePublished": "2024-06-07T02:13:17.515Z",
"dateReserved": "2023-05-09T06:07:41.365Z",
"dateUpdated": "2024-08-02T15:18:37.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32475 (GCVE-0-2023-32475)
Vulnerability from cvelistv5 – Published: 2024-06-07 02:13 – Updated: 2024-08-02 15:18
VLAI
Summary
Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially bypass security mechanisms to run arbitrary code on the system.
Severity
7.6 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-353 - Missing Support for Integrity Check
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00021564… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | CPG BIOS |
Affected:
N/A , < 2.6.0
(semver)
Affected: N/A , < 1.13.0 (semver) Unaffected: N/A , < 2.16.0 (semver) Affected: N/A , < 1.15.0 (semver) Affected: N/A , < 1.16.0 (semver) Affected: N/A , < 1.9.0 (semver) Affected: N/A , < 1.5.0 (semver) Affected: N/A , < 1.18.0 (semver) Affected: N/A , < 1.8.0 (semver) Affected: N/A , < 1.15.1 (semver) Affected: N/A , < 1.12.0 (semver) Affected: N/A , < 1.17.0 (semver) Affected: N/A , < 1.14.0 (semver) Affected: N/A , < 1.19.0 (semver) |
|
| dell | cpg_bios |
Affected:
0 , ≤ 2.6
(custom)
cpe:2.3:o:dell:cpg_bios:*:*:*:*:*:*:*:* |
Date Public
2023-12-12 06:30
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dell:cpg_bios:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "cpg_bios",
"vendor": "dell",
"versions": [
{
"lessThanOrEqual": "2.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32475",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-07T16:59:56.060370Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-07T17:00:46.144Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:18:37.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000215644/dsa-2023-222-security-update-for-an-amd-bios-vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.6.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.13.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.16.0",
"status": "unaffected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.15.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.16.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.9.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.5.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.18.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.8.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.15.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.12.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.17.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.14.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.19.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-12-12T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially bypass security mechanisms to run arbitrary code on the system."
}
],
"value": "Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially bypass security mechanisms to run arbitrary code on the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-353",
"description": "CWE-353: Missing Support for Integrity Check",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-07T02:13:17.515Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000215644/dsa-2023-222-security-update-for-an-amd-bios-vulnerability"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2023-32475",
"datePublished": "2024-06-07T02:13:17.515Z",
"dateReserved": "2023-05-09T06:07:41.365Z",
"dateUpdated": "2024-08-02T15:18:37.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}