Search
Find a vulnerability
Search criteria
66 vulnerabilities found for latitude_7285_2-in-1_firmware by dell
CVE-2024-38483 (GCVE-0-2024-38483)
Vulnerability from nvd – Published: 2024-08-14 09:24 – Updated: 2024-08-15 14:24
VLAI
Summary
Dell BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
Severity
5.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00022577… | vendor-advisory |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | Dell Client Platform BIOS |
Affected:
N/A , < 1.35.0
(semver)
Affected: N/A , < 2.32.0 (semver) Affected: N/A , < 1.26.0 (semver) |
|
| dell | latitude_5290_2-in-1_firmware |
Affected:
0 , < 1.35.0
(custom)
cpe:2.3:o:dell:latitude_5290_2-in-1_firmware:-:*:*:*:*:*:*:* |
|
| dell | precision_3420_tower_firmware |
Affected:
0 , < 2.32.0
(custom)
cpe:2.3:o:dell:precision_3420_tower_firmware:-:*:*:*:*:*:*:* |
|
| dell | precision_3620_tower_firmware |
Affected:
0 , < 2.32.0
(custom)
cpe:2.3:o:dell:precision_3620_tower_firmware:-:*:*:*:*:*:*:* |
|
| dell | wyse_7040_thin_client_firmware |
Affected:
0 , < 1.26.0
(custom)
cpe:2.3:o:dell:wyse_7040_thin_client_firmware:-:*:*:*:*:*:*:* |
Date Public
2024-08-13 06:30
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dell:latitude_5290_2-in-1_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "latitude_5290_2-in-1_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.35.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:precision_3420_tower_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "precision_3420_tower_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.32.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:precision_3620_tower_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "precision_3620_tower_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.32.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:wyse_7040_thin_client_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wyse_7040_thin_client_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.26.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38483",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-15T14:19:05.413802Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T14:24:22.170Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Dell Client Platform BIOS",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.35.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.32.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.26.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "CVE-2024-38483: Dell Technologies would like to thank codebreaker1337 for reporting this issue."
}
],
"datePublic": "2024-08-13T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution."
}
],
"value": "Dell BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T09:24:10.775Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000225776/dsa-2024-260"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-38483",
"datePublished": "2024-08-14T09:24:10.775Z",
"dateReserved": "2024-06-18T01:53:34.136Z",
"dateUpdated": "2024-08-15T14:24:22.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0158 (GCVE-0-2024-0158)
Vulnerability from nvd – Published: 2024-07-02 06:20 – Updated: 2024-08-01 17:41
VLAI
Summary
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability to modify a UEFI variable, leading to denial of service and escalation of privileges
Severity
5.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-in/00022014… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | CPG BIOS |
Affected:
N/A , < 1.28.0
(semver)
Affected: N/A , < 1.23.0 (semver) Affected: N/A , < 1.15.0 (semver) Affected: N/A , < 1.2.1 (semver) Affected: N/A , < 1.12.1 (semver) Affected: N/A , < 1.2.0 (semver) Affected: N/A , < 1.20.0 (semver) Affected: N/A , < 1.12.0 (semver) Affected: N/A , < 1.26.0 (semver) Affected: N/A , < 1.27.0 (semver) Affected: N/A , < 1.13.0 (semver) Affected: N/A , < 1.29.0 (semver) Affected: N/A , < 1.19.0 (semver) Affected: N/A , < 1.25.0 (semver) Affected: N/A , < 1.31.0 (semver) Affected: N/A , < 2.27.0 (semver) Affected: N/A , < 2.35.0 (semver) Affected: N/A , < 2.39.0 (semver) Affected: N/A , < 1.17.0 (semver) Affected: N/A , < 1.24.0 (semver) Affected: N/A , < 2.26.0 (semver) Affected: N/A , < 1.13.1 (semver) Affected: N/A , < 2.25.0 (semver) Affected: N/A , < 1.3.1 (semver) Affected: N/A , < 1.18.0 (semver) Affected: N/A , < 1.21.0 (semver) Affected: N/A , < 1.22.0 (semver) Affected: N/A , < 1.9.0 (semver) Affected: N/A , < 1.3.0 (semver) Affected: N/A , < 1.30.0 (semver) Affected: N/A , < 1.32.0 (semver) Affected: N/A , < 1.29..0 (semver) Affected: N/A , < 1.45.0 (semver) Affected: N/A , < 1.33.0 (semver) Affected: N/A , < 1.11.0 (semver) Affected: N/A , < 1.35.0 (semver) Affected: N/A , < 1.34.0 (semver) Affected: N/A , < 1.36.0 (semver) Affected: N/A , < 1.36.2 (semver) Affected: N/A , < 1.25.1 (semver) Affected: N/A , < 1.21.1 (semver) Affected: N/A , < 1.4.1 (semver) Affected: N/A , < 1.49.0 (semver) Affected: N/A , < 1.37.0 (semver) Affected: N/A , < 1.34.2 (semver) Affected: N/A , < 1.30.1 (semver) Affected: N/A , < 1.16.1 (semver) Affected: N/A , < 2.24.0 (semver) Affected: N/A , < 2.18.0 (semver) Affected: N/A , < 1.1.38 (semver) Affected: N/A , < 3.3.2 (semver) Affected: N/A , < 2.29.0 (semver) Affected: N/A , < 2.12.0 (semver) Affected: N/A , < 2.30.0 (semver) Affected: N/A , < 1.30.8 (semver) Affected: N/A , < 1.10.0 (semver) Affected: N/A , < 1.26.1 (semver) Affected: N/A , < 1.1.17 (semver) Affected: N/A , < 1.20.1 (semver) Affected: N/A , < 1.7.0 (semver) Affected: N/A , < 01.03.00 (semver) Affected: N/A , < 1.1.16 (semver) Affected: N/A , < 3.21.0 (semver) Affected: N/A , < 2.23.0 (semver) Affected: N/A , < 1.19.1 (semver) Affected: N/A , < 2.10.0 (semver) Affected: N/A , < 2.18.1 (semver) Affected: N/A , < 1.14.0 (semver) |
Date Public
2024-03-12 06:30
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0158",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-02T14:21:02.955425Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T14:21:13.009Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:41:16.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-in/000220141/dsa-2024-030-security-update-for-dell-client-bios-for-an-improper-input-validation-vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.28.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.15.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.2.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.12.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.2.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.20.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.12.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.26.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.27.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.13.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.29.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.19.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.25.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.31.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.27.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.35.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.39.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.17.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.24.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.26.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.13.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.25.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.3.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.18.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.21.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.22.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.9.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.3.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.30.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.32.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.29..0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.45.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.33.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.11.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.35.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.34.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.36.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.36.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.25.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.21.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.4.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.49.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.37.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.34.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.30.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.16.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.24.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.18.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.1.38",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "3.3.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.29.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.12.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.30.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.30.8",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.10.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.26.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.1.17",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.20.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.7.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "01.03.00",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.1.16",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "3.21.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.19.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.10.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.18.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.14.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-03-12T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability to modify a UEFI variable, leading to denial of service and escalation of privileges"
}
],
"value": "Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability to modify a UEFI variable, leading to denial of service and escalation of privileges"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T06:20:44.735Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-in/000220141/dsa-2024-030-security-update-for-dell-client-bios-for-an-improper-input-validation-vulnerability"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-0158",
"datePublished": "2024-07-02T06:20:44.735Z",
"dateReserved": "2023-12-14T05:30:35.591Z",
"dateUpdated": "2024-08-01T17:41:16.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22429 (GCVE-0-2024-22429)
Vulnerability from nvd – Published: 2024-05-17 15:20 – Updated: 2024-08-01 22:43
VLAI
Summary
Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00022110… | vendor-advisory |
Impacted products
16 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | CPG BIOS |
Affected:
N/A , < 2.36.0
(semver)
Affected: N/A , < 1.18.0 (semver) Affected: N/A , < 1.46.0 (semver) Affected: N/A , < 1.27.0 (semver) Affected: N/A , < 1.29.0 (semver) Affected: N/A , < 1.28.0 (semver) Affected: N/A , < 1.31.0 (semver) Affected: N/A , < 1.32.0 (semver) Affected: N/A , < 1.50.0 (semver) Affected: N/A , < 2.30.0 (semver) |
|
| dell | edge_gateway_3000_firmware |
Affected:
0 , < 1.18.0
(semver)
cpe:2.3:o:dell:edge_gateway_3000_firmware:-:*:*:*:*:*:*:* |
|
| dell | latitude_13_3380 |
Affected:
0 , < 1.27.0
(semver)
cpe:2.3:h:dell:latitude_13_3380:-:*:*:*:*:*:*:* |
|
| dell | latitude_3180_firmware |
Affected:
0 , < 1.29.0
(semver)
cpe:2.3:o:dell:latitude_3180_firmware:-:*:*:*:*:*:*:* |
|
| dell | latitude_3189_firmware |
Affected:
0 , < 1.29.0
(semver)
cpe:2.3:o:dell:latitude_3189_firmware:-:*:*:*:*:*:*:* |
|
| dell | latitude_3390_2-in-1 |
Affected:
0 , < 1.31.0
(semver)
cpe:2.3:h:dell:latitude_3390_2-in-1:-:*:*:*:*:*:*:* |
|
| dell | latitude_5414_firmware |
Affected:
0 , < 1.46.0
(semver)
cpe:2.3:o:dell:latitude_5414_firmware:-:*:*:*:*:*:*:* |
|
| dell | latitude_5424_firmware |
Affected:
0 , < 1.32.0
(semver)
cpe:2.3:a:dell:latitude_5424_firmware:*:*:*:*:*:*:*:* |
|
| dell | latitude_7414_rugged_extreme_firmware |
Affected:
0 , < 1.46.0
(semver)
cpe:2.3:o:dell:latitude_7414_rugged_extreme_firmware:-:*:*:*:*:*:*:* |
|
| dell | precision_3420_tower |
Affected:
0 , < 2.30.0
(semver)
cpe:2.3:h:dell:precision_3420_tower:-:*:*:*:*:*:*:* |
|
| dell | precision_3620_tower |
Affected:
0 , < 2.30.0
(semver)
cpe:2.3:h:dell:precision_3620_tower:-:*:*:*:*:*:*:* |
|
| dell | latitude_5280_firmware |
Affected:
0 , < 2.36.0
(semver)
cpe:2.3:o:dell:latitude_5280_firmware:-:*:*:*:*:*:*:* |
|
| dell | latitude_12_rugged_extreme_7214_firmware |
Affected:
0 , < 1.46.0
(semver)
cpe:2.3:o:dell:latitude_12_rugged_extreme_7214_firmware:-:*:*:*:*:*:*:* |
|
| dell | latitude_3300_firmware |
Affected:
0 , < 1.28.0
(semver)
cpe:2.3:o:dell:latitude_3300_firmware:-:*:*:*:*:*:*:* |
|
| dell | latitude_7212_rugged_extreme_tablet_firmware |
Affected:
0 , < 1.50.0
(semver)
cpe:2.3:a:dell:latitude_7212_rugged_extreme_tablet_firmware:*:*:*:*:*:*:*:* |
|
| dell | wyse_5070 |
Affected:
0 , < 1.31.0
(semver)
cpe:2.3:h:dell:wyse_5070:-:*:*:*:*:*:*:* |
Date Public
2024-05-14 06:30
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dell:edge_gateway_3000_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "edge_gateway_3000_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.18.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:h:dell:latitude_13_3380:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "latitude_13_3380",
"vendor": "dell",
"versions": [
{
"lessThan": "1.27.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:latitude_3180_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "latitude_3180_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.29.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:latitude_3189_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "latitude_3189_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.29.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:h:dell:latitude_3390_2-in-1:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "latitude_3390_2-in-1",
"vendor": "dell",
"versions": [
{
"lessThan": "1.31.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:latitude_5414_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "latitude_5414_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.46.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:dell:latitude_5424_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "latitude_5424_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.32.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:latitude_7414_rugged_extreme_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "latitude_7414_rugged_extreme_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.46.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:h:dell:precision_3420_tower:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "precision_3420_tower",
"vendor": "dell",
"versions": [
{
"lessThan": "2.30.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:h:dell:precision_3620_tower:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "precision_3620_tower",
"vendor": "dell",
"versions": [
{
"lessThan": "2.30.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:latitude_5280_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "latitude_5280_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.36.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:latitude_12_rugged_extreme_7214_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "latitude_12_rugged_extreme_7214_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.46.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:latitude_3300_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "latitude_3300_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.28.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:dell:latitude_7212_rugged_extreme_tablet_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "latitude_7212_rugged_extreme_tablet_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.50.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:h:dell:wyse_5070:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "wyse_5070",
"vendor": "dell",
"versions": [
{
"lessThan": "1.31.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22429",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T13:54:51.026876Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T14:03:23.200Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:43:35.008Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000221102/dsa-2024-020"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.36.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.18.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.46.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.27.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.29.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.28.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.31.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.32.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.50.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.30.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dell would like to thank schur of BUPT, Dubhe Lab for reporting this issue."
}
],
"datePublic": "2024-05-14T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution."
}
],
"value": "Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-17T15:20:16.147Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000221102/dsa-2024-020"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-22429",
"datePublished": "2024-05-17T15:20:16.147Z",
"dateReserved": "2024-01-10T15:23:01.337Z",
"dateUpdated": "2024-08-01T22:43:35.008Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-48674 (GCVE-0-2023-48674)
Vulnerability from nvd – Published: 2024-03-01 12:35 – Updated: 2024-08-02 21:37
VLAI
Summary
Dell Platform BIOS contains an Improper Null Termination vulnerability. A high privilege user with network access to the system could potentially send malicious data to the device in order to cause some services to cease to function.
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-170 - Improper Null Termination
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00022041… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | CPG BIOS |
Affected:
N/A , < 1.28.0
(semver)
Affected: N/A , < 1.27.1 (semver) Affected: N/A , < 1.24.0 (semver) Affected: N/A , < 1.12.0 (semver) Affected: N/A , < 1.32.0 (semver) Affected: N/A , < 1.26.0 (semver) Affected: N/A , < 1.27.0 (semver) Affected: N/A , < 1.11.0 (semver) Affected: N/A , < 1.20.0 (semver) Affected: N/A , < 1.9.0 (semver) Affected: N/A , < 3.20.0 (semver) Affected: N/A , < 1.17.0 (semver) |
Date Public
2024-02-13 06:30
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-48674",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-05T19:14:09.277249Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:27:37.432Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:37:54.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000220410/dsa-2023-467"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.28.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.27.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.24.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.12.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.32.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.26.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.27.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.11.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.20.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.9.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "3.20.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.17.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-02-13T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell Platform BIOS contains an Improper Null Termination vulnerability. A high privilege user with network access to the system could potentially send malicious data to the device in order to cause some services to cease to function."
}
],
"value": "Dell Platform BIOS contains an Improper Null Termination vulnerability. A high privilege user with network access to the system could potentially send malicious data to the device in order to cause some services to cease to function."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-170",
"description": "CWE-170: Improper Null Termination",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-01T12:49:58.995Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000220410/dsa-2023-467"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2023-48674",
"datePublished": "2024-03-01T12:35:56.866Z",
"dateReserved": "2023-11-17T06:17:23.509Z",
"dateUpdated": "2024-08-02T21:37:54.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28075 (GCVE-0-2023-28075)
Vulnerability from nvd – Published: 2023-08-16 19:15 – Updated: 2024-10-08 19:02
VLAI
Summary
Dell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS. A local authenticated malicious user with physical access to the system could potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI in order to gain arbitrary code execution on the system.
Severity
6.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00021281… | vendor-advisory |
Impacted products
Date Public
2023-08-08 06:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:23.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000212817/dsa-2023-152-security-update-for-a-dell-client-bios-vulnerability"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dell:cpg_bios:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "cpg_bios",
"vendor": "dell",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28075",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T19:01:58.435016Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T19:02:39.400Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
}
],
"datePublic": "2023-08-08T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS. A local authenticated malicious user with physical access to the system could potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI in order to gain arbitrary code execution on the system.\u003c/span\u003e\n\n"
}
],
"value": "\nDell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS. A local authenticated malicious user with physical access to the system could potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI in order to gain arbitrary code execution on the system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-16T19:15:41.959Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000212817/dsa-2023-152-security-update-for-a-dell-client-bios-vulnerability"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2023-28075",
"datePublished": "2023-08-16T19:15:41.959Z",
"dateReserved": "2023-03-10T05:07:55.141Z",
"dateUpdated": "2024-10-08T19:02:39.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28060 (GCVE-0-2023-28060)
Vulnerability from nvd – Published: 2023-06-23 10:17 – Updated: 2024-11-07 21:26
VLAI
Summary
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
Severity
5.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00021220… | vendor-advisory |
Date Public
2023-06-14 06:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:22.781Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000212204/dsa-2023-099-dell-client-bios-security-update-for-multiple-improper-input-validation-vulnerabilities"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28060",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T21:26:23.822877Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T21:26:38.861Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
}
],
"datePublic": "2023-06-14T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.\u003c/span\u003e\n\n"
}
],
"value": "\nDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T10:17:46.249Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000212204/dsa-2023-099-dell-client-bios-security-update-for-multiple-improper-input-validation-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2023-28060",
"datePublished": "2023-06-23T10:17:46.249Z",
"dateReserved": "2023-03-10T05:01:55.232Z",
"dateUpdated": "2024-11-07T21:26:38.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28058 (GCVE-0-2023-28058)
Vulnerability from nvd – Published: 2023-06-23 10:30 – Updated: 2024-11-07 21:07
VLAI
Summary
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
Severity
5.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00021220… | vendor-advisory |
Date Public
2023-06-14 06:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:23.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000212204/dsa-2023-099-dell-client-bios-security-update-for-multiple-improper-input-validation-vulnerabilities"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28058",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T21:06:57.836824Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T21:07:06.911Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
}
],
"datePublic": "2023-06-14T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.\u003c/span\u003e\n\n"
}
],
"value": "\nDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T10:30:27.581Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000212204/dsa-2023-099-dell-client-bios-security-update-for-multiple-improper-input-validation-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2023-28058",
"datePublished": "2023-06-23T10:30:27.581Z",
"dateReserved": "2023-03-10T05:01:55.232Z",
"dateUpdated": "2024-11-07T21:07:06.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28050 (GCVE-0-2023-28050)
Vulnerability from nvd – Published: 2023-06-23 10:25 – Updated: 2024-11-07 21:09
VLAI
Summary
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
Severity
5.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00021220… | vendor-advisory |
Date Public
2023-06-14 06:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:22.772Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000212204/dsa-2023-099-dell-client-bios-security-update-for-multiple-improper-input-validation-vulnerabilities"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28050",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T21:07:21.607702Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T21:09:09.993Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
}
],
"datePublic": "2023-06-14T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.\u003c/span\u003e\n\n"
}
],
"value": "\nDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T10:25:56.877Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000212204/dsa-2023-099-dell-client-bios-security-update-for-multiple-improper-input-validation-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2023-28050",
"datePublished": "2023-06-23T10:25:56.877Z",
"dateReserved": "2023-03-10T05:01:43.871Z",
"dateUpdated": "2024-11-07T21:09:09.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28044 (GCVE-0-2023-28044)
Vulnerability from nvd – Published: 2023-06-23 10:20 – Updated: 2024-11-07 21:09
VLAI
Summary
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
Severity
5.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00021220… | vendor-advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:22.690Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000212204/dsa-2023-099-dell-client-bios-security-update-for-multiple-improper-input-validation-vulnerabilities"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28044",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T21:09:18.405245Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T21:09:31.489Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.\u003c/span\u003e\n\n"
}
],
"value": "\nDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T10:20:01.132Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000212204/dsa-2023-099-dell-client-bios-security-update-for-multiple-improper-input-validation-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2023-28044",
"datePublished": "2023-06-23T10:20:01.132Z",
"dateReserved": "2023-03-10T04:59:39.426Z",
"dateUpdated": "2024-11-07T21:09:31.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28036 (GCVE-0-2023-28036)
Vulnerability from nvd – Published: 2023-06-23 10:01 – Updated: 2024-11-08 14:08
VLAI
Summary
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
Severity
5.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00021220… | vendor-advisory |
Date Public
2023-06-14 06:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:23:30.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000212204/dsa-2023-099-dell-client-bios-security-update-for-multiple-improper-input-validation-vulnerabilities"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28036",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T14:00:35.226875Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T14:08:38.079Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
}
],
"datePublic": "2023-06-14T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.\u003c/span\u003e\n\n"
}
],
"value": "\nDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T10:02:03.689Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000212204/dsa-2023-099-dell-client-bios-security-update-for-multiple-improper-input-validation-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2023-28036",
"datePublished": "2023-06-23T10:01:57.598Z",
"dateReserved": "2023-03-10T04:59:39.425Z",
"dateUpdated": "2024-11-08T14:08:38.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28034 (GCVE-0-2023-28034)
Vulnerability from nvd – Published: 2023-06-23 10:08 – Updated: 2024-11-07 21:47
VLAI
Summary
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
Severity
5.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00021220… | vendor-advisory |
Date Public
2023-06-14 06:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:23:30.888Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000212204/dsa-2023-099-dell-client-bios-security-update-for-multiple-improper-input-validation-vulnerabilities"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28034",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T21:47:05.414975Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T21:47:18.534Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
}
],
"datePublic": "2023-06-14T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.\u003c/span\u003e\n\n"
}
],
"value": "\nDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T10:08:23.429Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000212204/dsa-2023-099-dell-client-bios-security-update-for-multiple-improper-input-validation-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2023-28034",
"datePublished": "2023-06-23T10:08:23.429Z",
"dateReserved": "2023-03-10T04:57:40.871Z",
"dateUpdated": "2024-11-07T21:47:18.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28031 (GCVE-0-2023-28031)
Vulnerability from nvd – Published: 2023-06-23 10:11 – Updated: 2024-11-07 21:36
VLAI
Summary
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
Severity
5.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00021220… | vendor-advisory |
Date Public
2023-06-14 06:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:23:30.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000212204/dsa-2023-099-dell-client-bios-security-update-for-multiple-improper-input-validation-vulnerabilities"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28031",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T21:32:31.275061Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T21:36:15.086Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
}
],
"datePublic": "2023-06-14T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.\u003c/span\u003e\n\n"
}
],
"value": "\nDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T10:11:12.555Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000212204/dsa-2023-099-dell-client-bios-security-update-for-multiple-improper-input-validation-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2023-28031",
"datePublished": "2023-06-23T10:11:12.555Z",
"dateReserved": "2023-03-10T04:57:40.871Z",
"dateUpdated": "2024-11-07T21:36:15.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28027 (GCVE-0-2023-28027)
Vulnerability from nvd – Published: 2023-06-23 10:04 – Updated: 2024-11-08 14:08
VLAI
Summary
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
Severity
5.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00021220… | vendor-advisory |
Date Public
2023-06-14 06:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:23:30.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000212204/dsa-2023-099-dell-client-bios-security-update-for-multiple-improper-input-validation-vulnerabilities"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28027",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T14:00:31.033659Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T14:08:55.284Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
}
],
"datePublic": "2023-06-14T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.\u003c/span\u003e\n\n"
}
],
"value": "\nDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T10:04:42.451Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000212204/dsa-2023-099-dell-client-bios-security-update-for-multiple-improper-input-validation-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2023-28027",
"datePublished": "2023-06-23T10:04:42.451Z",
"dateReserved": "2023-03-10T04:57:40.870Z",
"dateUpdated": "2024-11-08T14:08:55.284Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28026 (GCVE-0-2023-28026)
Vulnerability from nvd – Published: 2023-06-23 10:23 – Updated: 2024-12-04 14:43
VLAI
Summary
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
Severity
5.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00021220… | vendor-advisory |
Date Public
2023-06-14 06:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:23:30.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000212204/dsa-2023-099-dell-client-bios-security-update-for-multiple-improper-input-validation-vulnerabilities"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28026",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-04T14:43:48.808973Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-04T14:43:58.513Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
}
],
"datePublic": "2023-06-14T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.\u003c/span\u003e\n\n"
}
],
"value": "\nDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T10:23:05.908Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000212204/dsa-2023-099-dell-client-bios-security-update-for-multiple-improper-input-validation-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2023-28026",
"datePublished": "2023-06-23T10:23:05.908Z",
"dateReserved": "2023-03-10T04:57:40.870Z",
"dateUpdated": "2024-12-04T14:43:58.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25938 (GCVE-0-2023-25938)
Vulnerability from nvd – Published: 2023-06-23 10:13 – Updated: 2024-11-07 21:31
VLAI
Summary
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
Severity
5.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00021220… | vendor-advisory |
Date Public
2023-06-14 06:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:39:06.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000212204/dsa-2023-099-dell-client-bios-security-update-for-multiple-improper-input-validation-vulnerabilities"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25938",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T21:31:27.802986Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T21:31:46.930Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
}
],
"datePublic": "2023-06-14T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.\u003c/span\u003e\n\n"
}
],
"value": "\nDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T10:13:31.571Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000212204/dsa-2023-099-dell-client-bios-security-update-for-multiple-improper-input-validation-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2023-25938",
"datePublished": "2023-06-23T10:13:31.571Z",
"dateReserved": "2023-02-17T06:15:08.303Z",
"dateUpdated": "2024-11-07T21:31:46.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28061 (GCVE-0-2023-28061)
Vulnerability from nvd – Published: 2023-06-23 09:19 – Updated: 2024-11-08 16:51
VLAI
Summary
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
Severity
5.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00021220… | vendor-advisory |
Date Public
2023-06-14 06:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:22.777Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000212204/dsa-2023-099-dell-client-bios-security-update-for-multiple-improper-input-validation-vulnerabilities"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28061",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T16:50:16.282690Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T16:51:02.127Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
}
],
"datePublic": "2023-06-14T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.\u003c/span\u003e\n\n"
}
],
"value": "\nDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T09:19:23.540Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000212204/dsa-2023-099-dell-client-bios-security-update-for-multiple-improper-input-validation-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2023-28061",
"datePublished": "2023-06-23T09:19:23.540Z",
"dateReserved": "2023-03-10T05:06:06.441Z",
"dateUpdated": "2024-11-08T16:51:02.127Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28059 (GCVE-0-2023-28059)
Vulnerability from nvd – Published: 2023-06-23 09:16 – Updated: 2024-11-08 15:14
VLAI
Summary
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
Severity
5.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00021220… | vendor-advisory |
Date Public
2023-06-14 06:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:23.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000212204/dsa-2023-099-dell-client-bios-security-update-for-multiple-improper-input-validation-vulnerabilities"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28059",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T15:13:16.770402Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T15:14:26.292Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
}
],
"datePublic": "2023-06-14T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.\u003c/span\u003e\n\n"
}
],
"value": "\nDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T09:16:20.837Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000212204/dsa-2023-099-dell-client-bios-security-update-for-multiple-improper-input-validation-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2023-28059",
"datePublished": "2023-06-23T09:16:20.837Z",
"dateReserved": "2023-03-10T05:01:55.232Z",
"dateUpdated": "2024-11-08T15:14:26.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28056 (GCVE-0-2023-28056)
Vulnerability from nvd – Published: 2023-06-23 09:46 – Updated: 2024-11-08 14:06
VLAI
Summary
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
Severity
5.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00021220… | vendor-advisory |
Date Public
2023-06-14 06:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:23.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000212204/dsa-2023-099-dell-client-bios-security-update-for-multiple-improper-input-validation-vulnerabilities"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28056",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T14:00:59.209212Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T14:06:52.468Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
}
],
"datePublic": "2023-06-14T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.\u003c/span\u003e\n\n"
}
],
"value": "\nDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T09:46:19.830Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000212204/dsa-2023-099-dell-client-bios-security-update-for-multiple-improper-input-validation-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2023-28056",
"datePublished": "2023-06-23T09:46:19.830Z",
"dateReserved": "2023-03-10T05:01:55.232Z",
"dateUpdated": "2024-11-08T14:06:52.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28054 (GCVE-0-2023-28054)
Vulnerability from nvd – Published: 2023-06-23 09:06 – Updated: 2024-11-08 15:13
VLAI
Summary
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
Severity
5.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00021220… | vendor-advisory |
Date Public
2023-06-14 06:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:23.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000212204/dsa-2023-099-dell-client-bios-security-update-for-multiple-improper-input-validation-vulnerabilities"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28054",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T15:13:35.405992Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T15:13:51.171Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
}
],
"datePublic": "2023-06-14T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.\u003c/span\u003e\n\n"
}
],
"value": "\nDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T09:06:40.143Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000212204/dsa-2023-099-dell-client-bios-security-update-for-multiple-improper-input-validation-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2023-28054",
"datePublished": "2023-06-23T09:06:40.143Z",
"dateReserved": "2023-03-10T05:01:43.872Z",
"dateUpdated": "2024-11-08T15:13:51.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28052 (GCVE-0-2023-28052)
Vulnerability from nvd – Published: 2023-06-23 09:02 – Updated: 2024-11-08 16:10
VLAI
Summary
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
Severity
5.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00021220… | vendor-advisory |
Date Public
2023-06-14 06:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:23.991Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000212204/dsa-2023-099-dell-client-bios-security-update-for-multiple-improper-input-validation-vulnerabilities"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28052",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T16:10:00.678423Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T16:10:40.718Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"datePublic": "2023-06-14T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.\u003c/span\u003e\n\n"
}
],
"value": "\nDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T09:02:08.343Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000212204/dsa-2023-099-dell-client-bios-security-update-for-multiple-improper-input-validation-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2023-28052",
"datePublished": "2023-06-23T09:02:08.343Z",
"dateReserved": "2023-03-10T05:01:43.872Z",
"dateUpdated": "2024-11-08T16:10:40.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38483 (GCVE-0-2024-38483)
Vulnerability from cvelistv5 – Published: 2024-08-14 09:24 – Updated: 2024-08-15 14:24
VLAI
Summary
Dell BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
Severity
5.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00022577… | vendor-advisory |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | Dell Client Platform BIOS |
Affected:
N/A , < 1.35.0
(semver)
Affected: N/A , < 2.32.0 (semver) Affected: N/A , < 1.26.0 (semver) |
|
| dell | latitude_5290_2-in-1_firmware |
Affected:
0 , < 1.35.0
(custom)
cpe:2.3:o:dell:latitude_5290_2-in-1_firmware:-:*:*:*:*:*:*:* |
|
| dell | precision_3420_tower_firmware |
Affected:
0 , < 2.32.0
(custom)
cpe:2.3:o:dell:precision_3420_tower_firmware:-:*:*:*:*:*:*:* |
|
| dell | precision_3620_tower_firmware |
Affected:
0 , < 2.32.0
(custom)
cpe:2.3:o:dell:precision_3620_tower_firmware:-:*:*:*:*:*:*:* |
|
| dell | wyse_7040_thin_client_firmware |
Affected:
0 , < 1.26.0
(custom)
cpe:2.3:o:dell:wyse_7040_thin_client_firmware:-:*:*:*:*:*:*:* |
Date Public
2024-08-13 06:30
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dell:latitude_5290_2-in-1_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "latitude_5290_2-in-1_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.35.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:precision_3420_tower_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "precision_3420_tower_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.32.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:precision_3620_tower_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "precision_3620_tower_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.32.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:wyse_7040_thin_client_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wyse_7040_thin_client_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.26.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38483",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-15T14:19:05.413802Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T14:24:22.170Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Dell Client Platform BIOS",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.35.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.32.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.26.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "CVE-2024-38483: Dell Technologies would like to thank codebreaker1337 for reporting this issue."
}
],
"datePublic": "2024-08-13T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution."
}
],
"value": "Dell BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T09:24:10.775Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000225776/dsa-2024-260"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-38483",
"datePublished": "2024-08-14T09:24:10.775Z",
"dateReserved": "2024-06-18T01:53:34.136Z",
"dateUpdated": "2024-08-15T14:24:22.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0158 (GCVE-0-2024-0158)
Vulnerability from cvelistv5 – Published: 2024-07-02 06:20 – Updated: 2024-08-01 17:41
VLAI
Summary
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability to modify a UEFI variable, leading to denial of service and escalation of privileges
Severity
5.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-in/00022014… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | CPG BIOS |
Affected:
N/A , < 1.28.0
(semver)
Affected: N/A , < 1.23.0 (semver) Affected: N/A , < 1.15.0 (semver) Affected: N/A , < 1.2.1 (semver) Affected: N/A , < 1.12.1 (semver) Affected: N/A , < 1.2.0 (semver) Affected: N/A , < 1.20.0 (semver) Affected: N/A , < 1.12.0 (semver) Affected: N/A , < 1.26.0 (semver) Affected: N/A , < 1.27.0 (semver) Affected: N/A , < 1.13.0 (semver) Affected: N/A , < 1.29.0 (semver) Affected: N/A , < 1.19.0 (semver) Affected: N/A , < 1.25.0 (semver) Affected: N/A , < 1.31.0 (semver) Affected: N/A , < 2.27.0 (semver) Affected: N/A , < 2.35.0 (semver) Affected: N/A , < 2.39.0 (semver) Affected: N/A , < 1.17.0 (semver) Affected: N/A , < 1.24.0 (semver) Affected: N/A , < 2.26.0 (semver) Affected: N/A , < 1.13.1 (semver) Affected: N/A , < 2.25.0 (semver) Affected: N/A , < 1.3.1 (semver) Affected: N/A , < 1.18.0 (semver) Affected: N/A , < 1.21.0 (semver) Affected: N/A , < 1.22.0 (semver) Affected: N/A , < 1.9.0 (semver) Affected: N/A , < 1.3.0 (semver) Affected: N/A , < 1.30.0 (semver) Affected: N/A , < 1.32.0 (semver) Affected: N/A , < 1.29..0 (semver) Affected: N/A , < 1.45.0 (semver) Affected: N/A , < 1.33.0 (semver) Affected: N/A , < 1.11.0 (semver) Affected: N/A , < 1.35.0 (semver) Affected: N/A , < 1.34.0 (semver) Affected: N/A , < 1.36.0 (semver) Affected: N/A , < 1.36.2 (semver) Affected: N/A , < 1.25.1 (semver) Affected: N/A , < 1.21.1 (semver) Affected: N/A , < 1.4.1 (semver) Affected: N/A , < 1.49.0 (semver) Affected: N/A , < 1.37.0 (semver) Affected: N/A , < 1.34.2 (semver) Affected: N/A , < 1.30.1 (semver) Affected: N/A , < 1.16.1 (semver) Affected: N/A , < 2.24.0 (semver) Affected: N/A , < 2.18.0 (semver) Affected: N/A , < 1.1.38 (semver) Affected: N/A , < 3.3.2 (semver) Affected: N/A , < 2.29.0 (semver) Affected: N/A , < 2.12.0 (semver) Affected: N/A , < 2.30.0 (semver) Affected: N/A , < 1.30.8 (semver) Affected: N/A , < 1.10.0 (semver) Affected: N/A , < 1.26.1 (semver) Affected: N/A , < 1.1.17 (semver) Affected: N/A , < 1.20.1 (semver) Affected: N/A , < 1.7.0 (semver) Affected: N/A , < 01.03.00 (semver) Affected: N/A , < 1.1.16 (semver) Affected: N/A , < 3.21.0 (semver) Affected: N/A , < 2.23.0 (semver) Affected: N/A , < 1.19.1 (semver) Affected: N/A , < 2.10.0 (semver) Affected: N/A , < 2.18.1 (semver) Affected: N/A , < 1.14.0 (semver) |
Date Public
2024-03-12 06:30
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0158",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-02T14:21:02.955425Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T14:21:13.009Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:41:16.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-in/000220141/dsa-2024-030-security-update-for-dell-client-bios-for-an-improper-input-validation-vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.28.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.15.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.2.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.12.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.2.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.20.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.12.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.26.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.27.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.13.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.29.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.19.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.25.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.31.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.27.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.35.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.39.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.17.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.24.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.26.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.13.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.25.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.3.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.18.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.21.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.22.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.9.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.3.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.30.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.32.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.29..0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.45.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.33.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.11.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.35.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.34.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.36.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.36.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.25.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.21.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.4.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.49.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.37.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.34.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.30.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.16.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.24.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.18.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.1.38",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "3.3.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.29.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.12.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.30.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.30.8",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.10.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.26.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.1.17",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.20.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.7.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "01.03.00",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.1.16",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "3.21.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.19.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.10.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.18.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.14.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-03-12T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability to modify a UEFI variable, leading to denial of service and escalation of privileges"
}
],
"value": "Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability to modify a UEFI variable, leading to denial of service and escalation of privileges"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T06:20:44.735Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-in/000220141/dsa-2024-030-security-update-for-dell-client-bios-for-an-improper-input-validation-vulnerability"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-0158",
"datePublished": "2024-07-02T06:20:44.735Z",
"dateReserved": "2023-12-14T05:30:35.591Z",
"dateUpdated": "2024-08-01T17:41:16.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22429 (GCVE-0-2024-22429)
Vulnerability from cvelistv5 – Published: 2024-05-17 15:20 – Updated: 2024-08-01 22:43
VLAI
Summary
Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00022110… | vendor-advisory |
Impacted products
16 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | CPG BIOS |
Affected:
N/A , < 2.36.0
(semver)
Affected: N/A , < 1.18.0 (semver) Affected: N/A , < 1.46.0 (semver) Affected: N/A , < 1.27.0 (semver) Affected: N/A , < 1.29.0 (semver) Affected: N/A , < 1.28.0 (semver) Affected: N/A , < 1.31.0 (semver) Affected: N/A , < 1.32.0 (semver) Affected: N/A , < 1.50.0 (semver) Affected: N/A , < 2.30.0 (semver) |
|
| dell | edge_gateway_3000_firmware |
Affected:
0 , < 1.18.0
(semver)
cpe:2.3:o:dell:edge_gateway_3000_firmware:-:*:*:*:*:*:*:* |
|
| dell | latitude_13_3380 |
Affected:
0 , < 1.27.0
(semver)
cpe:2.3:h:dell:latitude_13_3380:-:*:*:*:*:*:*:* |
|
| dell | latitude_3180_firmware |
Affected:
0 , < 1.29.0
(semver)
cpe:2.3:o:dell:latitude_3180_firmware:-:*:*:*:*:*:*:* |
|
| dell | latitude_3189_firmware |
Affected:
0 , < 1.29.0
(semver)
cpe:2.3:o:dell:latitude_3189_firmware:-:*:*:*:*:*:*:* |
|
| dell | latitude_3390_2-in-1 |
Affected:
0 , < 1.31.0
(semver)
cpe:2.3:h:dell:latitude_3390_2-in-1:-:*:*:*:*:*:*:* |
|
| dell | latitude_5414_firmware |
Affected:
0 , < 1.46.0
(semver)
cpe:2.3:o:dell:latitude_5414_firmware:-:*:*:*:*:*:*:* |
|
| dell | latitude_5424_firmware |
Affected:
0 , < 1.32.0
(semver)
cpe:2.3:a:dell:latitude_5424_firmware:*:*:*:*:*:*:*:* |
|
| dell | latitude_7414_rugged_extreme_firmware |
Affected:
0 , < 1.46.0
(semver)
cpe:2.3:o:dell:latitude_7414_rugged_extreme_firmware:-:*:*:*:*:*:*:* |
|
| dell | precision_3420_tower |
Affected:
0 , < 2.30.0
(semver)
cpe:2.3:h:dell:precision_3420_tower:-:*:*:*:*:*:*:* |
|
| dell | precision_3620_tower |
Affected:
0 , < 2.30.0
(semver)
cpe:2.3:h:dell:precision_3620_tower:-:*:*:*:*:*:*:* |
|
| dell | latitude_5280_firmware |
Affected:
0 , < 2.36.0
(semver)
cpe:2.3:o:dell:latitude_5280_firmware:-:*:*:*:*:*:*:* |
|
| dell | latitude_12_rugged_extreme_7214_firmware |
Affected:
0 , < 1.46.0
(semver)
cpe:2.3:o:dell:latitude_12_rugged_extreme_7214_firmware:-:*:*:*:*:*:*:* |
|
| dell | latitude_3300_firmware |
Affected:
0 , < 1.28.0
(semver)
cpe:2.3:o:dell:latitude_3300_firmware:-:*:*:*:*:*:*:* |
|
| dell | latitude_7212_rugged_extreme_tablet_firmware |
Affected:
0 , < 1.50.0
(semver)
cpe:2.3:a:dell:latitude_7212_rugged_extreme_tablet_firmware:*:*:*:*:*:*:*:* |
|
| dell | wyse_5070 |
Affected:
0 , < 1.31.0
(semver)
cpe:2.3:h:dell:wyse_5070:-:*:*:*:*:*:*:* |
Date Public
2024-05-14 06:30
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dell:edge_gateway_3000_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "edge_gateway_3000_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.18.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:h:dell:latitude_13_3380:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "latitude_13_3380",
"vendor": "dell",
"versions": [
{
"lessThan": "1.27.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:latitude_3180_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "latitude_3180_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.29.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:latitude_3189_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "latitude_3189_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.29.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:h:dell:latitude_3390_2-in-1:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "latitude_3390_2-in-1",
"vendor": "dell",
"versions": [
{
"lessThan": "1.31.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:latitude_5414_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "latitude_5414_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.46.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:dell:latitude_5424_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "latitude_5424_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.32.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:latitude_7414_rugged_extreme_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "latitude_7414_rugged_extreme_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.46.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:h:dell:precision_3420_tower:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "precision_3420_tower",
"vendor": "dell",
"versions": [
{
"lessThan": "2.30.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:h:dell:precision_3620_tower:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "precision_3620_tower",
"vendor": "dell",
"versions": [
{
"lessThan": "2.30.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:latitude_5280_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "latitude_5280_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "2.36.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:latitude_12_rugged_extreme_7214_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "latitude_12_rugged_extreme_7214_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.46.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:dell:latitude_3300_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "latitude_3300_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.28.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:dell:latitude_7212_rugged_extreme_tablet_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "latitude_7212_rugged_extreme_tablet_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "1.50.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:h:dell:wyse_5070:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "wyse_5070",
"vendor": "dell",
"versions": [
{
"lessThan": "1.31.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22429",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T13:54:51.026876Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T14:03:23.200Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:43:35.008Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000221102/dsa-2024-020"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.36.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.18.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.46.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.27.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.29.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.28.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.31.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.32.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.50.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "2.30.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dell would like to thank schur of BUPT, Dubhe Lab for reporting this issue."
}
],
"datePublic": "2024-05-14T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution."
}
],
"value": "Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-17T15:20:16.147Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000221102/dsa-2024-020"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-22429",
"datePublished": "2024-05-17T15:20:16.147Z",
"dateReserved": "2024-01-10T15:23:01.337Z",
"dateUpdated": "2024-08-01T22:43:35.008Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-48674 (GCVE-0-2023-48674)
Vulnerability from cvelistv5 – Published: 2024-03-01 12:35 – Updated: 2024-08-02 21:37
VLAI
Summary
Dell Platform BIOS contains an Improper Null Termination vulnerability. A high privilege user with network access to the system could potentially send malicious data to the device in order to cause some services to cease to function.
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-170 - Improper Null Termination
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00022041… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | CPG BIOS |
Affected:
N/A , < 1.28.0
(semver)
Affected: N/A , < 1.27.1 (semver) Affected: N/A , < 1.24.0 (semver) Affected: N/A , < 1.12.0 (semver) Affected: N/A , < 1.32.0 (semver) Affected: N/A , < 1.26.0 (semver) Affected: N/A , < 1.27.0 (semver) Affected: N/A , < 1.11.0 (semver) Affected: N/A , < 1.20.0 (semver) Affected: N/A , < 1.9.0 (semver) Affected: N/A , < 3.20.0 (semver) Affected: N/A , < 1.17.0 (semver) |
Date Public
2024-02-13 06:30
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-48674",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-05T19:14:09.277249Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:27:37.432Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:37:54.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000220410/dsa-2023-467"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.28.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.27.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.24.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.12.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.32.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.26.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.27.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.11.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.20.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.9.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "3.20.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "1.17.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-02-13T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell Platform BIOS contains an Improper Null Termination vulnerability. A high privilege user with network access to the system could potentially send malicious data to the device in order to cause some services to cease to function."
}
],
"value": "Dell Platform BIOS contains an Improper Null Termination vulnerability. A high privilege user with network access to the system could potentially send malicious data to the device in order to cause some services to cease to function."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-170",
"description": "CWE-170: Improper Null Termination",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-01T12:49:58.995Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000220410/dsa-2023-467"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2023-48674",
"datePublished": "2024-03-01T12:35:56.866Z",
"dateReserved": "2023-11-17T06:17:23.509Z",
"dateUpdated": "2024-08-02T21:37:54.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28075 (GCVE-0-2023-28075)
Vulnerability from cvelistv5 – Published: 2023-08-16 19:15 – Updated: 2024-10-08 19:02
VLAI
Summary
Dell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS. A local authenticated malicious user with physical access to the system could potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI in order to gain arbitrary code execution on the system.
Severity
6.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00021281… | vendor-advisory |
Impacted products
Date Public
2023-08-08 06:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:23.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000212817/dsa-2023-152-security-update-for-a-dell-client-bios-vulnerability"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dell:cpg_bios:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "cpg_bios",
"vendor": "dell",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28075",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T19:01:58.435016Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T19:02:39.400Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
}
],
"datePublic": "2023-08-08T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS. A local authenticated malicious user with physical access to the system could potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI in order to gain arbitrary code execution on the system.\u003c/span\u003e\n\n"
}
],
"value": "\nDell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS. A local authenticated malicious user with physical access to the system could potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI in order to gain arbitrary code execution on the system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-16T19:15:41.959Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000212817/dsa-2023-152-security-update-for-a-dell-client-bios-vulnerability"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2023-28075",
"datePublished": "2023-08-16T19:15:41.959Z",
"dateReserved": "2023-03-10T05:07:55.141Z",
"dateUpdated": "2024-10-08T19:02:39.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28058 (GCVE-0-2023-28058)
Vulnerability from cvelistv5 – Published: 2023-06-23 10:30 – Updated: 2024-11-07 21:07
VLAI
Summary
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
Severity
5.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00021220… | vendor-advisory |
Date Public
2023-06-14 06:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:23.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000212204/dsa-2023-099-dell-client-bios-security-update-for-multiple-improper-input-validation-vulnerabilities"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28058",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T21:06:57.836824Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T21:07:06.911Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
}
],
"datePublic": "2023-06-14T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.\u003c/span\u003e\n\n"
}
],
"value": "\nDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T10:30:27.581Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000212204/dsa-2023-099-dell-client-bios-security-update-for-multiple-improper-input-validation-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2023-28058",
"datePublished": "2023-06-23T10:30:27.581Z",
"dateReserved": "2023-03-10T05:01:55.232Z",
"dateUpdated": "2024-11-07T21:07:06.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28050 (GCVE-0-2023-28050)
Vulnerability from cvelistv5 – Published: 2023-06-23 10:25 – Updated: 2024-11-07 21:09
VLAI
Summary
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
Severity
5.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00021220… | vendor-advisory |
Date Public
2023-06-14 06:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:22.772Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000212204/dsa-2023-099-dell-client-bios-security-update-for-multiple-improper-input-validation-vulnerabilities"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28050",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T21:07:21.607702Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T21:09:09.993Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
}
],
"datePublic": "2023-06-14T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.\u003c/span\u003e\n\n"
}
],
"value": "\nDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T10:25:56.877Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000212204/dsa-2023-099-dell-client-bios-security-update-for-multiple-improper-input-validation-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2023-28050",
"datePublished": "2023-06-23T10:25:56.877Z",
"dateReserved": "2023-03-10T05:01:43.871Z",
"dateUpdated": "2024-11-07T21:09:09.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28026 (GCVE-0-2023-28026)
Vulnerability from cvelistv5 – Published: 2023-06-23 10:23 – Updated: 2024-12-04 14:43
VLAI
Summary
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
Severity
5.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00021220… | vendor-advisory |
Date Public
2023-06-14 06:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:23:30.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000212204/dsa-2023-099-dell-client-bios-security-update-for-multiple-improper-input-validation-vulnerabilities"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28026",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-04T14:43:48.808973Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-04T14:43:58.513Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
}
],
"datePublic": "2023-06-14T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.\u003c/span\u003e\n\n"
}
],
"value": "\nDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T10:23:05.908Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000212204/dsa-2023-099-dell-client-bios-security-update-for-multiple-improper-input-validation-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2023-28026",
"datePublished": "2023-06-23T10:23:05.908Z",
"dateReserved": "2023-03-10T04:57:40.870Z",
"dateUpdated": "2024-12-04T14:43:58.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28044 (GCVE-0-2023-28044)
Vulnerability from cvelistv5 – Published: 2023-06-23 10:20 – Updated: 2024-11-07 21:09
VLAI
Summary
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
Severity
5.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00021220… | vendor-advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:22.690Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000212204/dsa-2023-099-dell-client-bios-security-update-for-multiple-improper-input-validation-vulnerabilities"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28044",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T21:09:18.405245Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T21:09:31.489Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.\u003c/span\u003e\n\n"
}
],
"value": "\nDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T10:20:01.132Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000212204/dsa-2023-099-dell-client-bios-security-update-for-multiple-improper-input-validation-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2023-28044",
"datePublished": "2023-06-23T10:20:01.132Z",
"dateReserved": "2023-03-10T04:59:39.426Z",
"dateUpdated": "2024-11-07T21:09:31.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28060 (GCVE-0-2023-28060)
Vulnerability from cvelistv5 – Published: 2023-06-23 10:17 – Updated: 2024-11-07 21:26
VLAI
Summary
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
Severity
5.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00021220… | vendor-advisory |
Date Public
2023-06-14 06:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:22.781Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000212204/dsa-2023-099-dell-client-bios-security-update-for-multiple-improper-input-validation-vulnerabilities"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28060",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T21:26:23.822877Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T21:26:38.861Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
}
],
"datePublic": "2023-06-14T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.\u003c/span\u003e\n\n"
}
],
"value": "\nDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T10:17:46.249Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000212204/dsa-2023-099-dell-client-bios-security-update-for-multiple-improper-input-validation-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2023-28060",
"datePublished": "2023-06-23T10:17:46.249Z",
"dateReserved": "2023-03-10T05:01:55.232Z",
"dateUpdated": "2024-11-07T21:26:38.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}