Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for latitude_7330_rugged_firmware by dell

    CVE-2023-39251 (GCVE-0-2023-39251)

    Vulnerability from nvd – Published: 2023-12-22 17:55 – Updated: 2024-08-02 18:02
    VLAI
    Summary
    Dell BIOS contains an Improper Input Validation vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability in order to corrupt memory on the system.
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell CPG BIOS Affected: Versions prior to 1.20.0
    Affected: Versions prior to 1.23.0
    Affected: Versions prior to 1.27.0
    Affected: Versions prior to 1.25.0
    Affected: Versions prior to 1.24.0
    Create a notification for this product.
    Date Public
    2023-12-19 06:30
    Credits
    Dell Technologies would like to thank Eason for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:02:06.678Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000217707/dsa-2023-342"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Inspiron 7510",
                "Inspiron 7610",
                "Latitude 5430 Rugged Laptop",
                "Latitude 5521",
                "Latitude 7330 Rugged Laptop",
                "Precision 3561",
                "Precision 5560",
                "Precision 5760",
                "Precision 7560",
                "Precision 7760",
                "Vostro 7510",
                "XPS 15 9510",
                "XPS 17 9710"
              ],
              "product": "CPG BIOS",
              "vendor": "Dell",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions prior to 1.20.0"
                },
                {
                  "status": "affected",
                  "version": "Versions prior to 1.23.0"
                },
                {
                  "status": "affected",
                  "version": "Versions prior to 1.27.0"
                },
                {
                  "status": "affected",
                  "version": "Versions prior to 1.25.0"
                },
                {
                  "status": "affected",
                  "version": "Versions prior to 1.24.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Dell Technologies would like to thank Eason for reporting this issue."
            }
          ],
          "datePublic": "2023-12-19T06:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell BIOS contains an Improper Input Validation vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability in order to corrupt memory on the system.\u003c/span\u003e\n\n"
                }
              ],
              "value": "\nDell BIOS contains an Improper Input Validation vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability in order to corrupt memory on the system.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-22T17:55:18.705Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000217707/dsa-2023-342"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2023-39251",
        "datePublished": "2023-12-22T17:55:18.705Z",
        "dateReserved": "2023-07-26T08:15:44.773Z",
        "dateUpdated": "2024-08-02T18:02:06.678Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39251 (GCVE-0-2023-39251)

    Vulnerability from cvelistv5 – Published: 2023-12-22 17:55 – Updated: 2024-08-02 18:02
    VLAI
    Summary
    Dell BIOS contains an Improper Input Validation vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability in order to corrupt memory on the system.
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell CPG BIOS Affected: Versions prior to 1.20.0
    Affected: Versions prior to 1.23.0
    Affected: Versions prior to 1.27.0
    Affected: Versions prior to 1.25.0
    Affected: Versions prior to 1.24.0
    Create a notification for this product.
    Date Public
    2023-12-19 06:30
    Credits
    Dell Technologies would like to thank Eason for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:02:06.678Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000217707/dsa-2023-342"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Inspiron 7510",
                "Inspiron 7610",
                "Latitude 5430 Rugged Laptop",
                "Latitude 5521",
                "Latitude 7330 Rugged Laptop",
                "Precision 3561",
                "Precision 5560",
                "Precision 5760",
                "Precision 7560",
                "Precision 7760",
                "Vostro 7510",
                "XPS 15 9510",
                "XPS 17 9710"
              ],
              "product": "CPG BIOS",
              "vendor": "Dell",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions prior to 1.20.0"
                },
                {
                  "status": "affected",
                  "version": "Versions prior to 1.23.0"
                },
                {
                  "status": "affected",
                  "version": "Versions prior to 1.27.0"
                },
                {
                  "status": "affected",
                  "version": "Versions prior to 1.25.0"
                },
                {
                  "status": "affected",
                  "version": "Versions prior to 1.24.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Dell Technologies would like to thank Eason for reporting this issue."
            }
          ],
          "datePublic": "2023-12-19T06:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell BIOS contains an Improper Input Validation vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability in order to corrupt memory on the system.\u003c/span\u003e\n\n"
                }
              ],
              "value": "\nDell BIOS contains an Improper Input Validation vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability in order to corrupt memory on the system.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-22T17:55:18.705Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000217707/dsa-2023-342"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2023-39251",
        "datePublished": "2023-12-22T17:55:18.705Z",
        "dateReserved": "2023-07-26T08:15:44.773Z",
        "dateUpdated": "2024-08-02T18:02:06.678Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }