Search
Find a vulnerability
Search criteria
2 vulnerabilities found for xc6320_hyperconverged_appliance_firmware by dell
CVE-2023-32460 (GCVE-0-2023-32460)
Vulnerability from nvd – Published: 2023-12-08 05:37 – Updated: 2024-08-02 15:18
VLAI
EPSS
VEX
Summary
Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.
Severity
8.8 (High)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00021955… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | PowerEdge Platform |
Affected:
Versions prior to 1.6.6
Affected: Versions prior to 1.3.6 Affected: Versions prior to 1.1.2 Affected: Versions prior to 1.12.1 Affected: Versions prior to 1.8.1 Affected: Versions prior to 1.13.3 Affected: Versions prior to 2.13.3 Affected: Versions prior to 2.20.1 Affected: Versions prior to 2.20.0 Affected: Versions prior to 2.15.1 Affected: Versions prior to 1.21.0 Affected: Versions prior to 2.18.1 Affected: Versions prior to 2.13.0 Affected: Versions prior to 2.18.2 Affected: Versions prior to 1.18.1 Affected: Versions prior to 2.19.1 |
Date Public
2023-12-07 06:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:18:37.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000219550/dsa-2023-361-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"BIOS"
],
"product": "PowerEdge Platform",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "Versions prior to 1.6.6"
},
{
"status": "affected",
"version": "Versions prior to 1.3.6"
},
{
"status": "affected",
"version": "Versions prior to 1.1.2"
},
{
"status": "affected",
"version": "Versions prior to 1.12.1"
},
{
"status": "affected",
"version": "Versions prior to 1.8.1"
},
{
"status": "affected",
"version": "Versions prior to 1.13.3"
},
{
"status": "affected",
"version": "Versions prior to 2.13.3"
},
{
"status": "affected",
"version": "Versions prior to 2.20.1"
},
{
"status": "affected",
"version": "Versions prior to 2.20.0"
},
{
"status": "affected",
"version": "Versions prior to 2.15.1"
},
{
"status": "affected",
"version": "Versions prior to 1.21.0"
},
{
"status": "affected",
"version": "Versions prior to 2.18.1 "
},
{
"status": "affected",
"version": "Versions prior to 2.13.0\u202f "
},
{
"status": "affected",
"version": "Versions prior to 2.18.2 "
},
{
"status": "affected",
"version": "Versions prior to 1.18.1\u202f "
},
{
"status": "affected",
"version": "Versions prior to 2.19.1\u202f "
}
]
}
],
"datePublic": "2023-12-07T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.\u003c/span\u003e\n\n"
}
],
"value": "\nDell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-08T05:37:52.680Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000219550/dsa-2023-361-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerability"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2023-32460",
"datePublished": "2023-12-08T05:37:52.680Z",
"dateReserved": "2023-05-09T06:05:24.994Z",
"dateUpdated": "2024-08-02T15:18:37.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32460 (GCVE-0-2023-32460)
Vulnerability from cvelistv5 – Published: 2023-12-08 05:37 – Updated: 2024-08-02 15:18
VLAI
EPSS
VEX
Summary
Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.
Severity
8.8 (High)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00021955… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | PowerEdge Platform |
Affected:
Versions prior to 1.6.6
Affected: Versions prior to 1.3.6 Affected: Versions prior to 1.1.2 Affected: Versions prior to 1.12.1 Affected: Versions prior to 1.8.1 Affected: Versions prior to 1.13.3 Affected: Versions prior to 2.13.3 Affected: Versions prior to 2.20.1 Affected: Versions prior to 2.20.0 Affected: Versions prior to 2.15.1 Affected: Versions prior to 1.21.0 Affected: Versions prior to 2.18.1 Affected: Versions prior to 2.13.0 Affected: Versions prior to 2.18.2 Affected: Versions prior to 1.18.1 Affected: Versions prior to 2.19.1 |
Date Public
2023-12-07 06:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:18:37.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000219550/dsa-2023-361-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"BIOS"
],
"product": "PowerEdge Platform",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "Versions prior to 1.6.6"
},
{
"status": "affected",
"version": "Versions prior to 1.3.6"
},
{
"status": "affected",
"version": "Versions prior to 1.1.2"
},
{
"status": "affected",
"version": "Versions prior to 1.12.1"
},
{
"status": "affected",
"version": "Versions prior to 1.8.1"
},
{
"status": "affected",
"version": "Versions prior to 1.13.3"
},
{
"status": "affected",
"version": "Versions prior to 2.13.3"
},
{
"status": "affected",
"version": "Versions prior to 2.20.1"
},
{
"status": "affected",
"version": "Versions prior to 2.20.0"
},
{
"status": "affected",
"version": "Versions prior to 2.15.1"
},
{
"status": "affected",
"version": "Versions prior to 1.21.0"
},
{
"status": "affected",
"version": "Versions prior to 2.18.1 "
},
{
"status": "affected",
"version": "Versions prior to 2.13.0\u202f "
},
{
"status": "affected",
"version": "Versions prior to 2.18.2 "
},
{
"status": "affected",
"version": "Versions prior to 1.18.1\u202f "
},
{
"status": "affected",
"version": "Versions prior to 2.19.1\u202f "
}
]
}
],
"datePublic": "2023-12-07T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.\u003c/span\u003e\n\n"
}
],
"value": "\nDell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-08T05:37:52.680Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000219550/dsa-2023-361-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerability"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2023-32460",
"datePublished": "2023-12-08T05:37:52.680Z",
"dateReserved": "2023-05-09T06:05:24.994Z",
"dateUpdated": "2024-08-02T15:18:37.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}