Vulnerabilites related to dell - latitude_7330_rugged_firmware
Vulnerability from fkie_nvd
Published
2023-12-22 18:15
Modified
2024-11-21 08:14
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:L
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Dell BIOS contains an Improper Input Validation vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability in order to corrupt memory on the system.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:inspiron_7510_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7CCD50FE-E4F3-48E3-A0D1-B9347E7414B5", versionEndExcluding: "1.20.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:inspiron_7510:-:*:*:*:*:*:*:*", matchCriteriaId: "2793ECA0-0C7B-41A1-BC9B-F388D6E6B8B9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:inspiron_7610_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D1AC697E-9535-42E1-AAF7-6A59A270B38B", versionEndExcluding: "1.20.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:inspiron_7610:-:*:*:*:*:*:*:*", matchCriteriaId: "FD64EB37-6B29-432A-A698-302F7CEE6E39", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:latitude_5430_rugged_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9A289588-85FE-419E-BB73-D92A7214E825", versionEndExcluding: "1.23.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:latitude_5430_rugged:-:*:*:*:*:*:*:*", matchCriteriaId: "706F3E4E-57D8-4F01-AE71-C71B19D42FAE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:latitude_5521_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6E48645B-5253-4617-811A-70FD13BC34E9", versionEndExcluding: "1.27.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:latitude_5521:-:*:*:*:*:*:*:*", matchCriteriaId: "1BA0B010-1BD4-4D73-A67A-F89694606BAB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:latitude_7330_rugged_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EA3DD9BB-F853-456E-B1A2-BEB1815B1999", versionEndExcluding: "1.23.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:latitude_7330_rugged:-:*:*:*:*:*:*:*", matchCriteriaId: "9E66577E-7CA6-4D09-81C2-55CD31C228E2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:precision_3561_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "348FF513-FBFC-4D76-A2C9-91E7799AC13F", versionEndExcluding: "1.27.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:precision_3561:-:*:*:*:*:*:*:*", matchCriteriaId: "464062AC-12E9-4EF6-A20B-71DF0DA4AC60", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:precision_5560_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "00E7FB25-485A-497F-AE83-0F51CD629BD0", versionEndExcluding: "1.25.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:precision_5560:-:*:*:*:*:*:*:*", matchCriteriaId: "5574BCEC-24B9-4C6C-8918-968972E39513", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:precision_5760_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3743575A-B225-46D5-912C-27880F5E7787", versionEndExcluding: "1.24.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:precision_5760:-:*:*:*:*:*:*:*", matchCriteriaId: "EDFA9122-5B13-4653-AF92-751EB72F40F6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:precision_7560_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "682A12DB-0554-47AF-AFA6-41A29374BFC5", versionEndExcluding: "1.27.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:precision_7560:-:*:*:*:*:*:*:*", matchCriteriaId: "23528F3E-4F26-4C23-BA0B-629597AD1991", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:precision_7760_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C7E722FD-30B9-4028-9528-CDB5B8C91667", versionEndExcluding: "1.27.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:precision_7760:-:*:*:*:*:*:*:*", matchCriteriaId: "D9DBAAF4-D6A8-4447-B592-DC27609B373F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:vostro_7510_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5F08CB51-37EE-4C85-B27A-6077E4B99F74", versionEndExcluding: "1.20.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:vostro_7510:-:*:*:*:*:*:*:*", matchCriteriaId: "FA54293A-A09E-4089-B86B-B49616F01AF2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:xps_15_9510_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "69263598-26EC-4484-864A-72BD4504779C", versionEndExcluding: "1.25.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:xps_15_9510:-:*:*:*:*:*:*:*", matchCriteriaId: "C80D4578-6ABA-4E78-B8CB-385968AD2D75", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:xps_17_9710_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4F6D8A92-39F3-4A02-8D07-CF271F3DA054", versionEndExcluding: "1.24.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:xps_17_9710:-:*:*:*:*:*:*:*", matchCriteriaId: "EF4DACC8-3DBD-442D-807D-6A5AFDF00B56", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "\nDell BIOS contains an Improper Input Validation vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability in order to corrupt memory on the system.\n\n", }, { lang: "es", value: "Dell BIOS contiene una vulnerabilidad de validación de entrada incorrecta. Un usuario malicioso local con altos privilegios podría explotar esta vulnerabilidad para dañar la memoria del sistema.", }, ], id: "CVE-2023-39251", lastModified: "2024-11-21T08:14:59.697", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:L", version: "3.1", }, exploitabilityScore: 1.5, impactScore: 4.7, source: "security_alert@emc.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-22T18:15:07.317", references: [ { source: "security_alert@emc.com", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000217707/dsa-2023-342", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000217707/dsa-2023-342", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "security_alert@emc.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2023-39251
Vulnerability from cvelistv5
Published
2023-12-22 17:55
Modified
2024-08-02 18:02
Severity ?
EPSS score ?
Summary
Dell BIOS contains an Improper Input Validation vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability in order to corrupt memory on the system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.dell.com/support/kbdoc/en-us/000217707/dsa-2023-342 | vendor-advisory |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:02:06.678Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.dell.com/support/kbdoc/en-us/000217707/dsa-2023-342", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Inspiron 7510", "Inspiron 7610", "Latitude 5430 Rugged Laptop", "Latitude 5521", "Latitude 7330 Rugged Laptop", "Precision 3561", "Precision 5560", "Precision 5760", "Precision 7560", "Precision 7760", "Vostro 7510", "XPS 15 9510", "XPS 17 9710", ], product: "CPG BIOS", vendor: "Dell", versions: [ { status: "affected", version: "Versions prior to 1.20.0", }, { status: "affected", version: "Versions prior to 1.23.0", }, { status: "affected", version: "Versions prior to 1.27.0", }, { status: "affected", version: "Versions prior to 1.25.0", }, { status: "affected", version: "Versions prior to 1.24.0", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Dell Technologies would like to thank Eason for reporting this issue.", }, ], datePublic: "2023-12-19T06:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Dell BIOS contains an Improper Input Validation vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability in order to corrupt memory on the system.</span>\n\n", }, ], value: "\nDell BIOS contains an Improper Input Validation vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability in order to corrupt memory on the system.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20: Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-22T17:55:18.705Z", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000217707/dsa-2023-342", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2023-39251", datePublished: "2023-12-22T17:55:18.705Z", dateReserved: "2023-07-26T08:15:44.773Z", dateUpdated: "2024-08-02T18:02:06.678Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }