cvelistv5 - cve-2023-25537

CVE-2023-25537 (GCVE-0-2023-25537)

Vulnerability from cvelistv5 – Published: 2023-05-22 10:48 – Updated: 2025-01-21 15:07

Summary

Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.

Severity ?

6.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

CWE

CWE-787 - Out-of-bounds Write

Assigner

dell

References

URL

Tags

https://www.dell.com/support/kbdoc/en-us/00021355…

vendor-advisory

Impacted products

	Vendor	Product	Version
	Dell	PowerEdge Platform	Affected: Versions prior to 2.18.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:25:18.634Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/kbdoc/en-us/000213550/dsa-2023-098-security-update-for-dell-poweredge-14g-server-bios-for-an-out-of-bounds-write-vulnerability"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-25537",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-21T15:06:34.370163Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-21T15:07:54.481Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "BIOS",
            "PowerEdge R740",
            "PowerEdge R740XD",
            "PowerEdge R640",
            "PowerEdge R940",
            "PowerEdge R540",
            "PowerEdge R440",
            "PowerEdge T440",
            "PowerEdge XR2",
            "PowerEdge R740xD2",
            "PowerEdge R840",
            "PowerEdge R940xa",
            "PowerEdge T640",
            "PowerEdge C6420",
            "PowerEdge FC640",
            "PowerEdge M640",
            "PowerEdge M640 (for PE VRTX)",
            "PowerEdge MX740c",
            "PowerEdge MX840c",
            "PowerEdge C4140",
            "DSS 8440",
            "PowerEdge XE2420",
            "PowerEdge XE7420",
            "PowerEdge XE7440",
            "Dell EMC Storage NX3240",
            "Dell EMC Storage NX3340",
            "Dell EMC XC Core 6420 System",
            "Dell EMC XC Core XC640 System",
            "Dell EMC XC Core XC740xd System",
            "Dell EMC XC Core XC740xd2",
            "Dell EMC XC Core XC940 System",
            "Dell EMC XC Core XCXR2"
          ],
          "product": "PowerEdge Platform",
          "vendor": "Dell",
          "versions": [
            {
              "status": "affected",
              "version": "Versions prior to 2.18.1 "
            }
          ]
        }
      ],
      "datePublic": "2023-05-15T06:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.\u003c/span\u003e\n\n"
            }
          ],
          "value": "\nDell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787: Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-22T10:48:45.847Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000213550/dsa-2023-098-security-update-for-dell-poweredge-14g-server-bios-for-an-out-of-bounds-write-vulnerability"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2023-25537",
    "datePublished": "2023-05-22T10:48:45.847Z",
    "dateReserved": "2023-02-07T09:35:27.079Z",
    "dateUpdated": "2025-01-21T15:07:54.481Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:poweredge_r740_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.18.1\", \"matchCriteriaId\": \"B37675EF-6040-4F8A-A5C2-44E715B8AD21\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dell:poweredge_r740:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DE562535-3D9B-4A82-AC0D-6A2225E63E8D\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:poweredge_r740xd_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.18.1\", \"matchCriteriaId\": \"60523971-FED3-440E-A82C-AF88D48DEA44\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dell:poweredge_r740xd:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"868ECD3F-77CD-4F5D-86E5-61689E4C5BA0\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:poweredge_r640_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.18.1\", \"matchCriteriaId\": \"E95A1EDC-D580-4976-8A54-EB5D1A992DBA\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dell:poweredge_r640:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"81416C16-D7FA-4165-BB0E-6458A4EA5AEE\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:poweredge_r940_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.18.1\", \"matchCriteriaId\": \"222DF748-DA7B-4DF2-868B-67E6674FAE7C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dell:poweredge_r940:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B581E1DE-4E94-49E5-B5CF-2A94B2570708\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:poweredge_r540_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.18.1\", \"matchCriteriaId\": \"947180B0-04CE-4BAE-BC7A-625656A90631\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dell:poweredge_r540:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"73B27F54-3CE3-4A5F-BBA1-2C6ED5316B47\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:poweredge_r440_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.18.1\", \"matchCriteriaId\": \"A142530D-DD9C-4EA5-BE09-10A8DDBBB957\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dell:poweredge_r440:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EBC3957E-791A-4052-A9C4-F3ECBD746E37\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:poweredge_t440_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.18.1\", \"matchCriteriaId\": \"15D9902E-9BDF-4E56-9A72-FC2D84DDBB6F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dell:poweredge_t440:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"28F97F1A-B41E-4CC5-B668-8C194CE2C29E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:poweredge_xr2_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.18.1\", \"matchCriteriaId\": \"CF6D1AA1-7DC5-48B1-9A0D-D18101C66BB0\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dell:poweredge_xr2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"88EC4390-C39F-4E56-9631-B8A22986690D\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:poweredge_r740xd2_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.18.1\", \"matchCriteriaId\": \"FC4EC25A-5544-4B3F-B173-FF0A54FD9F39\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dell:poweredge_r740xd2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A5395D3F-58D4-49F9-AA2F-0D5C6D8C4651\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:poweredge_r840_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.18.1\", \"matchCriteriaId\": \"3B1CF99B-0D79-4A02-B847-D32E473529FF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dell:poweredge_r840:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E058B9C6-CD1C-42F5-8781-05450254E9E5\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:poweredge_r940xa_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.18.1\", \"matchCriteriaId\": \"E901926A-84F1-4799-8B6F-1C8A481210A1\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dell:poweredge_r940xa:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3D143853-3D62-4AD7-B899-F726036A34D2\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:poweredge_t640_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.18.1\", \"matchCriteriaId\": \"A675F7CB-D3C3-4378-A322-1ED1299D05DC\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dell:poweredge_t640:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1DEC0235-DDA1-4EE4-B3F8-512F1B29AFC6\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:poweredge_c6420_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.18.1\", \"matchCriteriaId\": \"FF28AE6F-A2D3-4972-8777-FD91B9F6DEFF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dell:poweredge_c6420:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"027D86DE-076F-4CE9-9DE9-E6976C655E8F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:poweredge_fc640_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.18.1\", \"matchCriteriaId\": \"C6E643BF-C1E1-4B72-9904-0EDD5AD6FD60\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dell:poweredge_fc640:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E9C59D4B-1122-4782-A686-559E7DF8C3C9\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:poweredge_m640_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.18.1\", \"matchCriteriaId\": \"C8D7ED32-1674-4F10-B1F8-B30FCF5232A8\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dell:poweredge_m640:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F8B50A1-577F-451E-8D03-C8A6A78000DC\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:poweredge_mx740c_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.18.1\", \"matchCriteriaId\": \"296BDDBF-6C54-4D65-8C9D-C4639074A9AD\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dell:poweredge_mx740c:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"757039D5-60B9-40B0-B719-38E27409BDDE\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:poweredge_mx840c_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.18.1\", \"matchCriteriaId\": \"31A27B9B-3B03-41C5-913F-1119B6E7E238\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dell:poweredge_mx840c:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E4305D0F-CB59-49D5-8D21-8ECC3342C36C\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:poweredge_c4140_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.18.1\", \"matchCriteriaId\": \"630E8769-99DD-4062-8BC4-A793816C5D76\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dell:poweredge_c4140:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F9ACC9B8-C046-4304-BA58-7D6D7945BE95\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:dss_8440_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.18.1\", \"matchCriteriaId\": \"F862C85D-F4DC-4B11-826A-C6AD3AEBB0A8\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dell:dss_8440:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"239C2103-C4BB-4C6A-8E09-C6F7D52024D3\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:poweredge_xe2420_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.18.1\", \"matchCriteriaId\": \"AAF0FAAA-AD3C-476D-AAF5-C566A1B1E865\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dell:poweredge_xe2420:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"30D12E41-8F03-435C-B137-CD3465923E5C\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:poweredge_xe7420_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.18.1\", \"matchCriteriaId\": \"43348CD0-0B16-4798-85B3-58017417B7C2\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dell:poweredge_xe7420:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB402EFE-DEFF-40D1-B1C8-8A7D6923669E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:poweredge_xe7440_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.18.1\", \"matchCriteriaId\": \"372DC8AD-61A4-4353-B7DE-71DFA5440401\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dell:poweredge_xe7440:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EB265071-7294-4317-A854-0D90844CDC17\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:emc_storage_nx3240_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.18.1\", \"matchCriteriaId\": \"58815A75-5427-48FE-98E5-6FBF5D022E46\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dell:emc_storage_nx3240:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EFCDCB3C-4995-4211-8592-3D7F94098A26\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:emc_storage_nx3340_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.18.1\", \"matchCriteriaId\": \"C6C5E7C0-E28C-4D45-AC2D-518FC3E72D49\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dell:emc_storage_nx3340:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"66F375D2-85E4-4994-AE90-99D25A50F9AD\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:emc_xc_core_6420_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.18.1\", \"matchCriteriaId\": \"B14BA9CF-84BE-406F-AE9C-48418E9045B3\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dell:emc_xc_core_6420:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A54DBA6D-E506-4557-8659-1707F6C9D02F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:emc_xc_core_xc640_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.18.1\", \"matchCriteriaId\": \"4884D9D6-3EE9-4041-9D9D-188215F8C73D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dell:emc_xc_core_xc640:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8EE5A591-AFD4-43B0-9383-B2F306940679\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:emc_xc_core_xc740xd_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.18.1\", \"matchCriteriaId\": \"D897026E-70E2-40E7-A59C-E6A1F0FDFA02\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dell:emc_xc_core_xc740xd:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7AD7E6DE-4B9B-4C23-81A1-D8D52D2E4215\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:emc_xc_core_xc740xd2_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.18.1\", \"matchCriteriaId\": \"B1D21691-AA78-4603-9E46-12D3B4D64411\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dell:emc_xc_core_xc740xd2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0127228B-FBC4-4C66-AFA1-749C151F79C5\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:emc_xc_core_xc940_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.18.1\", \"matchCriteriaId\": \"533FF26E-95F7-4CD7-BBCA-9A80831489A9\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dell:emc_xc_core_xc940:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A160D84-3C5D-4789-8AF3-B006A5956B3F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:emc_xc_core_xcxr2_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.18.1\", \"matchCriteriaId\": \"120AA799-23AE-4D51-8EC2-11A59A1E0EAB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dell:emc_xc_core_xcxr2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2FF8CC72-C32F-476D-86D3-CFF022185D76\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"\\nDell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.\\n\\n\"}]",
      "id": "CVE-2023-25537",
      "lastModified": "2024-11-21T07:49:41.453",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security_alert@emc.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 4.2}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}]}",
      "published": "2023-05-22T11:15:09.333",
      "references": "[{\"url\": \"https://www.dell.com/support/kbdoc/en-us/000213550/dsa-2023-098-security-update-for-dell-poweredge-14g-server-bios-for-an-out-of-bounds-write-vulnerability\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.dell.com/support/kbdoc/en-us/000213550/dsa-2023-098-security-update-for-dell-poweredge-14g-server-bios-for-an-out-of-bounds-write-vulnerability\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security_alert@emc.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security_alert@emc.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-25537\",\"sourceIdentifier\":\"security_alert@emc.com\",\"published\":\"2023-05-22T11:15:09.333\",\"lastModified\":\"2024-11-21T07:49:41.453\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"\\nDell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.\\n\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security_alert@emc.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":4.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security_alert@emc.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_r740_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"B37675EF-6040-4F8A-A5C2-44E715B8AD21\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_r740:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE562535-3D9B-4A82-AC0D-6A2225E63E8D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_r740xd_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"60523971-FED3-440E-A82C-AF88D48DEA44\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_r740xd:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"868ECD3F-77CD-4F5D-86E5-61689E4C5BA0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_r640_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"E95A1EDC-D580-4976-8A54-EB5D1A992DBA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_r640:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81416C16-D7FA-4165-BB0E-6458A4EA5AEE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_r940_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"222DF748-DA7B-4DF2-868B-67E6674FAE7C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_r940:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B581E1DE-4E94-49E5-B5CF-2A94B2570708\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_r540_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"947180B0-04CE-4BAE-BC7A-625656A90631\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_r540:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73B27F54-3CE3-4A5F-BBA1-2C6ED5316B47\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_r440_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"A142530D-DD9C-4EA5-BE09-10A8DDBBB957\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_r440:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBC3957E-791A-4052-A9C4-F3ECBD746E37\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_t440_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"15D9902E-9BDF-4E56-9A72-FC2D84DDBB6F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_t440:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"28F97F1A-B41E-4CC5-B668-8C194CE2C29E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_xr2_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"CF6D1AA1-7DC5-48B1-9A0D-D18101C66BB0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_xr2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88EC4390-C39F-4E56-9631-B8A22986690D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_r740xd2_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"FC4EC25A-5544-4B3F-B173-FF0A54FD9F39\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_r740xd2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5395D3F-58D4-49F9-AA2F-0D5C6D8C4651\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_r840_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"3B1CF99B-0D79-4A02-B847-D32E473529FF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_r840:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E058B9C6-CD1C-42F5-8781-05450254E9E5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_r940xa_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"E901926A-84F1-4799-8B6F-1C8A481210A1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_r940xa:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D143853-3D62-4AD7-B899-F726036A34D2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_t640_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"A675F7CB-D3C3-4378-A322-1ED1299D05DC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_t640:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DEC0235-DDA1-4EE4-B3F8-512F1B29AFC6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_c6420_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"FF28AE6F-A2D3-4972-8777-FD91B9F6DEFF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_c6420:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"027D86DE-076F-4CE9-9DE9-E6976C655E8F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_fc640_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"C6E643BF-C1E1-4B72-9904-0EDD5AD6FD60\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_fc640:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9C59D4B-1122-4782-A686-559E7DF8C3C9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_m640_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"C8D7ED32-1674-4F10-B1F8-B30FCF5232A8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_m640:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F8B50A1-577F-451E-8D03-C8A6A78000DC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_mx740c_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"296BDDBF-6C54-4D65-8C9D-C4639074A9AD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_mx740c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"757039D5-60B9-40B0-B719-38E27409BDDE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_mx840c_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"31A27B9B-3B03-41C5-913F-1119B6E7E238\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_mx840c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4305D0F-CB59-49D5-8D21-8ECC3342C36C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_c4140_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"630E8769-99DD-4062-8BC4-A793816C5D76\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_c4140:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9ACC9B8-C046-4304-BA58-7D6D7945BE95\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:dss_8440_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"F862C85D-F4DC-4B11-826A-C6AD3AEBB0A8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:dss_8440:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"239C2103-C4BB-4C6A-8E09-C6F7D52024D3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_xe2420_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"AAF0FAAA-AD3C-476D-AAF5-C566A1B1E865\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_xe2420:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30D12E41-8F03-435C-B137-CD3465923E5C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_xe7420_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"43348CD0-0B16-4798-85B3-58017417B7C2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_xe7420:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB402EFE-DEFF-40D1-B1C8-8A7D6923669E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_xe7440_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"372DC8AD-61A4-4353-B7DE-71DFA5440401\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_xe7440:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB265071-7294-4317-A854-0D90844CDC17\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:emc_storage_nx3240_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"58815A75-5427-48FE-98E5-6FBF5D022E46\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:emc_storage_nx3240:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFCDCB3C-4995-4211-8592-3D7F94098A26\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:emc_storage_nx3340_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"C6C5E7C0-E28C-4D45-AC2D-518FC3E72D49\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:emc_storage_nx3340:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66F375D2-85E4-4994-AE90-99D25A50F9AD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:emc_xc_core_6420_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"B14BA9CF-84BE-406F-AE9C-48418E9045B3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:emc_xc_core_6420:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A54DBA6D-E506-4557-8659-1707F6C9D02F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:emc_xc_core_xc640_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"4884D9D6-3EE9-4041-9D9D-188215F8C73D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:emc_xc_core_xc640:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8EE5A591-AFD4-43B0-9383-B2F306940679\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:emc_xc_core_xc740xd_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"D897026E-70E2-40E7-A59C-E6A1F0FDFA02\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:emc_xc_core_xc740xd:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AD7E6DE-4B9B-4C23-81A1-D8D52D2E4215\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:emc_xc_core_xc740xd2_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"B1D21691-AA78-4603-9E46-12D3B4D64411\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:emc_xc_core_xc740xd2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0127228B-FBC4-4C66-AFA1-749C151F79C5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:emc_xc_core_xc940_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"533FF26E-95F7-4CD7-BBCA-9A80831489A9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:emc_xc_core_xc940:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A160D84-3C5D-4789-8AF3-B006A5956B3F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:emc_xc_core_xcxr2_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"120AA799-23AE-4D51-8EC2-11A59A1E0EAB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:emc_xc_core_xcxr2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FF8CC72-C32F-476D-86D3-CFF022185D76\"}]}]}],\"references\":[{\"url\":\"https://www.dell.com/support/kbdoc/en-us/000213550/dsa-2023-098-security-update-for-dell-poweredge-14g-server-bios-for-an-out-of-bounds-write-vulnerability\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.dell.com/support/kbdoc/en-us/000213550/dsa-2023-098-security-update-for-dell-poweredge-14g-server-bios-for-an-out-of-bounds-write-vulnerability\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.dell.com/support/kbdoc/en-us/000213550/dsa-2023-098-security-update-for-dell-poweredge-14g-server-bios-for-an-out-of-bounds-write-vulnerability\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T11:25:18.634Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-25537\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-21T15:06:34.370163Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-21T15:06:42.265Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.1, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Dell\", \"product\": \"PowerEdge Platform\", \"versions\": [{\"status\": \"affected\", \"version\": \"Versions prior to 2.18.1 \"}], \"platforms\": [\"BIOS\", \"PowerEdge R740\", \"PowerEdge R740XD\", \"PowerEdge R640\", \"PowerEdge R940\", \"PowerEdge R540\", \"PowerEdge R440\", \"PowerEdge T440\", \"PowerEdge XR2\", \"PowerEdge R740xD2\", \"PowerEdge R840\", \"PowerEdge R940xa\", \"PowerEdge T640\", \"PowerEdge C6420\", \"PowerEdge FC640\", \"PowerEdge M640\", \"PowerEdge M640 (for PE VRTX)\", \"PowerEdge MX740c\", \"PowerEdge MX840c\", \"PowerEdge C4140\", \"DSS 8440\", \"PowerEdge XE2420\", \"PowerEdge XE7420\", \"PowerEdge XE7440\", \"Dell EMC Storage NX3240\", \"Dell EMC Storage NX3340\", \"Dell EMC XC Core 6420 System\", \"Dell EMC XC Core XC640 System\", \"Dell EMC XC Core XC740xd System\", \"Dell EMC XC Core XC740xd2\", \"Dell EMC XC Core XC940 System\", \"Dell EMC XC Core XCXR2\"], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2023-05-15T06:30:00.000Z\", \"references\": [{\"url\": \"https://www.dell.com/support/kbdoc/en-us/000213550/dsa-2023-098-security-update-for-dell-poweredge-14g-server-bios-for-an-out-of-bounds-write-vulnerability\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"\\nDell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\n\\n\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eDell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.\u003c/span\u003e\\n\\n\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787: Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"c550e75a-17ff-4988-97f0-544cde3820fe\", \"shortName\": \"dell\", \"dateUpdated\": \"2023-05-22T10:48:45.847Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-25537\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-21T15:07:54.481Z\", \"dateReserved\": \"2023-02-07T09:35:27.079Z\", \"assignerOrgId\": \"c550e75a-17ff-4988-97f0-544cde3820fe\", \"datePublished\": \"2023-05-22T10:48:45.847Z\", \"assignerShortName\": \"dell\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GSD-2023-25537

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-25537

Aliases

CVE-2023-25537

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-25537",
    "id": "GSD-2023-25537"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-25537"
      ],
      "details": "\nDell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.\n\n",
      "id": "GSD-2023-25537",
      "modified": "2023-12-13T01:20:39.921311Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@dell.com",
        "ID": "CVE-2023-25537",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "PowerEdge Platform",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "Versions prior to 2.18.1 "
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Dell"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "\nDell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.\n\n"
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-787",
                "lang": "eng",
                "value": "CWE-787: Out-of-bounds Write"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.dell.com/support/kbdoc/en-us/000213550/dsa-2023-098-security-update-for-dell-poweredge-14g-server-bios-for-an-out-of-bounds-write-vulnerability",
            "refsource": "MISC",
            "url": "https://www.dell.com/support/kbdoc/en-us/000213550/dsa-2023-098-security-update-for-dell-poweredge-14g-server-bios-for-an-out-of-bounds-write-vulnerability"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:poweredge_r740_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.18.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:poweredge_r740:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:poweredge_r740xd_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.18.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:poweredge_r740xd:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:poweredge_r640_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.18.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:poweredge_r640:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:poweredge_r940_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.18.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:poweredge_r940:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:poweredge_r540_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.18.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:poweredge_r540:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:poweredge_r440_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.18.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:poweredge_r440:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:poweredge_t440_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.18.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:poweredge_t440:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:poweredge_xr2_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.18.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:poweredge_xr2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:poweredge_r740xd2_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.18.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:poweredge_r740xd2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:poweredge_r840_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.18.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:poweredge_r840:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:poweredge_r940xa_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.18.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:poweredge_r940xa:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:poweredge_t640_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.18.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:poweredge_t640:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:poweredge_c6420_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.18.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:poweredge_c6420:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:poweredge_fc640_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.18.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:poweredge_fc640:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:poweredge_m640_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.18.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:poweredge_m640:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:poweredge_mx740c_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.18.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:poweredge_mx740c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:poweredge_mx840c_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.18.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:poweredge_mx840c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:poweredge_c4140_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.18.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:poweredge_c4140:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:dss_8440_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.18.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:dss_8440:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:poweredge_xe2420_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.18.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:poweredge_xe2420:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:poweredge_xe7420_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.18.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:poweredge_xe7420:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:poweredge_xe7440_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.18.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:poweredge_xe7440:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:emc_storage_nx3240_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.18.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:emc_storage_nx3240:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:emc_storage_nx3340_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.18.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:emc_storage_nx3340:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:emc_xc_core_6420_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.18.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:emc_xc_core_6420:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:emc_xc_core_xc640_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.18.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:emc_xc_core_xc640:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:emc_xc_core_xc740xd_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.18.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:emc_xc_core_xc740xd:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:emc_xc_core_xc740xd2_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.18.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:emc_xc_core_xc740xd2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:emc_xc_core_xc940_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.18.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:emc_xc_core_xc940:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:emc_xc_core_xcxr2_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.18.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:emc_xc_core_xcxr2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "ID": "CVE-2023-25537"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "\nDell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.\n\n"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-787"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.dell.com/support/kbdoc/en-us/000213550/dsa-2023-098-security-update-for-dell-poweredge-14g-server-bios-for-an-out-of-bounds-write-vulnerability",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000213550/dsa-2023-098-security-update-for-dell-poweredge-14g-server-bios-for-an-out-of-bounds-write-vulnerability"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-05-30T21:32Z",
      "publishedDate": "2023-05-22T11:15Z"
    }
  }
}

FKIE_CVE-2023-25537

Vulnerability from fkie_nvd - Published: 2023-05-22 11:15 - Updated: 2024-11-21 07:49

Severity ?

6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	security_alert@emc.com	https://www.dell.com/support/kbdoc/en-us/000213550/dsa-2023-098-security-update-for-dell-poweredge-14g-server-bios-for-an-out-of-bounds-write-vulnerability	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.dell.com/support/kbdoc/en-us/000213550/dsa-2023-098-security-update-for-dell-poweredge-14g-server-bios-for-an-out-of-bounds-write-vulnerability	Vendor Advisory

Impacted products

Vendor	Product	Version
dell	poweredge_r740_firmware	*
dell	poweredge_r740	-
dell	poweredge_r740xd_firmware	*
dell	poweredge_r740xd	-
dell	poweredge_r640_firmware	*
dell	poweredge_r640	-
dell	poweredge_r940_firmware	*
dell	poweredge_r940	-
dell	poweredge_r540_firmware	*
dell	poweredge_r540	-
dell	poweredge_r440_firmware	*
dell	poweredge_r440	-
dell	poweredge_t440_firmware	*
dell	poweredge_t440	-
dell	poweredge_xr2_firmware	*
dell	poweredge_xr2	-
dell	poweredge_r740xd2_firmware	*
dell	poweredge_r740xd2	-
dell	poweredge_r840_firmware	*
dell	poweredge_r840	-
dell	poweredge_r940xa_firmware	*
dell	poweredge_r940xa	-
dell	poweredge_t640_firmware	*
dell	poweredge_t640	-
dell	poweredge_c6420_firmware	*
dell	poweredge_c6420	-
dell	poweredge_fc640_firmware	*
dell	poweredge_fc640	-
dell	poweredge_m640_firmware	*
dell	poweredge_m640	-
dell	poweredge_mx740c_firmware	*
dell	poweredge_mx740c	-
dell	poweredge_mx840c_firmware	*
dell	poweredge_mx840c	-
dell	poweredge_c4140_firmware	*
dell	poweredge_c4140	-
dell	dss_8440_firmware	*
dell	dss_8440	-
dell	poweredge_xe2420_firmware	*
dell	poweredge_xe2420	-
dell	poweredge_xe7420_firmware	*
dell	poweredge_xe7420	-
dell	poweredge_xe7440_firmware	*
dell	poweredge_xe7440	-
dell	emc_storage_nx3240_firmware	*
dell	emc_storage_nx3240	-
dell	emc_storage_nx3340_firmware	*
dell	emc_storage_nx3340	-
dell	emc_xc_core_6420_firmware	*
dell	emc_xc_core_6420	-
dell	emc_xc_core_xc640_firmware	*
dell	emc_xc_core_xc640	-
dell	emc_xc_core_xc740xd_firmware	*
dell	emc_xc_core_xc740xd	-
dell	emc_xc_core_xc740xd2_firmware	*
dell	emc_xc_core_xc740xd2	-
dell	emc_xc_core_xc940_firmware	*
dell	emc_xc_core_xc940	-
dell	emc_xc_core_xcxr2_firmware	*
dell	emc_xc_core_xcxr2	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_r740_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B37675EF-6040-4F8A-A5C2-44E715B8AD21",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_r740:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE562535-3D9B-4A82-AC0D-6A2225E63E8D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_r740xd_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "60523971-FED3-440E-A82C-AF88D48DEA44",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_r740xd:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "868ECD3F-77CD-4F5D-86E5-61689E4C5BA0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_r640_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E95A1EDC-D580-4976-8A54-EB5D1A992DBA",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_r640:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "81416C16-D7FA-4165-BB0E-6458A4EA5AEE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_r940_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "222DF748-DA7B-4DF2-868B-67E6674FAE7C",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_r940:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B581E1DE-4E94-49E5-B5CF-2A94B2570708",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_r540_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "947180B0-04CE-4BAE-BC7A-625656A90631",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_r540:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "73B27F54-3CE3-4A5F-BBA1-2C6ED5316B47",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_r440_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A142530D-DD9C-4EA5-BE09-10A8DDBBB957",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_r440:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBC3957E-791A-4052-A9C4-F3ECBD746E37",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_t440_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "15D9902E-9BDF-4E56-9A72-FC2D84DDBB6F",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_t440:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "28F97F1A-B41E-4CC5-B668-8C194CE2C29E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_xr2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF6D1AA1-7DC5-48B1-9A0D-D18101C66BB0",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_xr2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "88EC4390-C39F-4E56-9631-B8A22986690D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_r740xd2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC4EC25A-5544-4B3F-B173-FF0A54FD9F39",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_r740xd2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5395D3F-58D4-49F9-AA2F-0D5C6D8C4651",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_r840_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B1CF99B-0D79-4A02-B847-D32E473529FF",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_r840:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E058B9C6-CD1C-42F5-8781-05450254E9E5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_r940xa_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E901926A-84F1-4799-8B6F-1C8A481210A1",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_r940xa:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D143853-3D62-4AD7-B899-F726036A34D2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_t640_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A675F7CB-D3C3-4378-A322-1ED1299D05DC",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_t640:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DEC0235-DDA1-4EE4-B3F8-512F1B29AFC6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_c6420_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF28AE6F-A2D3-4972-8777-FD91B9F6DEFF",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_c6420:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "027D86DE-076F-4CE9-9DE9-E6976C655E8F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_fc640_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6E643BF-C1E1-4B72-9904-0EDD5AD6FD60",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_fc640:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9C59D4B-1122-4782-A686-559E7DF8C3C9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_m640_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8D7ED32-1674-4F10-B1F8-B30FCF5232A8",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_m640:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F8B50A1-577F-451E-8D03-C8A6A78000DC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_mx740c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "296BDDBF-6C54-4D65-8C9D-C4639074A9AD",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_mx740c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "757039D5-60B9-40B0-B719-38E27409BDDE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_mx840c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "31A27B9B-3B03-41C5-913F-1119B6E7E238",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_mx840c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4305D0F-CB59-49D5-8D21-8ECC3342C36C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_c4140_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "630E8769-99DD-4062-8BC4-A793816C5D76",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_c4140:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9ACC9B8-C046-4304-BA58-7D6D7945BE95",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:dss_8440_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F862C85D-F4DC-4B11-826A-C6AD3AEBB0A8",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:dss_8440:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "239C2103-C4BB-4C6A-8E09-C6F7D52024D3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_xe2420_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAF0FAAA-AD3C-476D-AAF5-C566A1B1E865",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_xe2420:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "30D12E41-8F03-435C-B137-CD3465923E5C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_xe7420_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "43348CD0-0B16-4798-85B3-58017417B7C2",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_xe7420:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB402EFE-DEFF-40D1-B1C8-8A7D6923669E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_xe7440_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "372DC8AD-61A4-4353-B7DE-71DFA5440401",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_xe7440:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB265071-7294-4317-A854-0D90844CDC17",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:emc_storage_nx3240_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "58815A75-5427-48FE-98E5-6FBF5D022E46",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:emc_storage_nx3240:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFCDCB3C-4995-4211-8592-3D7F94098A26",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:emc_storage_nx3340_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6C5E7C0-E28C-4D45-AC2D-518FC3E72D49",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:emc_storage_nx3340:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "66F375D2-85E4-4994-AE90-99D25A50F9AD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:emc_xc_core_6420_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B14BA9CF-84BE-406F-AE9C-48418E9045B3",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:emc_xc_core_6420:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A54DBA6D-E506-4557-8659-1707F6C9D02F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:emc_xc_core_xc640_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4884D9D6-3EE9-4041-9D9D-188215F8C73D",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:emc_xc_core_xc640:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EE5A591-AFD4-43B0-9383-B2F306940679",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:emc_xc_core_xc740xd_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D897026E-70E2-40E7-A59C-E6A1F0FDFA02",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:emc_xc_core_xc740xd:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AD7E6DE-4B9B-4C23-81A1-D8D52D2E4215",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:emc_xc_core_xc740xd2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D21691-AA78-4603-9E46-12D3B4D64411",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:emc_xc_core_xc740xd2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0127228B-FBC4-4C66-AFA1-749C151F79C5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:emc_xc_core_xc940_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "533FF26E-95F7-4CD7-BBCA-9A80831489A9",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:emc_xc_core_xc940:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A160D84-3C5D-4789-8AF3-B006A5956B3F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:emc_xc_core_xcxr2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "120AA799-23AE-4D51-8EC2-11A59A1E0EAB",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:emc_xc_core_xcxr2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FF8CC72-C32F-476D-86D3-CFF022185D76",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "\nDell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.\n\n"
    }
  ],
  "id": "CVE-2023-25537",
  "lastModified": "2024-11-21T07:49:41.453",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 4.2,
        "source": "security_alert@emc.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-05-22T11:15:09.333",
  "references": [
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.dell.com/support/kbdoc/en-us/000213550/dsa-2023-098-security-update-for-dell-poweredge-14g-server-bios-for-an-out-of-bounds-write-vulnerability"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.dell.com/support/kbdoc/en-us/000213550/dsa-2023-098-security-update-for-dell-poweredge-14g-server-bios-for-an-out-of-bounds-write-vulnerability"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "security_alert@emc.com",
      "type": "Primary"
    }
  ]
}

GHSA-F88F-9MMF-7XM6

Vulnerability from github – Published: 2023-05-22 12:30 – Updated: 2024-04-04 04:16

Details

Severity ?

6.1 (Medium)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-25537"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-22T11:15:09Z",
    "severity": "HIGH"
  },
  "details": "\nDell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.\n\n",
  "id": "GHSA-f88f-9mmf-7xm6",
  "modified": "2024-04-04T04:16:05Z",
  "published": "2023-05-22T12:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25537"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000213550/dsa-2023-098-security-update-for-dell-poweredge-14g-server-bios-for-an-out-of-bounds-write-vulnerability"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
      "type": "CVSS_V3"
    }
  ]
}

WID-SEC-W-2023-1221

Vulnerability from csaf_certbund - Published: 2023-05-15 22:00 - Updated: 2023-05-15 22:00

Summary

Dell PowerEdge BIOS: Schwachstelle ermöglicht Privilegieneskalation

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Das BIOS ist die Firmware bei IBM PC kompatiblen Computern. PowerEdge ist der Markenname für Server des Herstellers Dell.

Angriff

Ein lokaler Angreifer kann eine Schwachstelle in Dell BIOS und Dell PowerEdge ausnutzen, um Informationen offenzulegen, Code auszuführen und seine Rechte zu erweitern.

Betroffene Betriebssysteme

- BIOS/Firmware

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Das BIOS ist die Firmware bei IBM PC kompatiblen Computern.\r\nPowerEdge ist der Markenname f\u00fcr Server des Herstellers Dell.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann eine Schwachstelle in Dell BIOS und Dell PowerEdge ausnutzen, um Informationen offenzulegen, Code auszuf\u00fchren und seine Rechte zu erweitern.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- BIOS/Firmware",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-1221 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1221.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-1221 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1221"
      },
      {
        "category": "external",
        "summary": "DELL Security Advisory DSA-2023-098 vom 2023-05-15",
        "url": "https://www.dell.com/support/kbdoc/de-de/000213550/dsa-2023-098-security-update-for-dell-poweredge-14g-server-bios-for-an-out-of-bounds-write-vulnerability"
      }
    ],
    "source_lang": "en-US",
    "title": "Dell PowerEdge BIOS: Schwachstelle erm\u00f6glicht Privilegieneskalation",
    "tracking": {
      "current_release_date": "2023-05-15T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:50:55.161+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-1221",
      "initial_release_date": "2023-05-15T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-05-15T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Dell BIOS \u003c 2.18.1",
            "product": {
              "name": "Dell BIOS \u003c 2.18.1",
              "product_id": "T027739",
              "product_identification_helper": {
                "cpe": "cpe:/h:dell:bios:2.18.1"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Dell PowerEdge",
            "product": {
              "name": "Dell PowerEdge",
              "product_id": "T019535",
              "product_identification_helper": {
                "cpe": "cpe:/h:dell:poweredge:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Dell"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-25537",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle im BIOS von Dell PowerEdge Systemen aufgrund eines Out-of-bounds Write Fehlers. Ein Angreifer kann dadurch Informationen offenlegen, Code ausf\u00fchren und seine Privilegien erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T019535"
        ]
      },
      "release_date": "2023-05-15T22:00:00.000+00:00",
      "title": "CVE-2023-25537"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-25537 (GCVE-0-2023-25537)

GSD-2023-25537

FKIE_CVE-2023-25537

GHSA-F88F-9MMF-7XM6

WID-SEC-W-2023-1221

Tags

Sightings

Nomenclature