cvelistv5 - cve-2023-44297

CVE-2023-44297 (GCVE-0-2023-44297)

Vulnerability from cvelistv5 – Published: 2023-12-05 15:52 – Updated: 2024-08-02 19:59

Summary

Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information disclosure, information tampering, code execution, denial of service.

Severity ?

7.1 (High)


                        
                          CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L

CWE

CWE-1234 - Hardware Internal or Debug Modes Allow Override of Locks

Assigner

dell

References

URL

Tags

https://www.dell.com/support/kbdoc/en-us/00022004…

vendor-advisory

Impacted products

	Vendor	Product	Version
	Dell	PowerEdge BIOS	Affected: Version 1.4.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:59:52.069Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/kbdoc/en-us/000220047/dsa-2023-429-security-update-for-dell-16g-poweredge-server-bios-for-a-debug-code-security-vulnerability"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "PowerEdge R660",
            "PowerEdge R760",
            "PowerEdge C6620",
            "PowerEdge MX760c",
            "PowerEdge R860",
            "PowerEdge R960",
            "PowerEdge HS5610",
            "PowerEdge HS5620",
            "PowerEdge R660xs",
            "PowerEdge R760xs",
            "PowerEdge R760xd2",
            "PowerEdge T560",
            "PowerEdge R760xa"
          ],
          "product": "PowerEdge BIOS",
          "vendor": "Dell",
          "versions": [
            {
              "status": "affected",
              "version": "Version 1.4.4"
            }
          ]
        }
      ],
      "datePublic": "2023-12-04T06:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information disclosure, information tampering, code execution, denial of service.\u003c/span\u003e\n\n"
            }
          ],
          "value": "\nDell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information disclosure, information tampering, code execution, denial of service.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "LOW",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1234",
              "description": "CWE-1234: Hardware Internal or Debug Modes Allow Override of Locks",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-05T15:52:27.262Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000220047/dsa-2023-429-security-update-for-dell-16g-poweredge-server-bios-for-a-debug-code-security-vulnerability"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2023-44297",
    "datePublished": "2023-12-05T15:52:27.262Z",
    "dateReserved": "2023-09-28T09:44:52.814Z",
    "dateUpdated": "2024-08-02T19:59:52.069Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:poweredge_r660_firmware:1.4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A9F11A33-BA61-4554-A0B2-8F789EA8BE3C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dell:poweredge_r660:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"86AC134C-EFB7-46B8-B60F-5BD2663D7168\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:poweredge_r760_firmware:1.4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C301E8C7-01F7-4CBE-8666-74C0FD0BD58E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dell:poweredge_r760:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"89E8485C-4298-4DA0-95AD-50C21BC2C798\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:poweredge_c6620_firmware:1.4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"18D7C139-E796-4361-9FE6-530D154D7062\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dell:poweredge_c6620:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D360EB7D-5AB4-483C-BF00-53473B2D8AF4\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:poweredge_mx760c_firmware:1.4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"65443057-DC40-47A6-B739-E5984B7AEC43\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dell:poweredge_mx760c:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2670A942-4200-46F2-A4FC-6D2F0E2074B9\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:poweredge_r860_firmware:1.4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1AC33C77-1C2C-4E44-A60F-14AE343666F8\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dell:poweredge_r860:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B53D6488-A6E3-4505-8093-8232DC4219BD\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:poweredge_r960_firmware:1.4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9881FD7F-DA34-47F2-840B-929226E0D1CC\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dell:poweredge_r960:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5B42153-ED7B-433A-9070-9CAC972322BA\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:poweredge_hs5610_firmware:1.4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2B1E8504-EF8A-47D0-9762-5E944DD1ECDF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dell:poweredge_hs5610:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"08A9C14A-7D1A-4724-BBBD-62FC4C66FCE1\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:poweredge_hs5620_firmware:1.4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"29F3D281-2810-4663-BD0F-F4EA67B1A321\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dell:poweredge_hs5620:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"447BE381-9C9B-4339-B308-71D90DB60294\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:poweredge_r660xs_firmware:1.4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1E9ADAB6-42D2-44DE-8C0C-6DC4166DA705\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dell:poweredge_r660xs:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"17FF7F29-F169-49B5-BEBA-6F20E3CDF1E6\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:poweredge_r760xs_firmware:1.4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A99A3EEE-20D7-4E99-98FE-99012DA2393B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dell:poweredge_r760xs:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B3364A3E-BA9B-4588-89E5-A2C6C17B5D97\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:poweredge_r760xd2_firmware:1.4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5992CD2-83BA-4941-B3FF-42144036325E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dell:poweredge_r760xd2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B21CBCD8-266A-4BCD-933D-2EF5F479B119\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:poweredge_t560_firmware:1.4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"033EB4DA-6B83-436C-AD42-63605EED7324\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dell:poweredge_t560:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D4A86D53-1352-48FB-A26A-C898B2C6425E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:poweredge_r760xa_firmware:1.4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3310CC98-2D26-42EF-8E10-13F2EB0D4FDB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dell:poweredge_r760xa:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"62603619-611F-4343-B75E-D45C50D1EA2F\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"\\nDell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information disclosure, information tampering, code execution, denial of service.\\n\\n\"}, {\"lang\": \"es\", \"value\": \"Las plataformas Dell PowerEdge 16G Intel E5 BIOS y Dell Precision BIOS, versi\\u00f3n 1.4.4, contienen una vulnerabilidad de seguridad de c\\u00f3digo de depuraci\\u00f3n activa. Un atacante f\\u00edsico no autenticado podr\\u00eda explotar esta vulnerabilidad, lo que provocar\\u00eda la divulgaci\\u00f3n de informaci\\u00f3n, la manipulaci\\u00f3n de informaci\\u00f3n, la ejecuci\\u00f3n de c\\u00f3digo y la denegaci\\u00f3n de servicio.\"}]",
      "id": "CVE-2023-44297",
      "lastModified": "2024-11-21T08:25:36.887",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security_alert@emc.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L\", \"baseScore\": 7.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"PHYSICAL\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 0.5, \"impactScore\": 6.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 6.8, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"PHYSICAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 0.9, \"impactScore\": 5.9}]}",
      "published": "2023-12-05T16:15:07.097",
      "references": "[{\"url\": \"https://www.dell.com/support/kbdoc/en-us/000220047/dsa-2023-429-security-update-for-dell-16g-poweredge-server-bios-for-a-debug-code-security-vulnerability\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.dell.com/support/kbdoc/en-us/000220047/dsa-2023-429-security-update-for-dell-16g-poweredge-server-bios-for-a-debug-code-security-vulnerability\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security_alert@emc.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security_alert@emc.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-1234\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-667\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-44297\",\"sourceIdentifier\":\"security_alert@emc.com\",\"published\":\"2023-12-05T16:15:07.097\",\"lastModified\":\"2024-11-21T08:25:36.887\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"\\nDell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information disclosure, information tampering, code execution, denial of service.\\n\\n\"},{\"lang\":\"es\",\"value\":\"Las plataformas Dell PowerEdge 16G Intel E5 BIOS y Dell Precision BIOS, versi\u00f3n 1.4.4, contienen una vulnerabilidad de seguridad de c\u00f3digo de depuraci\u00f3n activa. Un atacante f\u00edsico no autenticado podr\u00eda explotar esta vulnerabilidad, lo que provocar\u00eda la divulgaci\u00f3n de informaci\u00f3n, la manipulaci\u00f3n de informaci\u00f3n, la ejecuci\u00f3n de c\u00f3digo y la denegaci\u00f3n de servicio.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security_alert@emc.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":0.5,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security_alert@emc.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1234\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-667\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_r660_firmware:1.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9F11A33-BA61-4554-A0B2-8F789EA8BE3C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_r660:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86AC134C-EFB7-46B8-B60F-5BD2663D7168\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_r760_firmware:1.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C301E8C7-01F7-4CBE-8666-74C0FD0BD58E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_r760:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89E8485C-4298-4DA0-95AD-50C21BC2C798\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_c6620_firmware:1.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18D7C139-E796-4361-9FE6-530D154D7062\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_c6620:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D360EB7D-5AB4-483C-BF00-53473B2D8AF4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_mx760c_firmware:1.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65443057-DC40-47A6-B739-E5984B7AEC43\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_mx760c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2670A942-4200-46F2-A4FC-6D2F0E2074B9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_r860_firmware:1.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1AC33C77-1C2C-4E44-A60F-14AE343666F8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_r860:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B53D6488-A6E3-4505-8093-8232DC4219BD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_r960_firmware:1.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9881FD7F-DA34-47F2-840B-929226E0D1CC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_r960:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5B42153-ED7B-433A-9070-9CAC972322BA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_hs5610_firmware:1.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B1E8504-EF8A-47D0-9762-5E944DD1ECDF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_hs5610:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08A9C14A-7D1A-4724-BBBD-62FC4C66FCE1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_hs5620_firmware:1.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29F3D281-2810-4663-BD0F-F4EA67B1A321\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_hs5620:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"447BE381-9C9B-4339-B308-71D90DB60294\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_r660xs_firmware:1.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E9ADAB6-42D2-44DE-8C0C-6DC4166DA705\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_r660xs:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17FF7F29-F169-49B5-BEBA-6F20E3CDF1E6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_r760xs_firmware:1.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A99A3EEE-20D7-4E99-98FE-99012DA2393B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_r760xs:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3364A3E-BA9B-4588-89E5-A2C6C17B5D97\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_r760xd2_firmware:1.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5992CD2-83BA-4941-B3FF-42144036325E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_r760xd2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B21CBCD8-266A-4BCD-933D-2EF5F479B119\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_t560_firmware:1.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"033EB4DA-6B83-436C-AD42-63605EED7324\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_t560:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4A86D53-1352-48FB-A26A-C898B2C6425E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_r760xa_firmware:1.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3310CC98-2D26-42EF-8E10-13F2EB0D4FDB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_r760xa:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62603619-611F-4343-B75E-D45C50D1EA2F\"}]}]}],\"references\":[{\"url\":\"https://www.dell.com/support/kbdoc/en-us/000220047/dsa-2023-429-security-update-for-dell-16g-poweredge-server-bios-for-a-debug-code-security-vulnerability\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.dell.com/support/kbdoc/en-us/000220047/dsa-2023-429-security-update-for-dell-16g-poweredge-server-bios-for-a-debug-code-security-vulnerability\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GSD-2023-44297

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-44297

Aliases

CVE-2023-44297

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-44297",
    "id": "GSD-2023-44297"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-44297"
      ],
      "details": "\nDell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information disclosure, information tampering, code execution, denial of service.\n\n",
      "id": "GSD-2023-44297",
      "modified": "2023-12-13T01:20:38.871543Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@dell.com",
        "ID": "CVE-2023-44297",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "PowerEdge BIOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "Version 1.4.4"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Dell"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "\nDell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information disclosure, information tampering, code execution, denial of service.\n\n"
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "LOW",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-1234",
                "lang": "eng",
                "value": "CWE-1234: Hardware Internal or Debug Modes Allow Override of Locks"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.dell.com/support/kbdoc/en-us/000220047/dsa-2023-429-security-update-for-dell-16g-poweredge-server-bios-for-a-debug-code-security-vulnerability",
            "refsource": "MISC",
            "url": "https://www.dell.com/support/kbdoc/en-us/000220047/dsa-2023-429-security-update-for-dell-16g-poweredge-server-bios-for-a-debug-code-security-vulnerability"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:poweredge_r660_firmware:1.4.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:poweredge_r660:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:poweredge_r760_firmware:1.4.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:poweredge_r760:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:poweredge_c6620_firmware:1.4.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:poweredge_c6620:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:poweredge_mx760c_firmware:1.4.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:poweredge_mx760c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:poweredge_r860_firmware:1.4.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:poweredge_r860:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:poweredge_r960_firmware:1.4.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:poweredge_r960:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:poweredge_hs5610_firmware:1.4.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:poweredge_hs5610:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:poweredge_hs5620_firmware:1.4.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:poweredge_hs5620:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:poweredge_r660xs_firmware:1.4.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:poweredge_r660xs:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:poweredge_r760xs_firmware:1.4.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:poweredge_r760xs:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:poweredge_r760xd2_firmware:1.4.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:poweredge_r760xd2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:poweredge_t560_firmware:1.4.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:poweredge_t560:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dell:poweredge_r760xa_firmware:1.4.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dell:poweredge_r760xa:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "ID": "CVE-2023-44297"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "\nDell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information disclosure, information tampering, code execution, denial of service.\n\n"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-667"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.dell.com/support/kbdoc/en-us/000220047/dsa-2023-429-security-update-for-dell-16g-poweredge-server-bios-for-a-debug-code-security-vulnerability",
              "refsource": "",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000220047/dsa-2023-429-security-update-for-dell-16g-poweredge-server-bios-for-a-debug-code-security-vulnerability"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 0.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-12-12T00:55Z",
      "publishedDate": "2023-12-05T16:15Z"
    }
  }
}

WID-SEC-W-2023-3062

Vulnerability from csaf_certbund - Published: 2023-12-05 23:00 - Updated: 2023-12-05 23:00

Summary

Dell PowerEdge: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

PowerEdge ist der Markenname für Server des Herstellers Dell. Das BIOS ist die Firmware bei IBM PC kompatiblen Computern.

Angriff

Ein Angreifer physischem Zugriff kann mehrere Schwachstellen in Dell PowerEdge und Dell BIOS ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen, Dateien zu manipulieren oder vertrauliche Informationen offenzulegen.

Betroffene Betriebssysteme

- UNIX - Linux - Windows - BIOS/Firmware - Sonstiges

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "PowerEdge ist der Markenname f\u00fcr Server des Herstellers Dell.\r\nDas BIOS ist die Firmware bei IBM PC kompatiblen Computern.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer physischem Zugriff kann mehrere Schwachstellen in Dell PowerEdge und Dell BIOS ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Dateien zu manipulieren oder vertrauliche Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows\n- BIOS/Firmware\n- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-3062 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-3062.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-3062 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3062"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2023-12-05",
        "url": "https://github.com/advisories/GHSA-vj32-jvrg-mhmw"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2023-12-05",
        "url": "https://github.com/advisories/GHSA-p823-qqjj-g5w7"
      },
      {
        "category": "external",
        "summary": "DELL Knowledge Base Article vom 2023-12-05",
        "url": "https://www.dell.com/support/kbdoc/en-us/000220047/dsa-2023-429-security-update-for-dell-16g-poweredge-server-bios-for-a-debug-code-security-vulnerability"
      }
    ],
    "source_lang": "en-US",
    "title": "Dell PowerEdge: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-12-05T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:02:23.296+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-3062",
      "initial_release_date": "2023-12-05T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-12-05T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Dell BIOS \u003c 1.5.6",
            "product": {
              "name": "Dell BIOS \u003c 1.5.6",
              "product_id": "T031480",
              "product_identification_helper": {
                "cpe": "cpe:/h:dell:bios:1.5.6"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Dell PowerEdge \u003c 1.5.6",
            "product": {
              "name": "Dell PowerEdge \u003c 1.5.6",
              "product_id": "T031479",
              "product_identification_helper": {
                "cpe": "cpe:/h:dell:poweredge:1.5.6"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Dell"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-44298",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell PowerEdge und Dell BIOS. Diese Fehler bestehen aufgrund einer Sicherheitsl\u00fccke im aktiven Debug-Code. Ein Angreifer mit physischem Zugriff kann diese Schwachstelle ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Dateien zu manipulieren oder vertrauliche Informationen offenzulegen."
        }
      ],
      "release_date": "2023-12-05T23:00:00.000+00:00",
      "title": "CVE-2023-44298"
    },
    {
      "cve": "CVE-2023-44297",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell PowerEdge und Dell BIOS. Diese Fehler bestehen aufgrund einer Sicherheitsl\u00fccke im aktiven Debug-Code. Ein Angreifer mit physischem Zugriff kann diese Schwachstelle ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, Dateien zu manipulieren oder vertrauliche Informationen offenzulegen."
        }
      ],
      "release_date": "2023-12-05T23:00:00.000+00:00",
      "title": "CVE-2023-44297"
    }
  ]
}

FKIE_CVE-2023-44297

Vulnerability from fkie_nvd - Published: 2023-12-05 16:15 - Updated: 2024-11-21 08:25

Severity ?

7.1 (High) - CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L
6.8 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	security_alert@emc.com	https://www.dell.com/support/kbdoc/en-us/000220047/dsa-2023-429-security-update-for-dell-16g-poweredge-server-bios-for-a-debug-code-security-vulnerability	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.dell.com/support/kbdoc/en-us/000220047/dsa-2023-429-security-update-for-dell-16g-poweredge-server-bios-for-a-debug-code-security-vulnerability	Vendor Advisory

Impacted products

Vendor	Product	Version
dell	poweredge_r660_firmware	1.4.4
dell	poweredge_r660	-
dell	poweredge_r760_firmware	1.4.4
dell	poweredge_r760	-
dell	poweredge_c6620_firmware	1.4.4
dell	poweredge_c6620	-
dell	poweredge_mx760c_firmware	1.4.4
dell	poweredge_mx760c	-
dell	poweredge_r860_firmware	1.4.4
dell	poweredge_r860	-
dell	poweredge_r960_firmware	1.4.4
dell	poweredge_r960	-
dell	poweredge_hs5610_firmware	1.4.4
dell	poweredge_hs5610	-
dell	poweredge_hs5620_firmware	1.4.4
dell	poweredge_hs5620	-
dell	poweredge_r660xs_firmware	1.4.4
dell	poweredge_r660xs	-
dell	poweredge_r760xs_firmware	1.4.4
dell	poweredge_r760xs	-
dell	poweredge_r760xd2_firmware	1.4.4
dell	poweredge_r760xd2	-
dell	poweredge_t560_firmware	1.4.4
dell	poweredge_t560	-
dell	poweredge_r760xa_firmware	1.4.4
dell	poweredge_r760xa	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_r660_firmware:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9F11A33-BA61-4554-A0B2-8F789EA8BE3C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_r660:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "86AC134C-EFB7-46B8-B60F-5BD2663D7168",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_r760_firmware:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C301E8C7-01F7-4CBE-8666-74C0FD0BD58E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_r760:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "89E8485C-4298-4DA0-95AD-50C21BC2C798",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_c6620_firmware:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "18D7C139-E796-4361-9FE6-530D154D7062",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_c6620:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D360EB7D-5AB4-483C-BF00-53473B2D8AF4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_mx760c_firmware:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "65443057-DC40-47A6-B739-E5984B7AEC43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_mx760c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2670A942-4200-46F2-A4FC-6D2F0E2074B9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_r860_firmware:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AC33C77-1C2C-4E44-A60F-14AE343666F8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_r860:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B53D6488-A6E3-4505-8093-8232DC4219BD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_r960_firmware:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9881FD7F-DA34-47F2-840B-929226E0D1CC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_r960:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5B42153-ED7B-433A-9070-9CAC972322BA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_hs5610_firmware:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B1E8504-EF8A-47D0-9762-5E944DD1ECDF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_hs5610:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "08A9C14A-7D1A-4724-BBBD-62FC4C66FCE1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_hs5620_firmware:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "29F3D281-2810-4663-BD0F-F4EA67B1A321",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_hs5620:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "447BE381-9C9B-4339-B308-71D90DB60294",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_r660xs_firmware:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E9ADAB6-42D2-44DE-8C0C-6DC4166DA705",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_r660xs:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17FF7F29-F169-49B5-BEBA-6F20E3CDF1E6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_r760xs_firmware:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A99A3EEE-20D7-4E99-98FE-99012DA2393B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_r760xs:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3364A3E-BA9B-4588-89E5-A2C6C17B5D97",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_r760xd2_firmware:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5992CD2-83BA-4941-B3FF-42144036325E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_r760xd2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B21CBCD8-266A-4BCD-933D-2EF5F479B119",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_t560_firmware:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "033EB4DA-6B83-436C-AD42-63605EED7324",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_t560:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4A86D53-1352-48FB-A26A-C898B2C6425E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_r760xa_firmware:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3310CC98-2D26-42EF-8E10-13F2EB0D4FDB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_r760xa:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "62603619-611F-4343-B75E-D45C50D1EA2F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "\nDell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information disclosure, information tampering, code execution, denial of service.\n\n"
    },
    {
      "lang": "es",
      "value": "Las plataformas Dell PowerEdge 16G Intel E5 BIOS y Dell Precision BIOS, versi\u00f3n 1.4.4, contienen una vulnerabilidad de seguridad de c\u00f3digo de depuraci\u00f3n activa. Un atacante f\u00edsico no autenticado podr\u00eda explotar esta vulnerabilidad, lo que provocar\u00eda la divulgaci\u00f3n de informaci\u00f3n, la manipulaci\u00f3n de informaci\u00f3n, la ejecuci\u00f3n de c\u00f3digo y la denegaci\u00f3n de servicio."
    }
  ],
  "id": "CVE-2023-44297",
  "lastModified": "2024-11-21T08:25:36.887",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "LOW",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 0.5,
        "impactScore": 6.0,
        "source": "security_alert@emc.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-12-05T16:15:07.097",
  "references": [
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.dell.com/support/kbdoc/en-us/000220047/dsa-2023-429-security-update-for-dell-16g-poweredge-server-bios-for-a-debug-code-security-vulnerability"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.dell.com/support/kbdoc/en-us/000220047/dsa-2023-429-security-update-for-dell-16g-poweredge-server-bios-for-a-debug-code-security-vulnerability"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1234"
        }
      ],
      "source": "security_alert@emc.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-667"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-P823-QQJJ-G5W7

Vulnerability from github – Published: 2023-12-05 18:30 – Updated: 2023-12-05 18:30

Details

Severity ?

7.1 (High)


                  
                    CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-44297"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1234",
      "CWE-667"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-05T16:15:07Z",
    "severity": "HIGH"
  },
  "details": "\nDell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information disclosure, information tampering, code execution, denial of service.\n\n",
  "id": "GHSA-p823-qqjj-g5w7",
  "modified": "2023-12-05T18:30:23Z",
  "published": "2023-12-05T18:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44297"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000220047/dsa-2023-429-security-update-for-dell-16g-poweredge-server-bios-for-a-debug-code-security-vulnerability"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-44297 (GCVE-0-2023-44297)

GSD-2023-44297

WID-SEC-W-2023-3062

FKIE_CVE-2023-44297

GHSA-P823-QQJJ-G5W7

Tags

Sightings

Nomenclature