Vulnerability-Lookup

FKIE_CVE-2023-25537

Vulnerability from fkie_nvd - Published: 2023-05-22 11:15 - Updated: 2026-06-17 05:41

Severity

6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.

References

	URL	Tags
	security_alert@emc.com	https://www.dell.com/support/kbdoc/en-us/000213550/dsa-2023-098-security-update-for-dell-poweredge-14g-server-bios-for-an-out-of-bounds-write-vulnerability	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.dell.com/support/kbdoc/en-us/000213550/dsa-2023-098-security-update-for-dell-poweredge-14g-server-bios-for-an-out-of-bounds-write-vulnerability	Vendor Advisory

Impacted products

Vendor	Product	Version
dell	poweredge_r740_firmware	*
dell	poweredge_r740	-
dell	poweredge_r740xd_firmware	*
dell	poweredge_r740xd	-
dell	poweredge_r640_firmware	*
dell	poweredge_r640	-
dell	poweredge_r940_firmware	*
dell	poweredge_r940	-
dell	poweredge_r540_firmware	*
dell	poweredge_r540	-
dell	poweredge_r440_firmware	*
dell	poweredge_r440	-
dell	poweredge_t440_firmware	*
dell	poweredge_t440	-
dell	poweredge_xr2_firmware	*
dell	poweredge_xr2	-
dell	poweredge_r740xd2_firmware	*
dell	poweredge_r740xd2	-
dell	poweredge_r840_firmware	*
dell	poweredge_r840	-
dell	poweredge_r940xa_firmware	*
dell	poweredge_r940xa	-
dell	poweredge_t640_firmware	*
dell	poweredge_t640	-
dell	poweredge_c6420_firmware	*
dell	poweredge_c6420	-
dell	poweredge_fc640_firmware	*
dell	poweredge_fc640	-
dell	poweredge_m640_firmware	*
dell	poweredge_m640	-
dell	poweredge_mx740c_firmware	*
dell	poweredge_mx740c	-
dell	poweredge_mx840c_firmware	*
dell	poweredge_mx840c	-
dell	poweredge_c4140_firmware	*
dell	poweredge_c4140	-
dell	dss_8440_firmware	*
dell	dss_8440	-
dell	poweredge_xe2420_firmware	*
dell	poweredge_xe2420	-
dell	poweredge_xe7420_firmware	*
dell	poweredge_xe7420	-
dell	poweredge_xe7440_firmware	*
dell	poweredge_xe7440	-
dell	emc_storage_nx3240_firmware	*
dell	emc_storage_nx3240	-
dell	emc_storage_nx3340_firmware	*
dell	emc_storage_nx3340	-
dell	emc_xc_core_6420_firmware	*
dell	emc_xc_core_6420	-
dell	emc_xc_core_xc640_firmware	*
dell	emc_xc_core_xc640	-
dell	emc_xc_core_xc740xd_firmware	*
dell	emc_xc_core_xc740xd	-
dell	emc_xc_core_xc740xd2_firmware	*
dell	emc_xc_core_xc740xd2	-
dell	emc_xc_core_xc940_firmware	*
dell	emc_xc_core_xc940	-
dell	emc_xc_core_xcxr2_firmware	*
dell	emc_xc_core_xcxr2	-

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "BIOS",
            "PowerEdge R740",
            "PowerEdge R740XD",
            "PowerEdge R640",
            "PowerEdge R940",
            "PowerEdge R540",
            "PowerEdge R440",
            "PowerEdge T440",
            "PowerEdge XR2",
            "PowerEdge R740xD2",
            "PowerEdge R840",
            "PowerEdge R940xa",
            "PowerEdge T640",
            "PowerEdge C6420",
            "PowerEdge FC640",
            "PowerEdge M640",
            "PowerEdge M640 (for PE VRTX)",
            "PowerEdge MX740c",
            "PowerEdge MX840c",
            "PowerEdge C4140",
            "DSS 8440",
            "PowerEdge XE2420",
            "PowerEdge XE7420",
            "PowerEdge XE7440",
            "Dell EMC Storage NX3240",
            "Dell EMC Storage NX3340",
            "Dell EMC XC Core 6420 System",
            "Dell EMC XC Core XC640 System",
            "Dell EMC XC Core XC740xd System",
            "Dell EMC XC Core XC740xd2",
            "Dell EMC XC Core XC940 System",
            "Dell EMC XC Core XCXR2"
          ],
          "product": "PowerEdge Platform",
          "vendor": "Dell",
          "versions": [
            {
              "status": "affected",
              "version": "Versions prior to 2.18.1 "
            }
          ]
        }
      ],
      "source": "security_alert@emc.com"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_r740_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B37675EF-6040-4F8A-A5C2-44E715B8AD21",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_r740:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE562535-3D9B-4A82-AC0D-6A2225E63E8D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_r740xd_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "60523971-FED3-440E-A82C-AF88D48DEA44",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_r740xd:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "868ECD3F-77CD-4F5D-86E5-61689E4C5BA0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_r640_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E95A1EDC-D580-4976-8A54-EB5D1A992DBA",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_r640:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "81416C16-D7FA-4165-BB0E-6458A4EA5AEE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_r940_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "222DF748-DA7B-4DF2-868B-67E6674FAE7C",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_r940:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B581E1DE-4E94-49E5-B5CF-2A94B2570708",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_r540_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "947180B0-04CE-4BAE-BC7A-625656A90631",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_r540:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "73B27F54-3CE3-4A5F-BBA1-2C6ED5316B47",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_r440_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A142530D-DD9C-4EA5-BE09-10A8DDBBB957",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_r440:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBC3957E-791A-4052-A9C4-F3ECBD746E37",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_t440_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "15D9902E-9BDF-4E56-9A72-FC2D84DDBB6F",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_t440:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "28F97F1A-B41E-4CC5-B668-8C194CE2C29E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_xr2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF6D1AA1-7DC5-48B1-9A0D-D18101C66BB0",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_xr2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "88EC4390-C39F-4E56-9631-B8A22986690D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_r740xd2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC4EC25A-5544-4B3F-B173-FF0A54FD9F39",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_r740xd2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5395D3F-58D4-49F9-AA2F-0D5C6D8C4651",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_r840_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B1CF99B-0D79-4A02-B847-D32E473529FF",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_r840:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E058B9C6-CD1C-42F5-8781-05450254E9E5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_r940xa_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E901926A-84F1-4799-8B6F-1C8A481210A1",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_r940xa:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D143853-3D62-4AD7-B899-F726036A34D2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_t640_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A675F7CB-D3C3-4378-A322-1ED1299D05DC",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_t640:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DEC0235-DDA1-4EE4-B3F8-512F1B29AFC6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_c6420_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF28AE6F-A2D3-4972-8777-FD91B9F6DEFF",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_c6420:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "027D86DE-076F-4CE9-9DE9-E6976C655E8F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_fc640_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6E643BF-C1E1-4B72-9904-0EDD5AD6FD60",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_fc640:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9C59D4B-1122-4782-A686-559E7DF8C3C9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_m640_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8D7ED32-1674-4F10-B1F8-B30FCF5232A8",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_m640:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F8B50A1-577F-451E-8D03-C8A6A78000DC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_mx740c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "296BDDBF-6C54-4D65-8C9D-C4639074A9AD",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_mx740c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "757039D5-60B9-40B0-B719-38E27409BDDE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_mx840c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "31A27B9B-3B03-41C5-913F-1119B6E7E238",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_mx840c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4305D0F-CB59-49D5-8D21-8ECC3342C36C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_c4140_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "630E8769-99DD-4062-8BC4-A793816C5D76",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_c4140:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9ACC9B8-C046-4304-BA58-7D6D7945BE95",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:dss_8440_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F862C85D-F4DC-4B11-826A-C6AD3AEBB0A8",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:dss_8440:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "239C2103-C4BB-4C6A-8E09-C6F7D52024D3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_xe2420_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAF0FAAA-AD3C-476D-AAF5-C566A1B1E865",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_xe2420:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "30D12E41-8F03-435C-B137-CD3465923E5C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_xe7420_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "43348CD0-0B16-4798-85B3-58017417B7C2",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_xe7420:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB402EFE-DEFF-40D1-B1C8-8A7D6923669E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:poweredge_xe7440_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "372DC8AD-61A4-4353-B7DE-71DFA5440401",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:poweredge_xe7440:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB265071-7294-4317-A854-0D90844CDC17",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:emc_storage_nx3240_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "58815A75-5427-48FE-98E5-6FBF5D022E46",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:emc_storage_nx3240:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFCDCB3C-4995-4211-8592-3D7F94098A26",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:emc_storage_nx3340_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6C5E7C0-E28C-4D45-AC2D-518FC3E72D49",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:emc_storage_nx3340:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "66F375D2-85E4-4994-AE90-99D25A50F9AD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:emc_xc_core_6420_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B14BA9CF-84BE-406F-AE9C-48418E9045B3",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:emc_xc_core_6420:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A54DBA6D-E506-4557-8659-1707F6C9D02F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:emc_xc_core_xc640_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4884D9D6-3EE9-4041-9D9D-188215F8C73D",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:emc_xc_core_xc640:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EE5A591-AFD4-43B0-9383-B2F306940679",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:emc_xc_core_xc740xd_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D897026E-70E2-40E7-A59C-E6A1F0FDFA02",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:emc_xc_core_xc740xd:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AD7E6DE-4B9B-4C23-81A1-D8D52D2E4215",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:emc_xc_core_xc740xd2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D21691-AA78-4603-9E46-12D3B4D64411",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:emc_xc_core_xc740xd2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0127228B-FBC4-4C66-AFA1-749C151F79C5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:emc_xc_core_xc940_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "533FF26E-95F7-4CD7-BBCA-9A80831489A9",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:emc_xc_core_xc940:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A160D84-3C5D-4789-8AF3-B006A5956B3F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:emc_xc_core_xcxr2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "120AA799-23AE-4D51-8EC2-11A59A1E0EAB",
              "versionEndExcluding": "2.18.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:emc_xc_core_xcxr2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FF8CC72-C32F-476D-86D3-CFF022185D76",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "\nDell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.\n\n"
    }
  ],
  "id": "CVE-2023-25537",
  "lastModified": "2026-06-17T05:41:26.760",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 4.2,
        "source": "security_alert@emc.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "ssvcV203": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "ssvcData": {
          "id": "CVE-2023-25537",
          "options": [
            {
              "exploitation": "none"
            },
            {
              "automatable": "no"
            },
            {
              "technicalImpact": "total"
            }
          ],
          "role": "CISA Coordinator",
          "timestamp": "2025-01-21T15:06:34.370163Z",
          "version": "2.0.3"
        }
      }
    ]
  },
  "published": "2023-05-22T11:15:09.333",
  "references": [
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.dell.com/support/kbdoc/en-us/000213550/dsa-2023-098-security-update-for-dell-poweredge-14g-server-bios-for-an-out-of-bounds-write-vulnerability"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.dell.com/support/kbdoc/en-us/000213550/dsa-2023-098-security-update-for-dell-poweredge-14g-server-bios-for-an-out-of-bounds-write-vulnerability"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "security_alert@emc.com",
      "type": "Secondary"
    }
  ]
}

CVE-2023-25537 (GCVE-0-2023-25537)

Vulnerability from cvelistv5 – Published: 2023-05-22 10:48 – Updated: 2025-01-21 15:07

Summary

Severity

6.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-787 - Out-of-bounds Write

Assigner

dell

References

1 reference

URL	Tags
https://www.dell.com/support/kbdoc/en-us/00021355…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Dell	PowerEdge Platform	Affected: Versions prior to 2.18.1

Date Public

2023-05-15 06:30

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:25:18.634Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/kbdoc/en-us/000213550/dsa-2023-098-security-update-for-dell-poweredge-14g-server-bios-for-an-out-of-bounds-write-vulnerability"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-25537",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-21T15:06:34.370163Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-21T15:07:54.481Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "BIOS",
            "PowerEdge R740",
            "PowerEdge R740XD",
            "PowerEdge R640",
            "PowerEdge R940",
            "PowerEdge R540",
            "PowerEdge R440",
            "PowerEdge T440",
            "PowerEdge XR2",
            "PowerEdge R740xD2",
            "PowerEdge R840",
            "PowerEdge R940xa",
            "PowerEdge T640",
            "PowerEdge C6420",
            "PowerEdge FC640",
            "PowerEdge M640",
            "PowerEdge M640 (for PE VRTX)",
            "PowerEdge MX740c",
            "PowerEdge MX840c",
            "PowerEdge C4140",
            "DSS 8440",
            "PowerEdge XE2420",
            "PowerEdge XE7420",
            "PowerEdge XE7440",
            "Dell EMC Storage NX3240",
            "Dell EMC Storage NX3340",
            "Dell EMC XC Core 6420 System",
            "Dell EMC XC Core XC640 System",
            "Dell EMC XC Core XC740xd System",
            "Dell EMC XC Core XC740xd2",
            "Dell EMC XC Core XC940 System",
            "Dell EMC XC Core XCXR2"
          ],
          "product": "PowerEdge Platform",
          "vendor": "Dell",
          "versions": [
            {
              "status": "affected",
              "version": "Versions prior to 2.18.1 "
            }
          ]
        }
      ],
      "datePublic": "2023-05-15T06:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.\u003c/span\u003e\n\n"
            }
          ],
          "value": "\nDell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787: Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-22T10:48:45.847Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000213550/dsa-2023-098-security-update-for-dell-poweredge-14g-server-bios-for-an-out-of-bounds-write-vulnerability"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2023-25537",
    "datePublished": "2023-05-22T10:48:45.847Z",
    "dateReserved": "2023-02-07T09:35:27.079Z",
    "dateUpdated": "2025-01-21T15:07:54.481Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2023-25537

CVE-2023-25537 (GCVE-0-2023-25537)

Tags

Sightings

Nomenclature