github - ghsa-42c8-mv2f-c47w

GHSA-42C8-MV2F-C47W

Vulnerability from github – Published: 2023-09-15 09:30 – Updated: 2024-04-04 07:42

Details

Dell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, leading to corrupt memory and potentially escalate privileges.

Severity ?

5.0 (Medium)


                  
                    CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-32461"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-122"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-15T07:15:09Z",
    "severity": "MODERATE"
  },
  "details": "\nDell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow vulnerability.  A local malicious user with high privileges could potentially exploit this vulnerability, leading to corrupt memory and potentially escalate privileges. \u00a0\n\n",
  "id": "GHSA-42c8-mv2f-c47w",
  "modified": "2024-04-04T07:42:06Z",
  "published": "2023-09-15T09:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32461"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000216543/dsa-2023-292-security-update-for-dell-poweredge-server-bios-vulnerability"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2023-32461 (GCVE-0-2023-32461)

Vulnerability from cvelistv5 – Published: 2023-09-15 06:56 – Updated: 2024-09-25 14:12

Summary

Severity ?

5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L

CWE

CWE-122 - Heap-based Buffer Overflow

Assigner

dell

References

URL

Tags

https://www.dell.com/support/kbdoc/en-us/00021654…

vendor-advisory

Impacted products

	Vendor	Product	Version
	Dell	PowerEdge Platform	Affected: Versions prior to 1.5.6 Affected: Versions prior to 1.1.3 Affected: Versions prior to 1.1.4 Affected: Versions prior to 1.2.5 Affected: Versions prior to 1.3.11 Affected: Versions prior to 1.10.2 Affected: Versions prior to 1.6.3 Affected: Versions prior to 1.10.4 Affected: Versions prior to 2.11.4 Affected: Versions prior to 2.11.3 Affected: Versions prior to Before 1.11.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:18:37.226Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/kbdoc/en-us/000216543/dsa-2023-292-security-update-for-dell-poweredge-server-bios-vulnerability"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-32461",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-25T14:01:49.731484Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-25T14:12:53.858Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "BIOS",
          "platforms": [
            "PowerEdge R660",
            "PowerEdge R760",
            "PowerEdge C6620",
            "PowerEdge MX760c",
            "PowerEdge R860",
            "PowerEdge R960",
            "PowerEdge HS5610",
            "PowerEdge HS5620",
            "PowerEdge R660xs",
            "PowerEdge R760xs",
            "PowerEdge R760xd2",
            "PowerEdge T560",
            "PowerEdge R760xa",
            "PowerEdge XE9680",
            "PowerEdge XR5610",
            "PowerEdge XR8620t",
            "PowerEdge XR7620",
            "PowerEdge XE8640",
            "PowerEdge R6615",
            "PowerEdge R7615",
            "PowerEdge R6625",
            "PowerEdge R7625",
            "PowerEdge R650",
            "PowerEdge R750",
            "PowerEdge R750XA",
            "PowerEdge C6520",
            "PowerEdge MX750C",
            "PowerEdge R550",
            "PowerEdge R450",
            "PowerEdge R650XS",
            "PowerEdge R750XS",
            "PowerEdge T550",
            "PowerEdge XR11",
            "PowerEdge XR12",
            "PowerEdge T150",
            "PowerEdge T350",
            "PowerEdge R250",
            "PowerEdge R350",
            "PowerEdge XR4510c",
            "PowerEdge XR4520c",
            "PowerEdge R6515",
            "PowerEdge R6525",
            "PowerEdge R7515",
            "PowerEdge R7525",
            "PowerEdge C6525",
            "PowerEdge XE8545",
            "Dell EMC XC Core XC450",
            "Dell EMC XC Core XC650",
            "Dell EMC XC Core XC750",
            "Dell EMC XC Core XC750xa",
            "Dell EMC XC Core XC6520",
            "Dell EMC XC Core XC7525"
          ],
          "product": "PowerEdge Platform",
          "vendor": "Dell",
          "versions": [
            {
              "status": "affected",
              "version": "Versions prior to 1.5.6"
            },
            {
              "status": "affected",
              "version": "Versions prior to 1.1.3"
            },
            {
              "status": "affected",
              "version": "Versions prior to 1.1.4"
            },
            {
              "status": "affected",
              "version": "Versions prior to 1.2.5"
            },
            {
              "status": "affected",
              "version": "Versions prior to 1.3.11"
            },
            {
              "status": "affected",
              "version": "Versions prior to 1.10.2"
            },
            {
              "status": "affected",
              "version": "Versions prior to 1.6.3"
            },
            {
              "status": "affected",
              "version": "Versions prior to 1.10.4"
            },
            {
              "status": "affected",
              "version": "Versions prior to 2.11.4"
            },
            {
              "status": "affected",
              "version": "Versions prior to 2.11.3"
            },
            {
              "status": "affected",
              "version": "Versions prior to Before 1.11.2"
            }
          ]
        }
      ],
      "datePublic": "2023-09-14T06:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow vulnerability.  A local malicious user with high privileges could potentially exploit this vulnerability, leading to corrupt memory and potentially escalate privileges. \u0026nbsp;\u003c/span\u003e\n\n"
            }
          ],
          "value": "\nDell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow vulnerability.  A local malicious user with high privileges could potentially exploit this vulnerability, leading to corrupt memory and potentially escalate privileges. \u00a0\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-15T06:56:54.605Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000216543/dsa-2023-292-security-update-for-dell-poweredge-server-bios-vulnerability"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2023-32461",
    "datePublished": "2023-09-15T06:56:54.605Z",
    "dateReserved": "2023-05-09T06:05:24.994Z",
    "dateUpdated": "2024-09-25T14:12:53.858Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-42C8-MV2F-C47W

CVE-2023-32461 (GCVE-0-2023-32461)

Tags

Sightings

Nomenclature