Vulnerability Details : CVE-2023-32460
Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.
Vulnerability category: Gain privilege
Products affected by CVE-2023-32460
- cpe:2.3:o:dell:poweredge_r640_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r740_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r740xd_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r940_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r540_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r440_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_t440_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_xr2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r740xd2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r840_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r940xa_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_t640_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_c6420_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_fc640_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_m640_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_mx740c_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_mx840c_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_c4140_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_t140_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_t340_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r240_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r340_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r6415_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r7415_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r7425_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r6515_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r7515_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r6525_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r7525_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_c6525_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:nx430_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:nx3230_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:nx3330_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:dss_8440_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_xe2420_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_xe7420_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_xe7440_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:emc_storage_nx3240_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:emc_storage_nx3340_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:emc_xc_core_6420_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:emc_xc_core_xc640_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:emc_xc_core_xc740xd_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:emc_xc_core_xc740xd2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:emc_xc_core_xc940_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:emc_xc_core_xcxr2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r660_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r760_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_c6620_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_mx760c_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r860_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r960_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_hs5610_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_hs5620_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r660xs_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r760xs_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r760xd2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_t560_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r760xa_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_xe9680_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_xr5610_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_xr8620t_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_xr7620_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_xe8640_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r6615_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r7615_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r6625_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r7625_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r650_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r750_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r750xa_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_c6520_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_mx750c_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r550_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r450_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r650xs_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r750xs_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_t550_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_xr11_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_xr12_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_t150_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_t350_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r250_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r350_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_xr4510c_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_xr4520c_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_xe8545_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:emc_xc_core_xc450_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:emc_xc_core_xc650_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:emc_xc_core_xc750_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:emc_xc_core_xc750xa_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:emc_xc_core_xc6520_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:emc_xc_core_xc7525_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_xr8610t_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_xe9640_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_c6615_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r930_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r730_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r730xd_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r630_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_c4130_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_m630_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_fc630_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_fc430_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_m830_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_fc830_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_t630_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r530_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r430_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_t430_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_c6320_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_t130_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r230_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_t330_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r330_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r830_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_m640_\(pe_vrtx\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_m630_\(pe_vrtx\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_m830_\(pe_vrtx\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:emc_nx440_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:xc_core_xc660_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:xc_core_xc760_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:xc6320_hyperconverged_appliance_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:xc430_hyperconverged_appliance_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:xc630_hyperconverged_appliance_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:xc730_hyperconverged_appliance_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:xc730xd_hyperconverged_appliance_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-32460
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-32460
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
2.0
|
6.0
|
Dell |
CWE ids for CVE-2023-32460
-
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.Assigned by:
- nvd@nist.gov (Primary)
- security_alert@emc.com (Secondary)
References for CVE-2023-32460
-
https://www.dell.com/support/kbdoc/en-us/000219550/dsa-2023-361-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerability
DSA-2023-361: Security Update for Dell PowerEdge Server BIOS for an Improper Privilege Management Security Vulnerability | Dell USVendor Advisory
Jump to