Vulnerability Details : CVE-2023-32461
Dell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, leading to corrupt memory and potentially escalate privileges.
Vulnerability category: Overflow
Products affected by CVE-2023-32461
- cpe:2.3:o:dell:poweredge_r6515_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r7515_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r6525_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r7525_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_c6525_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r660_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r760_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_c6620_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_mx760c_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r860_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r960_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_hs5610_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_hs5620_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r660xs_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r760xs_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r760xd2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_t560_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r760xa_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_xe9680_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_xr5610_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_xr8620t_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_xr7620_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_xe8640_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r6615_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r7615_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r6625_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r7625_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r650_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r750_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r750xa_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_c6520_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_mx750c_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r550_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r450_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r650xs_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r750xs_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_t550_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_xr11_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_xr12_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_t150_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_t350_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r250_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_r350_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_xr4510c_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_xr4520c_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_xr4520c_firmware:1.10.4:*:*:*:*:*:*:*
- cpe:2.3:o:dell:poweredge_xe8545_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:emc_xc_core_xc450_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:emc_xc_core_xc650_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:emc_xc_core_xc750_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:emc_xc_core_xc750xa_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:emc_xc_core_xc6520_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:emc_xc_core_xc7525_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-32461
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 21 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-32461
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.7
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
0.8
|
5.9
|
NIST | |
|
5.0
|
MEDIUM | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L |
0.8
|
3.7
|
Dell |
CWE ids for CVE-2023-32461
-
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().Assigned by: security_alert@emc.com (Primary)
References for CVE-2023-32461
-
https://www.dell.com/support/kbdoc/en-us/000216543/dsa-2023-292-security-update-for-dell-poweredge-server-bios-vulnerability
DSA-2023-292: Security Update for Dell PowerEdge Server BIOS Vulnerability | Dell USVendor Advisory
Jump to