Vulnerability Details : CVE-2023-32475
Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially bypass security mechanisms to run arbitrary code on the system.
Products affected by CVE-2023-32475
- cpe:2.3:o:dell:inspiron_3505_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:inspiron_5405_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:inspiron_5415_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:inspiron_5505_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:inspiron_5515_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:vostro_3405_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:vostro_5415_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:vostro_5515_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:g15_5515_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:inspiron_14_5425_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:vostro_5625_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:alienware_aurora_r10_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:inspiron_7405_2-in-1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:g15_5525_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:alienware_m15_ryzen_edition_r5_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:alienware_m17_r5_amd_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:alienware_m18_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:alienware_aurora_r15_amd_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:alienware_aurora_ryzen_edition_r14_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:vostro_16_5635_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:vostro_15_3535_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:vostro_15_3525_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:vostro_15_3515_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:vostro_14_3435_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:vostro_14_3425_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:inspiron_7415_2-in-1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:inspiron_24_5415_all-in-one_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:inspiron_16_7635_2-in-1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:inspiron_16_5635_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:inspiron_16_5625_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:inspiron_15_3535_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:inspiron_15_3525_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:inspiron_15_3515_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:inspiron_14_7435_2-in-1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:inspiron_14_7425_2-in-1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:inspiron_14_5435_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:g5_5505_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:g15_5535_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:alienware_m16_r1_amd_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dell:alienware_m15_r7_amd_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-32475
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 23 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-32475
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.6
|
HIGH | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
N/A
|
N/A
|
Dell | 2024-06-07 |
7.6
|
HIGH | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
0.9
|
6.0
|
NIST | 2024-10-29 |
7.6
|
HIGH | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
0.9
|
6.0
|
Dell | 2024-06-07 |
CWE ids for CVE-2023-32475
-
The product uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum.Assigned by:
- c550e75a-17ff-4988-97f0-544cde3820fe (Primary)
- security_alert@emc.com (Primary)
References for CVE-2023-32475
-
https://www.dell.com/support/kbdoc/en-us/000215644/dsa-2023-222-security-update-for-an-amd-bios-vulnerability
DSA-2023-222: Security Update for Dell Client Platform AMD BIOS Vulnerability | Dell USVendor Advisory
Jump to