CVE-2023-32475 | THREATINT

Assigner	dell
Reserved	2023-05-09
Published	2024-06-07
Updated	2024-06-07

Description

Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially bypass security mechanisms to run arbitrary code on the system.

HIGH: 7.6

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-353: Missing Support for Integrity Check

Product status

Default status

unaffected

Any version before 2.6.0

affected

Any version before 1.13.0

affected

Any version before 2.16.0

unaffected

Any version before 1.15.0

affected

Any version before 1.16.0

affected

Any version before 1.9.0

affected

Any version before 1.5.0

affected

Any version before 1.18.0

affected

Any version before 1.8.0

affected

Any version before 1.15.1

affected

Any version before 1.12.0

affected

Any version before 1.17.0

affected

Any version before 1.14.0

affected

Any version before 1.19.0

affected

References

https://www.dell.com/support/kbdoc/en-us/000215644/dsa-2023-222-security-update-for-an-amd-bios-vulnerability vendor-advisory

cve.org CVE-2023-32475

nvd.nist.gov CVE-2023-32475

Download JSON