CVE-2023-32453 | Severity.io

Description

Dell BIOS contains an improper authentication vulnerability. A malicious user with physical access to the system may potentially exploit this vulnerability in order to modify a security-critical UEFI variable without knowledge of the BIOS administrator.

Related CPE's

alienware_m15_r7_firmware

Vulnerable

alienware_m15_r7

alienware_m16_firmware

Vulnerable

alienware_m18_firmware

Vulnerable

chengming_3900_firmware

Vulnerable

chengming_3901_firmware

Vulnerable

chengming_3910_firmware

Vulnerable

chengming_3911_firmware

Vulnerable

g15_5520_firmware

Vulnerable

g16_7620_firmware

Vulnerable

g3_3500_firmware

Vulnerable

g5_15_5500_firmware

Vulnerable

g7_15_7500_firmware

Vulnerable

g7_17_7700_firmware

Vulnerable

precision_5680_firmware

Vulnerable

inspiron_14_5410_firmware

Vulnerable

inspiron_14_5410

inspiron_14_5418_firmware

Vulnerable

inspiron_14_5418

inspiron_15_3511_firmware

Vulnerable

inspiron_15_3511

inspiron_15_5510_firmware

Vulnerable

inspiron_15_5510

inspiron_15_5518_firmware

Vulnerable

inspiron_15_5518

inspiron_24_5420_all-in-one_firmware

Vulnerable

inspiron_24_5420_all-in-one

inspiron_24_5421_all-in-one_firmware

Vulnerable

inspiron_24_5421_all-in-one

inspiron_27_7720_all-in-one_firmware

Vulnerable

inspiron_27_7720_all-in-one

inspiron_3020_small_desktop_firmware

Vulnerable

inspiron_3020_small_desktop

inspiron_3020_desktop_firmware

Vulnerable

inspiron_3020_desktop

inspiron_3493_firmware

Vulnerable

inspiron_3511_firmware

Vulnerable

inspiron_3593_firmware

Vulnerable

inspiron_3793_firmware

Vulnerable

inspiron_3891_firmware

Vulnerable

inspiron_3910_firmware

Vulnerable

inspiron_5410_firmware

Vulnerable

inspiron_5493_firmware

Vulnerable

inspiron_5593_firmware

Vulnerable

inspiron_7300_2-in-1_firmware

Vulnerable

inspiron_7300_2-in-1

inspiron_7490_firmware

Vulnerable

inspiron_7500_firmware

Vulnerable

inspiron_7500_2-in-1_black_firmware

Vulnerable

inspiron_7500_2-in-1_black

inspiron_7501_firmware

Vulnerable

inspiron_7510_firmware

Vulnerable

inspiron_7610_firmware

Vulnerable

latitude_3140_firmware

Vulnerable

latitude_3301_firmware

Vulnerable

latitude_3320_firmware

Vulnerable

latitude_3330_firmware

Vulnerable

latitude_3340_firmware

Vulnerable

latitude_3400_firmware

Vulnerable

latitude_3430_firmware

Vulnerable

latitude_3440_firmware

Vulnerable

latitude_3500_firmware

Vulnerable

latitude_3530_firmware

Vulnerable

latitude_3540_firmware

Vulnerable

latitude_5420_firmware

Vulnerable

latitude_5430_firmware

Vulnerable

latitude_5431_firmware

Vulnerable

latitude_7230_rugged_extreme_tablet_firmware

Vulnerable

latitude_7230_rugged_extreme_tablet

latitude_7320_firmware

Vulnerable

latitude_7420_firmware

Vulnerable

latitude_7520_firmware

Vulnerable

latitude_9330_firmware

Vulnerable

latitude_9520_firmware

Vulnerable

latitude_rugged_5430_firmware

Vulnerable

latitude_rugged_5430

latitude_rugged_7330_firmware

Vulnerable

latitude_rugged_7330

optiplex_3000_firmware

Vulnerable

optiplex_3000_thin_client_firmware

Vulnerable

optiplex_3000_thin_client

optiplex_5000_firmware

Vulnerable

optiplex_5090_firmware

Vulnerable

optiplex_5400_all-in-one_firmware

Vulnerable

optiplex_5400_all-in-one

optiplex_5490_all-in-one_firmware

Vulnerable

optiplex_5490_all-in-one

optiplex_7000_firmware

Vulnerable

optiplex_7090_firmware

Vulnerable

optiplex_7400_all-in-one_firmware

Vulnerable

optiplex_7400_all-in-one

optiplex_7490_all-in-one_firmware

Vulnerable

optiplex_7490_all-in-one

optiplex_7410_all-in-one_firmware

Vulnerable

optiplex_7410_all-in-one

optiplex_micro_plus_7010_firmware

Vulnerable

optiplex_micro_plus_7010

optiplex_small_form_factor_plus_7010_firmware

Vulnerable

optiplex_small_form_factor_plus_7010

optiplex_tower_plus_7010_firmware

Vulnerable

optiplex_tower_plus_7010

optiplex_xe4_firmware

Vulnerable

precision_3260_xe_compact_firmware

Vulnerable

precision_3260_xe_compact

precision_3260_compact_firmware

Vulnerable

precision_3260_compact

precision_3450_firmware

Vulnerable

precision_3460_xe_small_form_factor_firmware

Vulnerable

precision_3460_xe_small_form_factor

precision_3460_small_form_factor_firmware

Vulnerable

precision_3460_small_form_factor

precision_3470_firmware

Vulnerable

precision_3650_tower_firmware

Vulnerable

precision_3650_tower

precision_3660_firmware

Vulnerable

precision_5470_firmware

Vulnerable

precision_5570_firmware

Vulnerable

precision_5860_tower_firmware

Vulnerable

precision_5860_tower

precision_7960_tower_firmware

Vulnerable

precision_7960_tower

vostro_3020_sff_firmware

Vulnerable

vostro_3020_sff

vostro_3020_t_firmware

Vulnerable

vostro_3510_firmware

Vulnerable

vostro_3690_firmware

Vulnerable

vostro_3710_firmware

Vulnerable

vostro_3890_firmware

Vulnerable

vostro_3910_firmware

Vulnerable

vostro_5410_firmware

Vulnerable

vostro_5491_firmware

Vulnerable

vostro_5510_firmware

Vulnerable

vostro_5591_firmware

Vulnerable

vostro_5890_firmware

Vulnerable

vostro_7500_firmware

Vulnerable

vostro_7510_firmware

Vulnerable

xps_13_9305_firmware

Vulnerable

xps_13_7390_firmware

Vulnerable

xps_13_7390_2-in-1_firmware

Vulnerable

xps_13_7390_2-in-1

xps_13_9300_firmware

Vulnerable

xps_13_9310_firmware

Vulnerable

xps_13_9310_2-in-1_firmware

Vulnerable

xps_13_9310_2-in-1

xps_13_9315_firmware

Vulnerable

xps_15_9520_firmware

Vulnerable

References

https://www.dell.com/support/kbdoc/en-us/000215217/dsa-2023-190-dell-client-bios

Vendor Advisory

https://www.dell.com/support/kbdoc/en-us/000215217/dsa-2023-190-dell-client-bios

Vendor Advisory

Weaknesses

[email protected]

Secondary

CWE-287

CVSS impact metrics

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L

4.6 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-08-16T18:15:09.560Z

2 years ago

Last modified

2024-11-21T07:03:22.940Z

1 year ago