CVE-2023-25537

Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
dellCNA
6.1 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
VendorProductVersion
dellpoweredge_r740_firmware
𝑥
< 2.18.1
dellpoweredge_r740xd_firmware
𝑥
< 2.18.1
dellpoweredge_r640_firmware
𝑥
< 2.18.1
dellpoweredge_r940_firmware
𝑥
< 2.18.1
dellpoweredge_r540_firmware
𝑥
< 2.18.1
dellpoweredge_r440_firmware
𝑥
< 2.18.1
dellpoweredge_t440_firmware
𝑥
< 2.18.1
dellpoweredge_xr2_firmware
𝑥
< 2.18.1
dellpoweredge_r740xd2_firmware
𝑥
< 2.18.1
dellpoweredge_r840_firmware
𝑥
< 2.18.1
dellpoweredge_r940xa_firmware
𝑥
< 2.18.1
dellpoweredge_t640_firmware
𝑥
< 2.18.1
dellpoweredge_c6420_firmware
𝑥
< 2.18.1
dellpoweredge_fc640_firmware
𝑥
< 2.18.1
dellpoweredge_m640_firmware
𝑥
< 2.18.1
dellpoweredge_mx740c_firmware
𝑥
< 2.18.1
dellpoweredge_mx840c_firmware
𝑥
< 2.18.1
dellpoweredge_c4140_firmware
𝑥
< 2.18.1
delldss_8440_firmware
𝑥
< 2.18.1
dellpoweredge_xe2420_firmware
𝑥
< 2.18.1
dellpoweredge_xe7420_firmware
𝑥
< 2.18.1
dellpoweredge_xe7440_firmware
𝑥
< 2.18.1
dellemc_storage_nx3240_firmware
𝑥
< 2.18.1
dellemc_storage_nx3340_firmware
𝑥
< 2.18.1
dellemc_xc_core_6420_firmware
𝑥
< 2.18.1
dellemc_xc_core_xc640_firmware
𝑥
< 2.18.1
dellemc_xc_core_xc740xd_firmware
𝑥
< 2.18.1
dellemc_xc_core_xc740xd2_firmware
𝑥
< 2.18.1
dellemc_xc_core_xc940_firmware
𝑥
< 2.18.1
dellemc_xc_core_xcxr2_firmware
𝑥
< 2.18.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.dell.com/support/kbdoc/en-us/000213550/dsa-2023-098-security-update-for-dell-poweredge-14g-server-bios-for-an-out-of-bounds-write-vulnerability
https://www.dell.com/support/kbdoc/en-us/000213550/dsa-2023-098-security-update-for-dell-poweredge-14g-server-bios-for-an-out-of-bounds-write-vulnerability