CVE-2023-44297

EUVD-2023-48653
Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information disclosure, information tampering, code execution, denial of service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.1 HIGH
PHYSICAL
HIGH
NONE
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L
dellCNA
7.1 HIGH
PHYSICAL
HIGH
NONE
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
Affected Products (NVD)
VendorProductVersion
dellpoweredge_r660_firmware
1.4.4
dellpoweredge_r760_firmware
1.4.4
dellpoweredge_c6620_firmware
1.4.4
dellpoweredge_mx760c_firmware
1.4.4
dellpoweredge_r860_firmware
1.4.4
dellpoweredge_r960_firmware
1.4.4
dellpoweredge_hs5610_firmware
1.4.4
dellpoweredge_hs5620_firmware
1.4.4
dellpoweredge_r660xs_firmware
1.4.4
dellpoweredge_r760xs_firmware
1.4.4
dellpoweredge_r760xd2_firmware
1.4.4
dellpoweredge_t560_firmware
1.4.4
dellpoweredge_r760xa_firmware
1.4.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.dell.com/support/kbdoc/en-us/000220047/dsa-2023-429-security-update-for-dell-16g-poweredge-server-bios-for-a-debug-code-security-vulnerability
https://www.dell.com/support/kbdoc/en-us/000220047/dsa-2023-429-security-update-for-dell-16g-poweredge-server-bios-for-a-debug-code-security-vulnerability