CVE-2023-44298

Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information tampering, code execution, denial of service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.6 LOW
PHYSICAL
HIGH
NONE
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L
dellCNA
3.6 LOW
PHYSICAL
HIGH
NONE
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
VendorProductVersion
dellpoweredge_r660_firmware
1.4.4
dellpoweredge_r760_firmware
1.4.4
dellpoweredge_c6620_firmware
1.4.4
dellpoweredge_mx760c_firmware
1.4.4
dellpoweredge_r860_firmware
1.4.4
dellpoweredge_r960_firmware
1.4.4
dellpoweredge_hs5610_firmware
1.4.4
dellpoweredge_hs5620_firmware
1.4.4
dellpoweredge_r660xs_firmware
1.4.4
dellpoweredge_r760xs_firmware
1.4.4
dellpoweredge_r760xd2_firmware
1.4.4
dellpoweredge_t560_firmware
1.4.4
dellpoweredge_r760xa_firmware
1.4.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.dell.com/support/kbdoc/en-us/000220047/dsa-2023-429-security-update-for-dell-16g-poweredge-server-bios-for-a-debug-code-security-vulnerability
https://www.dell.com/support/kbdoc/en-us/000220047/dsa-2023-429-security-update-for-dell-16g-poweredge-server-bios-for-a-debug-code-security-vulnerability