Dell Client Platform update for INSYDE UEFI BIOS
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2023-30633 |
| CWE-ID | CWE-254 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Vostro 5625 Hardware solutions / Firmware Vostro 5515 Hardware solutions / Firmware Vostro 5415 Hardware solutions / Firmware Vostro 3525 Hardware solutions / Firmware Vostro 3515 Hardware solutions / Firmware Vostro 3425 Hardware solutions / Firmware Vostro 3405 Hardware solutions / Firmware Vostro 16 5635 Hardware solutions / Firmware Vostro 15 3535 Hardware solutions / Firmware Vostro 14 3435 Hardware solutions / Firmware Inspiron 7415 2-in-1 Hardware solutions / Firmware Inspiron 7405 2-in-1 Hardware solutions / Firmware Inspiron 5515 Hardware solutions / Firmware Inspiron 5505 Hardware solutions / Firmware Inspiron 5425 Hardware solutions / Firmware Inspiron 5415 Hardware solutions / Firmware Inspiron 5405 Hardware solutions / Firmware Inspiron 3785 Hardware solutions / Firmware Inspiron 3585 Hardware solutions / Firmware Inspiron 3515 Hardware solutions / Firmware Inspiron 3505 Hardware solutions / Firmware Inspiron 16 7635 2-in-1 Hardware solutions / Firmware Inspiron 16 5635 Hardware solutions / Firmware Inspiron 15 3535 Hardware solutions / Firmware Inspiron 15 3525 Hardware solutions / Firmware Inspiron 14 7435 2-in-1 Hardware solutions / Firmware Inspiron 14 7425 2-in-1 Hardware solutions / Firmware Inspiron 14 5435 Hardware solutions / Firmware Dell G5 5505 Hardware solutions / Firmware Dell G15 5535 Hardware solutions / Firmware Dell G15 5525 Hardware solutions / Firmware Dell G15 5515 Hardware solutions / Firmware Alienware m18 Hardware solutions / Firmware Alienware m17 R5 AMD Hardware solutions / Firmware Alienware m16 R1 AMD Hardware solutions / Firmware Alienware m15 Ryzen Edition R5 Hardware solutions / Firmware Alienware m15 R7 AMD Hardware solutions / Firmware |
| Vendor | Dell |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Security features bypass
EUVDB-ID: #VU81907
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-30633
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows an attacker to bypass implemented security restrictions.
The vulnerability exists within the TrEEConfigDriver driver that can report false TPM PCR values. An attacker with physical access to device can write arbitrary values into Platform Configuration Register (PCR) banks and mask malicious activity on the device.
Install update from vendor's website.
Vulnerable software versionsVostro 5625: before 1.12.1
Vostro 5515: before 1.18.1
Vostro 5415: before 1.18.1
Vostro 3525: before 1.13.0
Vostro 3515: before 1.15.1
Vostro 3425: before 1.13.0
Vostro 3405: before 1.15.1
Vostro 16 5635: before 1.6.1
Vostro 15 3535: before 1.6.0
Vostro 14 3435: before 1.6.0
Inspiron 7415 2-in-1: before 1.18.1
Inspiron 7405 2-in-1: before 1.14.2
Inspiron 5515: before 1.18.1
Inspiron 5505: before 1.13.2
Inspiron 5425: before 1.12.1
Inspiron 5415: before 1.15.0
Inspiron 5405: before 1.13.2
Inspiron 3785: before 1.15.0
Inspiron 3585: before 1.15.0
Inspiron 3515: before 1.15.1
Inspiron 3505: before 1.15.1
Inspiron 16 7635 2-in-1: before 1.6.1
Inspiron 16 5635: before 1.6.1
Inspiron 15 3535: before 1.6.0
Inspiron 15 3525: before 1.13.0
Inspiron 14 7435 2-in-1: before 1.6.1
Inspiron 14 7425 2-in-1: before 1.12.1
Inspiron 14 5435: before 1.6.1
Dell G5 5505: before 1.17.2
Dell G15 5535: before 1.3.0
Dell G15 5525: before 1.11.1
Dell G15 5515: before 1.14.0
Alienware m18: before 1.7.0
Alienware m17 R5 AMD: before 1.11.1
Alienware m16 R1 AMD: before 1.7.0
Alienware m15 Ryzen Edition R5: before 1.15.0
Alienware m15 R7 AMD: before 1.11.1
CPE2.3- cpe:2.3:h:dell:vostro_5625:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:vostro_5515:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:vostro_5415:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:vostro_3525:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:vostro_3515:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:vostro_3425:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:vostro_3405:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:vostro_16_5635:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:vostro_15_3535:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:vostro_14_3435:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:inspiron_7415_2-in-1:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:inspiron_7405_2-in-1:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:inspiron_5515:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:inspiron_5505:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:inspiron_5425:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:inspiron_5415:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:inspiron_5405:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:inspiron_3785:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:inspiron_3585:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:inspiron_3515:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:inspiron_3505:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:inspiron_16_7635_2-in-1:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:inspiron_16_5635:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:inspiron_15_3535:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:inspiron_15_3525:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:inspiron_14_7435_2-in-1:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:inspiron_14_7425_2-in-1:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:inspiron_14_5435:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:dell_g5_5505:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:dell_g15_5535:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:dell_g15_5525:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:dell_g15_5515:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:alienware_m18:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:alienware_m17_r5_amd:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:alienware_m16_r1_amd:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:alienware_m15_ryzen_edition_r5:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:alienware_m15_r7_amd:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
