#VU80863 Buffer overflow in Dell products - CVE-2023-32461

Vulnerability identifier: #VU80863

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-32461

CWE-ID: CWE-119

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
PowerEdge R660
PowerEdge R760
PowerEdge C6620
PowerEdge MX760c
PowerEdge R860
PowerEdge R960
PowerEdge HS5610
PowerEdge HS5620
PowerEdge R660xs
PowerEdge R760xs
PowerEdge R760xd2
PowerEdge T560
PowerEdge R760xa
PowerEdge XE9680
PowerEdge XR5610
PowerEdge XR8620t
PowerEdge XR7620
PowerEdge XE8640
PowerEdge R6615
PowerEdge R7615
PowerEdge R6625
PowerEdge R7625
PowerEdge R650
PowerEdge R750
PowerEdge R750XA
PowerEdge C6520
PowerEdge MX750c
PowerEdge R550
PowerEdge R450
PowerEdge R650XS
PowerEdge R750XS
PowerEdge T550
PowerEdge XR11
PowerEdge XR12
PowerEdge T150
PowerEdge T350
PowerEdge R250
PowerEdge R350
PowerEdge XR4510c
PowerEdge XR4520c
Dell EMC XC Core XC450
Dell EMC XC Core XC650
Dell EMC XC Core XC750
Dell EMC XC Core XC750xa
Dell EMC XC Core XC6520
Dell EMC XC Core XC7525
PowerEdge R6515
PowerEdge R6525
PowerEdge R7515
PowerEdge R7525
PowerEdge C6525
PowerEdge XE8545

Software vendor:
Dell

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in Dell PowerEdge BIOS and Dell Precision BIOS firmware. local user can trigger memory corruption and execute arbitrary code with elevated privileges.

Install updates from vendor's website.

• https://www.dell.com/support/kbdoc/nl-nl/000216543/dsa-2023-292-security-update-for-dell-poweredge-server-bios-vulnerability