#VU76168 Out-of-bounds write in Dell products - CVE-2023-25537
Published: May 16, 2023
Vulnerability identifier: #VU76168
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-25537
CWE-ID: CWE-787
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
PowerEdge R740
PowerEdge R740XD
PowerEdge R640
PowerEdge R940
PowerEdge R540
PowerEdge R440
PowerEdge T440
PowerEdge XR2
PowerEdge R740XD2
PowerEdge R840
PowerEdge R940XA
PowerEdge T640
PowerEdge C6420
PowerEdge FC640
PowerEdge M640
PowerEdge M640 (for PE VRTX)
PowerEdge MX740C
PowerEdge MX840C
PowerEdge C4140
DSS 8440
PowerEdge XE2420
PowerEdge XE7420
PowerEdge XE7440
Dell EMC Storage NX3240
Dell EMC Storage NX3340
Dell EMC XC Core 6420 System
Dell EMC XC Core XC640 System
Dell EMC XC Core XC740xd System
Dell EMC XC Core XC740xd2
Dell EMC XC Core XC940 System
Dell EMC XC Core XCXR2
PowerEdge R740
PowerEdge R740XD
PowerEdge R640
PowerEdge R940
PowerEdge R540
PowerEdge R440
PowerEdge T440
PowerEdge XR2
PowerEdge R740XD2
PowerEdge R840
PowerEdge R940XA
PowerEdge T640
PowerEdge C6420
PowerEdge FC640
PowerEdge M640
PowerEdge M640 (for PE VRTX)
PowerEdge MX740C
PowerEdge MX840C
PowerEdge C4140
DSS 8440
PowerEdge XE2420
PowerEdge XE7420
PowerEdge XE7440
Dell EMC Storage NX3240
Dell EMC Storage NX3340
Dell EMC XC Core 6420 System
Dell EMC XC Core XC640 System
Dell EMC XC Core XC740xd System
Dell EMC XC Core XC740xd2
Dell EMC XC Core XC940 System
Dell EMC XC Core XCXR2
Software vendor:
Dell
Dell
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in System Management Mode. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Remediation
Install updates from vendor's website.