#VU80863 Buffer overflow in Dell products - CVE-2023-32461
Vulnerability identifier: #VU80863
Vulnerability risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
PowerEdge R660
Hardware solutions /
Firmware
PowerEdge R760
Hardware solutions /
Firmware
PowerEdge C6620
Hardware solutions /
Firmware
PowerEdge MX760c
Hardware solutions /
Firmware
PowerEdge R860
Hardware solutions /
Firmware
PowerEdge R960
Hardware solutions /
Firmware
PowerEdge HS5610
Hardware solutions /
Firmware
PowerEdge HS5620
Hardware solutions /
Firmware
PowerEdge R660xs
Hardware solutions /
Firmware
PowerEdge R760xs
Hardware solutions /
Firmware
PowerEdge R760xd2
Hardware solutions /
Firmware
PowerEdge T560
Hardware solutions /
Firmware
PowerEdge R760xa
Hardware solutions /
Firmware
PowerEdge XE9680
Hardware solutions /
Firmware
PowerEdge XR5610
Hardware solutions /
Firmware
PowerEdge XR8620t
Hardware solutions /
Firmware
PowerEdge XR7620
Hardware solutions /
Firmware
PowerEdge XE8640
Hardware solutions /
Firmware
PowerEdge R6615
Hardware solutions /
Firmware
PowerEdge R7615
Hardware solutions /
Firmware
PowerEdge R6625
Hardware solutions /
Firmware
PowerEdge R7625
Hardware solutions /
Firmware
PowerEdge R650
Hardware solutions /
Firmware
PowerEdge R750
Hardware solutions /
Firmware
PowerEdge R750XA
Hardware solutions /
Firmware
PowerEdge C6520
Hardware solutions /
Firmware
PowerEdge MX750c
Hardware solutions /
Firmware
PowerEdge R550
Hardware solutions /
Firmware
PowerEdge R450
Hardware solutions /
Firmware
PowerEdge R650XS
Hardware solutions /
Firmware
PowerEdge R750XS
Hardware solutions /
Firmware
PowerEdge T550
Hardware solutions /
Firmware
PowerEdge XR11
Hardware solutions /
Firmware
PowerEdge XR12
Hardware solutions /
Firmware
PowerEdge T150
Hardware solutions /
Firmware
PowerEdge T350
Hardware solutions /
Firmware
PowerEdge R250
Hardware solutions /
Firmware
PowerEdge R350
Hardware solutions /
Firmware
PowerEdge XR4510c
Hardware solutions /
Firmware
PowerEdge XR4520c
Hardware solutions /
Firmware
Dell EMC XC Core XC450
Hardware solutions /
Firmware
Dell EMC XC Core XC650
Hardware solutions /
Firmware
Dell EMC XC Core XC750
Hardware solutions /
Firmware
Dell EMC XC Core XC750xa
Hardware solutions /
Firmware
Dell EMC XC Core XC6520
Hardware solutions /
Firmware
Dell EMC XC Core XC7525
Hardware solutions /
Firmware
PowerEdge R6515
Server applications /
Other server solutions
PowerEdge R6525
Server applications /
Other server solutions
PowerEdge R7515
Server applications /
Other server solutions
PowerEdge R7525
Server applications /
Other server solutions
PowerEdge C6525
Server applications /
Other server solutions
PowerEdge XE8545
Server applications /
Other server solutions
Vendor: Dell
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in Dell PowerEdge BIOS and Dell Precision BIOS firmware. local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
PowerEdge R660: before 1.5.6
PowerEdge R760: before 1.5.6
PowerEdge C6620: before 1.5.6
PowerEdge MX760c: before 1.5.6
PowerEdge R860: before 1.5.6
PowerEdge R960: before 1.5.6
PowerEdge HS5610: before 1.5.6
PowerEdge HS5620: before 1.5.6
PowerEdge R660xs: before 1.5.6
PowerEdge R760xs: before 1.5.6
PowerEdge R760xd2: before 1.5.6
PowerEdge T560: before 1.5.6
PowerEdge R760xa: before 1.1.3
PowerEdge XE9680: before 1.1.3
PowerEdge XR5610: before 1.1.4
PowerEdge XR8620t: before 1.1.3
PowerEdge XR7620: before 1.5.6
PowerEdge XE8640: before 1.2.5
PowerEdge R6615: before 1.3.11
PowerEdge R7615: before 1.3.11
PowerEdge R6625: before 1.3.11
PowerEdge R7625: before 1.3.11
PowerEdge R650: before 1.10.2
PowerEdge R750: before 1.10.2
PowerEdge R750XA: before 1.10.2
PowerEdge C6520: before 1.10.2
PowerEdge MX750c: before 1.10.2
PowerEdge R550: before 1.10.2
PowerEdge R450: before 1.10.2
PowerEdge R650XS: before 1.10.2
PowerEdge R750XS: before 1.10.2
PowerEdge T550: before 1.10.2
PowerEdge XR11: before 1.10.2
PowerEdge XR12: before 1.10.2
PowerEdge T150: before 1.6.3
PowerEdge T350: before 1.6.3
PowerEdge R250: before 1.6.3
PowerEdge R350: before 1.6.3
PowerEdge XR4510c: before 1.10.4
PowerEdge XR4520c: before 1.10.4
PowerEdge R6515: before 2.11.4
PowerEdge R6525: before 2.11.3
PowerEdge R7515: before 2.11.4
PowerEdge R7525: before 2.11.3
PowerEdge C6525: before 2.11.3
PowerEdge XE8545: before 2.11.3
Dell EMC XC Core XC450: before 1.11.2
Dell EMC XC Core XC650: before 1.11.2
Dell EMC XC Core XC750: before 1.11.2
Dell EMC XC Core XC750xa: before 1.11.2
Dell EMC XC Core XC6520: before 1.11.2
Dell EMC XC Core XC7525: before 2.11.3
External links
https://www.dell.com/support/kbdoc/nl-nl/000216543/dsa-2023-292-security-update-for-dell-poweredge-server-bios-vulnerability
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
