Vulnerability identifier: #VU80863

Vulnerability risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-32461

CWE-ID: CWE-119

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
PowerEdge R660
Hardware solutions / Firmware
PowerEdge R760
Hardware solutions / Firmware
PowerEdge C6620
Hardware solutions / Firmware
PowerEdge MX760c
Hardware solutions / Firmware
PowerEdge R860
Hardware solutions / Firmware
PowerEdge R960
Hardware solutions / Firmware
PowerEdge HS5610
Hardware solutions / Firmware
PowerEdge HS5620
Hardware solutions / Firmware
PowerEdge R660xs
Hardware solutions / Firmware
PowerEdge R760xs
Hardware solutions / Firmware
PowerEdge R760xd2
Hardware solutions / Firmware
PowerEdge T560
Hardware solutions / Firmware
PowerEdge R760xa
Hardware solutions / Firmware
PowerEdge XE9680
Hardware solutions / Firmware
PowerEdge XR5610
Hardware solutions / Firmware
PowerEdge XR8620t
Hardware solutions / Firmware
PowerEdge XR7620
Hardware solutions / Firmware
PowerEdge XE8640
Hardware solutions / Firmware
PowerEdge R6615
Hardware solutions / Firmware
PowerEdge R7615
Hardware solutions / Firmware
PowerEdge R6625
Hardware solutions / Firmware
PowerEdge R7625
Hardware solutions / Firmware
PowerEdge R650
Hardware solutions / Firmware
PowerEdge R750
Hardware solutions / Firmware
PowerEdge R750XA
Hardware solutions / Firmware
PowerEdge C6520
Hardware solutions / Firmware
PowerEdge MX750c
Hardware solutions / Firmware
PowerEdge R550
Hardware solutions / Firmware
PowerEdge R450
Hardware solutions / Firmware
PowerEdge R650XS
Hardware solutions / Firmware
PowerEdge R750XS
Hardware solutions / Firmware
PowerEdge T550
Hardware solutions / Firmware
PowerEdge XR11
Hardware solutions / Firmware
PowerEdge XR12
Hardware solutions / Firmware
PowerEdge T150
Hardware solutions / Firmware
PowerEdge T350
Hardware solutions / Firmware
PowerEdge R250
Hardware solutions / Firmware
PowerEdge R350
Hardware solutions / Firmware
PowerEdge XR4510c 
Hardware solutions / Firmware
PowerEdge XR4520c
Hardware solutions / Firmware
Dell EMC XC Core XC450
Hardware solutions / Firmware
Dell EMC XC Core XC650
Hardware solutions / Firmware
Dell EMC XC Core XC750
Hardware solutions / Firmware
Dell EMC XC Core XC750xa
Hardware solutions / Firmware
Dell EMC XC Core XC6520
Hardware solutions / Firmware
Dell EMC XC Core XC7525
Hardware solutions / Firmware
PowerEdge R6515
Server applications / Other server solutions
PowerEdge R6525
Server applications / Other server solutions
PowerEdge R7515
Server applications / Other server solutions
PowerEdge R7525
Server applications / Other server solutions
PowerEdge C6525
Server applications / Other server solutions
PowerEdge XE8545
Server applications / Other server solutions

Vendor:

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in Dell PowerEdge BIOS and Dell Precision BIOS firmware. local user can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

---

External links
http://www.dell.com/support/kbdoc/nl-nl/000216543/dsa-2023-292-security-update-for-dell-poweredge-server-bios-vulnerability

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.