CVE-2023-44297 - Vulnerability Details

Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information disclosure, information tampering, code execution, denial of service.

No CVSS v4.0

Attack Vector Physical

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dell	Poweredge C6620 Poweredge C6620 Firmware Poweredge Hs5610 Poweredge Hs5610 Firmware Poweredge Hs5620 Poweredge Hs5620 Firmware Poweredge Mx760c Poweredge Mx760c Firmware Poweredge R660 Poweredge R660 Firmware Poweredge R660xs Poweredge R660xs Firmware Poweredge R760 Poweredge R760 Firmware Poweredge R760xa Poweredge R760xa Firmware Poweredge R760xd2 Poweredge R760xd2 Firmware Poweredge R760xs Poweredge R760xs Firmware Poweredge R860 Poweredge R860 Firmware Poweredge R960 Poweredge R960 Firmware Poweredge T560 Poweredge T560 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:dell:poweredge_r660_firmware:1.4.4:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_r660:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:dell:poweredge_r760_firmware:1.4.4:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_r760:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:dell:poweredge_c6620_firmware:1.4.4:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_c6620:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:dell:poweredge_mx760c_firmware:1.4.4:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_mx760c:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:dell:poweredge_r860_firmware:1.4.4:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_r860:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:dell:poweredge_r960_firmware:1.4.4:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_r960:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:dell:poweredge_hs5610_firmware:1.4.4:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_hs5610:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:dell:poweredge_hs5620_firmware:1.4.4:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_hs5620:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:dell:poweredge_r660xs_firmware:1.4.4:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_r660xs:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:dell:poweredge_r760xs_firmware:1.4.4:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_r760xs:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:dell:poweredge_r760xd2_firmware:1.4.4:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_r760xd2:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:dell:poweredge_t560_firmware:1.4.4:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_t560:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:dell:poweredge_r760xa_firmware:1.4.4:*:*:*:*:*:*:*

cpe:2.3:h:dell:poweredge_r760xa:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.dell.com/support/kbdoc/en-us/000220047/dsa-2023-429-security-update-for-dell-16g-poweredge-server-bios-for-a-debug-code-security-vulnerability

History

No history.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2023-12-05T15:52:27.262Z

Updated: 2024-08-02T19:59:52.069Z

Reserved: 2023-09-28T09:44:52.814Z

Link: CVE-2023-44297

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-12-05T16:15:07.097

Modified: 2024-11-21T08:25:36.887

Link: CVE-2023-44297

Redhat

No data.

Metrics

Attack Vector Physical

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Physical

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object