Privilege escalation in Dell PowerEdge BIOS and Dell Precision BIOS
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2023-32461 |
| CWE-ID | CWE-119 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
PowerEdge R660 Hardware solutions / Firmware PowerEdge R760 Hardware solutions / Firmware PowerEdge C6620 Hardware solutions / Firmware PowerEdge MX760c Hardware solutions / Firmware PowerEdge R860 Hardware solutions / Firmware PowerEdge R960 Hardware solutions / Firmware PowerEdge HS5610 Hardware solutions / Firmware PowerEdge HS5620 Hardware solutions / Firmware PowerEdge R660xs Hardware solutions / Firmware PowerEdge R760xs Hardware solutions / Firmware PowerEdge R760xd2 Hardware solutions / Firmware PowerEdge T560 Hardware solutions / Firmware PowerEdge R760xa Hardware solutions / Firmware PowerEdge XE9680 Hardware solutions / Firmware PowerEdge XR5610 Hardware solutions / Firmware PowerEdge XR8620t Hardware solutions / Firmware PowerEdge XR7620 Hardware solutions / Firmware PowerEdge XE8640 Hardware solutions / Firmware PowerEdge R6615 Hardware solutions / Firmware PowerEdge R7615 Hardware solutions / Firmware PowerEdge R6625 Hardware solutions / Firmware PowerEdge R7625 Hardware solutions / Firmware PowerEdge R650 Hardware solutions / Firmware PowerEdge R750 Hardware solutions / Firmware PowerEdge R750XA Hardware solutions / Firmware PowerEdge C6520 Hardware solutions / Firmware PowerEdge MX750c Hardware solutions / Firmware PowerEdge R550 Hardware solutions / Firmware PowerEdge R450 Hardware solutions / Firmware PowerEdge R650XS Hardware solutions / Firmware PowerEdge R750XS Hardware solutions / Firmware PowerEdge T550 Hardware solutions / Firmware PowerEdge XR11 Hardware solutions / Firmware PowerEdge XR12 Hardware solutions / Firmware PowerEdge T150 Hardware solutions / Firmware PowerEdge T350 Hardware solutions / Firmware PowerEdge R250 Hardware solutions / Firmware PowerEdge R350 Hardware solutions / Firmware PowerEdge XR4510c Hardware solutions / Firmware PowerEdge XR4520c Hardware solutions / Firmware Dell EMC XC Core XC450 Hardware solutions / Firmware Dell EMC XC Core XC650 Hardware solutions / Firmware Dell EMC XC Core XC750 Hardware solutions / Firmware Dell EMC XC Core XC750xa Hardware solutions / Firmware Dell EMC XC Core XC6520 Hardware solutions / Firmware Dell EMC XC Core XC7525 Hardware solutions / Firmware PowerEdge R6515 Server applications / Other server solutions PowerEdge R6525 Server applications / Other server solutions PowerEdge R7515 Server applications / Other server solutions PowerEdge R7525 Server applications / Other server solutions PowerEdge C6525 Server applications / Other server solutions PowerEdge XE8545 Server applications / Other server solutions |
| Vendor | Dell |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Buffer overflow
EUVDB-ID: #VU80863
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-32461
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in Dell PowerEdge BIOS and Dell Precision BIOS firmware. local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsPowerEdge R660: before 1.5.6
PowerEdge R760: before 1.5.6
PowerEdge C6620: before 1.5.6
PowerEdge MX760c: before 1.5.6
PowerEdge R860: before 1.5.6
PowerEdge R960: before 1.5.6
PowerEdge HS5610: before 1.5.6
PowerEdge HS5620: before 1.5.6
PowerEdge R660xs: before 1.5.6
PowerEdge R760xs: before 1.5.6
PowerEdge R760xd2: before 1.5.6
PowerEdge T560: before 1.5.6
PowerEdge R760xa: before 1.1.3
PowerEdge XE9680: before 1.1.3
PowerEdge XR5610: before 1.1.4
PowerEdge XR8620t: before 1.1.3
PowerEdge XR7620: before 1.5.6
PowerEdge XE8640: before 1.2.5
PowerEdge R6615: before 1.3.11
PowerEdge R7615: before 1.3.11
PowerEdge R6625: before 1.3.11
PowerEdge R7625: before 1.3.11
PowerEdge R650: before 1.10.2
PowerEdge R750: before 1.10.2
PowerEdge R750XA: before 1.10.2
PowerEdge C6520: before 1.10.2
PowerEdge MX750c: before 1.10.2
PowerEdge R550: before 1.10.2
PowerEdge R450: before 1.10.2
PowerEdge R650XS: before 1.10.2
PowerEdge R750XS: before 1.10.2
PowerEdge T550: before 1.10.2
PowerEdge XR11: before 1.10.2
PowerEdge XR12: before 1.10.2
PowerEdge T150: before 1.6.3
PowerEdge T350: before 1.6.3
PowerEdge R250: before 1.6.3
PowerEdge R350: before 1.6.3
PowerEdge XR4510c : before 1.10.4
PowerEdge XR4520c: before 1.10.4
PowerEdge R6515: before 2.11.4
PowerEdge R6525: before 2.11.3
PowerEdge R7515: before 2.11.4
PowerEdge R7525: before 2.11.3
PowerEdge C6525: before 2.11.3
PowerEdge XE8545: before 2.11.3
Dell EMC XC Core XC450: before 1.11.2
Dell EMC XC Core XC650: before 1.11.2
Dell EMC XC Core XC750: before 1.11.2
Dell EMC XC Core XC750xa: before 1.11.2
Dell EMC XC Core XC6520: before 1.11.2
Dell EMC XC Core XC7525: before 2.11.3
CPE2.3- cpe:2.3:h:dell:poweredge_r660:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r760:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_c6620:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_mx760c:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r860:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r960:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_hs5610:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_hs5620:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r660xs:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r760xs:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r760xd2:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_t560:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r760xa:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xe9680:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xr5610:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xr8620t:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xr7620:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xe8640:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r6615:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r7615:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r6625:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r7625:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r650:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r750:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r750xa:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_c6520:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_mx750c:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r550:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r450:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r650xs:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r750xs:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_t550:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xr11:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xr12:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_t150:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_t350:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r250:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r350:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xr4510c :*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xr4520c:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:poweredge_r6515:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:poweredge_r6525:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:poweredge_r7515:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:poweredge_r7525:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:poweredge_c6525:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:poweredge_xe8545:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:dell_emc_xc_core_xc450:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:dell_emc_xc_core_xc650:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:dell_emc_xc_core_xc750:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:dell_emc_xc_core_xc750xa:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:dell_emc_xc_core_xc6520:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:dell_emc_xc_core_xc7525:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
