Main Vulnerability Database SB2023111520

SB2023111520 - Privilege escalation in Dell AMI UEFI BIOS firmware

Published: November 15, 2023

Security Bulletin ID SB2023111520

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2023-39536)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient validation of user-supplied input within the UEFI/BIOS firmware. A local user can escalate privileges on the system.

Remediation

Install update from vendor's website.

References

https://www.dell.com/support/kbdoc/nl-nl/000216239/dsa-2023-221-security-update-for-an-ami-uefi-bios-vulnerability

Vulnerable Software

XPS 13 (9380): before 1.25.0
XPS 7590: before 1.23.0
XPS 15 2IN1 9575: before 1.28.0
Wyse 5470: before 1.20.0
Vostro 3668: before 1.26.0
Vostro 3581 (2SP): before 1.23.0
Vostro 3584 (1SP): before 1.23.0
Vostro 3583: before 1.25.0
Vostro 3582: before 1.20.0
Vostro 3580: before 1.25.0
Vostro 3481: before 1.23.0
Vostro 3480: before 1.25.0
Vostro 3268: before 1.26.0
Precision 7750: before 1.25.0
Precision 7740: before 1.27.0
Precision 7730: before 1.29.1
Precision 7720: before 1.31.0
Precision 7550: before 1.25.0
Precision 7540: before 1.27.0
Precision 7530: before 1.29.1
Precision 7520: before 1.31.0
Precision 5720 AIO: before 2.20.0
Precision 5540: before 1.23.0
Precision 5530 2-in-1: before 1.26.8
Precision 5530: before 1.32.0
Precision 5520: before 1.33.0
Precision 3620 Tower: before 2.26.0
Precision 3551: before 1.23.0
Precision 3550: before 1.22.0
Precision 3541: before 1.26.0
Precision 3540: before 1.25.0
Precision 3530: before 1.28.0
Precision 3520: before 1.31.0
Precision 3420 Tower: before 2.26.0
OptiPlex 7050: before 1.26.0
OptiPlex 5050: before 1.26.0
OptiPlex 3050: before 1.26.0
Latitude Rugged 7220EX: before 1.30.0
Latitude 9510: before 1.21.0
Latitude 9410: before 1.23.0
Latitude 7490: before 1.33.0
Latitude 7480: before 1.32.1
Latitude 7424 Rugged Extreme: before 1.26.1
Latitude 7414 Rugged: before 1.41.0
Latitude 7410: before 1.24.0
Latitude 7400 2-in-1: before 1.22.0
Latitude 7400: before 1.26.0
Latitude 7390 2-in-1: before 1.31.0
Latitude 7390: before 1.33.0
Latitude 7389: before 1.34.0
Latitude 7380: before 1.32.1
Latitude 7310: before 1.24.0
Latitude 7300: before 1.26.0
Latitude 7290: before 1.33.0
Latitude 7285 2-in-1: before 1.21.0
Latitude 7280: before 1.32.1
Latitude 7220 Rugged Extreme: before 1.30.0
Latitude 7212 Rugged Extreme Tablet: before 1.45.0
Latitude 7210 2-in-1: before 1.23.0
Latitude 7200 2-in-1: before 1.23.0
Latitude 5591: before 1.28.0
Latitude 5590: before 1.29.0
Latitude 5580: before 1.31.0
Latitude 5511: before 1.23.0
Latitude 5510: before 1.22.0
Latitude 5501: before 1.26.0
Latitude 5500: before 1.25.0
Latitude 5491: before 1.28.0
Latitude 5490: before 1.29.0
Latitude 5488: before 1.31.0
Latitude 5480: before 1.31.0
Latitude 5424 Rugged: before 1.26.1
Latitude 5420 Rugged: before 1.26.1
Latitude 5414 Rugged: before 1.41.0
Latitude 5411: before 1.23.0
Latitude 5410: before 1.22.0
Latitude 5401: before 1.26.0
Latitude 5400: before 1.25.0
Latitude 5310 2-IN-1: before 1.20.0
Latitude 5310: before 1.20.0
Latitude 5300 2-IN-1: before 1.27.0
Latitude 5300: before 1.27.0
Latitude 5290 2-in-1: before 1.28.0
Latitude 5290: before 1.29.0
Latitude 5289: before 1.34.0
Latitude 5288: before 1.31.0
Latitude 5285 2-in-1: before 1.23.0
Latitude 5280: before 1.31.0
Latitude 3310 2-in-1: before 1.20.0
Latitude 3310: before 1.21.0
Latitude 3190 2-In-1: before 1.28.0
Latitude 3190: before 1.28.0
Latitude 3189: before 1.23.0
Latitude 3180: before 1.23.0
Latitude 3120: before 1.19.0
Latitude 12 Rugged Extreme 7214: before 1.41.0
Inspiron 3782: before 1.20.0
Inspiron 3781: before 1.23.0
Inspiron 3780: before 1.25.0
Inspiron 3582: before 1.20.0
Inspiron 3581: before 1.23.0
Inspiron 3580: before 1.25.0
Inspiron 3510: before 1.17.0
Inspiron 3502: before 1.14.0
Inspiron 3482: before 1.20.0
Inspiron 3481: before 1.23.0
Inspiron 3480: before 1.25.0
Inspiron 3280: before 1.17.5
Inspiron 15 3521: before 1.12.0
Embedded Box PC 5000: before 1.20.0
Dell Precision 7920 Tower: before 2.35.0
Dell Precision 7820 Tower: before 2.35.0
Dell G7 7790: before 1.26.0
Dell G7 7590: before 1.26.0
Dell G5 5590: before 1.26.0
ChengMing 3980 TOWER: before 2.32.0
Alienware Area 51m R1: before 1.27.0

SB2023111520 - Privilege escalation in Dell AMI UEFI BIOS firmware

Breakdown by Severity

Description

Remediation

References

Please verify you're human