Dell update for AMI UEFI BIOS
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Input validation error
EUVDB-ID: #VU83168
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-39537
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input within the UEFI/BIOS firmware. A local user can escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsXPS 8960: before 1.2.1
XPS 8940: before 2.14.0
Wyse 5470 All-In-One: before 1.21.0
Vostro 7590: before 1.21.0
Vostro 5880: before 1.21.0
Vostro 5090: before 1.21.0
Vostro 3888: before 2.21.0
Vostro 3881: before 2.21.0
Vostro 3681: before 2.21.0
Vostro 3671: before 1.18.2
Vostro 3670: before 2.32.0
Vostro 3584: before 1.23.0
Vostro 3581: before 1.23.0
Vostro 3471: before 1.18.2
Vostro 3470: before 2.32.0
Vostro 3070: before 2.32.0
Precision 3930 Rack: before 2.26.0
Precision 3640: before 1.24.0
Precision 3440: before 1.21.0
Precision 3240 Compact: before 1.20.0
OptiPlex XE3: before 1.26.0
OptiPlex 7780 All-in-One: before 1.24.0
OptiPlex 7770 All-In-One: before 1.24.0
OptiPlex 7760 All-In-One: before 1.28.0
OptiPlex 7480 All-in-One: before 1.24.0
OptiPlex 7470 All-In-One: before 1.24.0
OptiPlex 7460 All In One: before 1.28.0
OptiPlex 7450 All-In-One: before 1.27.0
OptiPlex 7080: before 1.21.0
OptiPlex 7071: before 1.21.0
OptiPlex 7070 Ultra: before 1.20.0
OptiPlex 7070: before 1.22.0
OptiPlex 7060: before 1.26.0
OptiPlex 5480 All-In-One: before 1.24.0
OptiPlex 5270 All-In-One: before 1.24.0
OptiPlex 5260 All-In-One: before 1.28.0
OptiPlex 5250: before 1.27.0
OptiPlex 5080: before 1.20.0
OptiPlex 5070: before 1.22.0
OptiPlex 5060: before 1.26.0
OptiPlex 3280 All-in-One: before 1.23.0
OptiPlex 3090: before 2.14.0
OptiPlex 3080: before 2.20.0
OptiPlex 3070: before 1.22.0
OptiPlex 3060: before 1.26.0
OptiPlex 3050 All-In-One: before 1.27.0
Latitude 3390 2-in-1: before 1.26.0
Latitude 3300: before 1.22.0
Latitude 13 3380: before 1.23.0
Inspiron 7790: before 1.22.0
Inspiron 7700 All-In-One: before 1.21.0
Inspiron 7591: before 1.21.0
Inspiron 7590: before 1.21.0
Inspiron 5491 AIO: before 1.22.0
Inspiron 5490 AIO: before 1.22.0
Inspiron 5401 AIO: before 1.21.0
Inspiron 5400: before 1.21.0
Inspiron 3881: before 1.21.0
Inspiron 3880: before 1.21.0
Inspiron 3671: before 1.18.2
Inspiron 3670: before 2.32.0
Inspiron 3471: before 1.18.2
Inspiron 3470: before 2.32.0
Dell Precision 5820 Tower: before 2.31.0
Dell Precision 3630 Tower: before 2.23.0
Dell Precision 3431 Tower: before 1.21.0
Dell Precision 3430 Tower: before 1.26.0
Dell G5 5090: before 1.21.0
Dell G5 5000: before 1.15.0
ChengMing 3991: before 1.21.0
ChengMing 3990: before 1.21.0
ChengMing 3988: before 1.18.1
Alienware x17 R2: before 1.15.1
Alienware x17 R1: before 1.19.0
Alienware x15 R2: before 1.15.1
Alienware x15 R1: before 1.19.0
Alienware x14: before 1.13.0
Alienware m17 R4: before 1.18.0
Alienware m17 R3: before 1.24.0
Alienware m17 R2: before 1.23.0
Alienware m15 R4: before 1.18.0
Alienware m15 R3: before 1.24.0
Alienware m15 R2: before 1.23.0
Alienware Aurora Ryzen Edition R14: before 2.11.0
Alienware Aurora R15 AMD: before 1.7.2
Alienware Aurora R15: before 1.5.0
Alienware Aurora R13: before 1.14.0
Alienware Aurora R12: before 1.1.22
Alienware Aurora R11: before 1.0.21
Alienware Aurora R10: before 2.4.2
Alienware Area 51m R2: before 1.23.0
Wyse 5070: before 1.24.0
XPS 7590: before 1.23.0
XPS 15 2IN1 9575: before 1.28.0
XPS 13 9380: before 1.25.0
Wyse 5470: before 1.20.0
Vostro 3668: before 1.26.0
Vostro 3583: before 1.25.0
Vostro 3582: before 1.20.0
Vostro 3580: before 1.25.0
Vostro 3481: before 1.23.0
Vostro 3480: before 1.25.0
Vostro 3268: before 1.26.0
Precision 7740: before 1.27.0
Precision 7730: before 1.29.1
Precision 7720: before 1.31.0
Precision 7540: before 1.27.0
Precision 7530: before 1.29.1
Precision 7520: before 1.31.0
Precision 5720 AIO: before 2.20.0
Precision 5540: before 1.23.0
Precision 5530 2-in-1: before 1.26.8
Precision 5530: before 1.32.0
Precision 5520: before 1.33.0
Precision 3620 Tower: before 2.26.0
Precision 3541: before 1.26.0
Precision 3540: before 1.25.0
Precision 3530: before 1.28.0
Precision 3520: before 1.31.0
Precision 3420 Tower: before 2.26.0
OptiPlex 7050: before 1.26.0
OptiPlex 5050: before 1.26.0
OptiPlex 3050: before 1.26.0
Latitude Rugged 7220EX: before 1.30.0
Latitude 7490: before 1.33.0
Latitude 7480: before 1.32.1
Latitude 7424 Rugged Extreme: before 1.26.1
Latitude 7414 Rugged: before 1.41.0
Latitude 7400 2-in-1: before 1.22.0
Latitude 7400: before 1.26.0
Latitude 7390 2-in-1: before 1.31.0
Latitude 7390: before 1.33.0
Latitude 7389: before 1.34.0
Latitude 7380: before 1.32.1
Latitude 7300: before 1.26.0
Latitude 7290: before 1.33.0
Latitude 7285 2-in-1: before 1.21.0
Latitude 7280: before 1.32.1
Latitude 7220 Rugged Extreme: before 1.30.0
Latitude 7212 Rugged Extreme Tablet: before 1.45.0
Latitude 7200 2-in-1: before 1.23.0
Latitude 5591: before 1.28.0
Latitude 5590: before 1.29.0
Latitude 5580: before 1.31.0
Latitude 5501: before 1.26.0
Latitude 5500: before 1.25.0
Latitude 5491: before 1.28.0
Latitude 5490: before 1.29.0
Latitude 5488: before 1.31.0
Latitude 5480: before 1.31.0
Latitude 5424 Rugged: before 1.26.1
Latitude 5420 Rugged: before 1.26.1
Latitude 5414 Rugged: before 1.41.0
Latitude 5410: before 1.22.0
Latitude 5401: before 1.26.0
Latitude 5400: before 1.25.0
Latitude 5310 2-IN-1: before 1.20.0
Latitude 5310: before 1.20.0
Latitude 5300 2-IN-1: before 1.27.0
Latitude 5300: before 1.27.0
Latitude 5290 2-in-1: before 1.28.0
Latitude 5290: before 1.29.0
Latitude 5289: before 1.34.0
Latitude 5288: before 1.31.0
Latitude 5285 2-in-1: before 1.23.0
Latitude 5280: before 1.31.0
Latitude 3310 2-in-1: before 1.20.0
Latitude 3310: before 1.21.0
Latitude 3190 2-In-1: before 1.28.0
Latitude 3190: before 1.28.0
Latitude 3189: before 1.23.0
Latitude 3180: before 1.23.0
Latitude 12 Rugged Extreme 7214: before 1.41.0
Inspiron 3782: before 1.20.0
Inspiron 3781: before 1.23.0
Inspiron 3780: before 1.25.0
Inspiron 3582: before 1.20.0
Inspiron 3581: before 1.23.0
Inspiron 3580: before 1.25.0
Inspiron 3510: before 1.17.0
Inspiron 3502: before 1.14.0
Inspiron 3482: before 1.20.0
Inspiron 3481: before 1.23.0
Inspiron 3480: before 1.25.0
Inspiron 3280: before 1.17.5
Inspiron 15 3521: before 1.12.0
Dell Precision 7920 Tower: before 2.35.0
Dell Precision 7820 Tower: before 2.35.0
Dell G7 7790: before 1.26.0
Dell G7 7590: before 1.26.0
Dell G5 5590: before 1.26.0
ChengMing 3980 TOWER: before 2.32.0
Alienware Area 51m R1: before 1.27.0
External linkshttp://www.dell.com/support/kbdoc/nl-nl/000213033/dsa-2023-161
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
