Main Vulnerability Database SB2023120124

SB2023120124 - Dell PowerEdge server update for Intel firmware

Published: December 1, 2023

Security Bulletin ID SB2023120124

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Sequence of processor instructions leads to unexpected behavior (CVE-ID: CVE-2023-23583)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an error related to processing of Sequence of processor instructions. A local user can execute arbitrary code with elevated privileges.

Remediation

Install update from vendor's website.

References

https://www.dell.com/support/kbdoc/nl-nl/000219353/dsa-2023-370-security-update-for-dell-poweredge-server-for-intel-november-2023-security-advisories-2023-4-ipu

Vulnerable Software

PowerEdge XR4520c: before 1.13.3
PowerEdge XR4510c: before 1.13.3
PowerEdge R350: before 1.8.1
PowerEdge R250: before 1.8.1
PowerEdge T350: before 1.8.1
PowerEdge T150: before 1.8.1
PowerEdge XR12: before 1.12.1
PowerEdge XR11: before 1.12.1
PowerEdge T550: before 1.12.1
PowerEdge R750XS: before 1.12.1
PowerEdge R650XS: before 1.12.1
PowerEdge R450: before 1.12.1
PowerEdge R550: before 1.12.1
PowerEdge MX750c: before 1.12.1
PowerEdge C6520: before 1.12.1
PowerEdge R750XA: before 1.12.1
PowerEdge R750: before 1.12.1
PowerEdge R650: before 1.12.1

SB2023120124 - Dell PowerEdge server update for Intel firmware

Breakdown by Severity

Description

Remediation

References

Please verify you're human