Dell PowerEdge server update for Intel firmware
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2023-23583 |
| CWE-ID | CWE-1281 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
PowerEdge XR4520c Hardware solutions / Firmware PowerEdge XR4510c Hardware solutions / Firmware PowerEdge R350 Hardware solutions / Firmware PowerEdge R250 Hardware solutions / Firmware PowerEdge T350 Hardware solutions / Firmware PowerEdge T150 Hardware solutions / Firmware PowerEdge XR12 Hardware solutions / Firmware PowerEdge XR11 Hardware solutions / Firmware PowerEdge T550 Hardware solutions / Firmware PowerEdge R750XS Hardware solutions / Firmware PowerEdge R650XS Hardware solutions / Firmware PowerEdge R450 Hardware solutions / Firmware PowerEdge R550 Hardware solutions / Firmware PowerEdge MX750c Hardware solutions / Firmware PowerEdge C6520 Hardware solutions / Firmware PowerEdge R750XA Hardware solutions / Firmware PowerEdge R750 Hardware solutions / Firmware PowerEdge R650 Hardware solutions / Firmware |
| Vendor | Dell |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Sequence of processor instructions leads to unexpected behavior
EUVDB-ID: #VU82351
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-23583
CWE-ID:
CWE-1281 - Sequence of Processor Instructions Leads to Unexpected Behavior
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to an error related to processing of Sequence of processor instructions. A local user can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsPowerEdge XR4520c: before 1.13.3
PowerEdge XR4510c: before 1.13.3
PowerEdge R350: before 1.8.1
PowerEdge R250: before 1.8.1
PowerEdge T350: before 1.8.1
PowerEdge T150: before 1.8.1
PowerEdge XR12: before 1.12.1
PowerEdge XR11: before 1.12.1
PowerEdge T550: before 1.12.1
PowerEdge R750XS: before 1.12.1
PowerEdge R650XS: before 1.12.1
PowerEdge R450: before 1.12.1
PowerEdge R550: before 1.12.1
PowerEdge MX750c: before 1.12.1
PowerEdge C6520: before 1.12.1
PowerEdge R750XA: before 1.12.1
PowerEdge R750: before 1.12.1
PowerEdge R650: before 1.12.1
CPE2.3- cpe:2.3:h:dell:poweredge_xr4520c:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xr4510c:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r350:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r250:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_t350:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_t150:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xr12:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_xr11:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_t550:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r750xs:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r650xs:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r450:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r550:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_mx750c:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_c6520:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r750xa:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r750:*:*:*:*:*:*:*:*
- cpe:2.3:h:dell:poweredge_r650:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
