CVE-2023-28032

CWE-20 — Improper Input Validation3 documents3 sources

Severity

6.7MEDIUM

EPSS

0.0%

top 94.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

435

Dell Alienware Area 51M R1 Firmware Dell Alienware Area 51M R2 Firmware Dell Alienware Aurora R11 Firmware +432 more

Timeline

PublishedJun 23

Description

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:LExploitability: 0.8 | Impact: 4.2

Affected Packages435 packages

▶CVEListV5dell/cpg_biosAll Versions

▶NVDdell/g3_3500_firmware< 1.24.0

▶NVDdell/g3_3579_firmware< 1.25.0

▶NVDdell/g3_3779_firmware< 1.25.0

▶NVDdell/g5_5000_firmware< 1.13.0

🔴Vulnerability Details

CVEList

CVE-2023-28032: Dell BIOS contains an improper input validation vulnerability↗2023-06-23

▶

GHSA

GHSA-7f3w-m78h-jj8r: Dell BIOS contains an improper input validation vulnerability↗2023-06-23

▶