CVE-2023-28052

CWE-20 — Improper Input Validation4 documents4 sources

Severity

6.7MEDIUM

EPSS

0.0%

top 94.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

435

Dell Alienware Area 51M R1 Firmware Dell Alienware Area 51M R2 Firmware Dell Alienware Aurora R11 Firmware +432 more

Timeline

PublishedJun 23

Description

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:LExploitability: 0.8 | Impact: 4.2

Affected Packages435 packages

▶CVEListV5dell/cpg_biosAll versions

▶NVDdell/g3_3500_firmware< 1.24.0

▶NVDdell/g3_3579_firmware< 1.25.0

▶NVDdell/g3_3779_firmware< 1.25.0

▶NVDdell/g5_5000_firmware< 1.13.0

🔴Vulnerability Details

GHSA

GHSA-m5gf-7w7v-w34h: Dell BIOS contains an improper input validation vulnerability↗2023-06-23

▶

CVEList

CVE-2023-28052: Dell BIOS contains an improper input validation vulnerability↗2023-06-23

▶

📋Vendor Advisories

Oracle

Oracle Oracle Analytics Risk Matrix: Analytics Web General (Bouncy Castle Java Library) — CVE-2020-28052↗2023-04-15

▶