CVE-2023-28060Improper Input Validation in Dell Alienware Area 51M R1 Firmware

CWE-20Improper Input Validation3 documents3 sources
Severity
6.7MEDIUMNVD
CNA5.1
EPSS
0.0%
top 94.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
435
Dell Alienware Area 51M R1 FirmwareDell Alienware Area 51M R2 FirmwareDell Alienware Aurora R11 Firmware+432 more
Timeline
PublishedJun 23

Description

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages435 packages

CVEListV5dell/cpg_biosAll Versions
NVDdell/g3_3500_firmware< 1.24.0
NVDdell/g3_3579_firmware< 1.25.0
NVDdell/g3_3779_firmware< 1.25.0
NVDdell/g5_5000_firmware< 1.13.0

🔴Vulnerability Details

2
GHSA
GHSA-m3g9-fcjw-3j7j: Dell BIOS contains an improper input validation vulnerability2023-06-23
CVEList
CVE-2023-28060: Dell BIOS contains an improper input validation vulnerability2023-06-23
CVE-2023-28060 — Improper Input Validation in Dell | cvebase