CVE-2023-28073

CWE-287 — Improper Authentication3 documents3 sources

Severity

7.8HIGH

EPSS

0.0%

top 98.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Latitude 5530 Firmware Dell Precision 3570 Firmware Dell CPG Bios

Timeline

PublishedJun 23

Description

Dell BIOS contains an improper authentication vulnerability. A locally authenticated malicious user may potentially exploit this vulnerability by bypassing certain authentication mechanisms in order to elevate privileges on the system.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 1.5 | Impact: 6.0

Affected Packages3 packages

▶CVEListV5dell/cpg_bios 1.13.2

▶NVDdell/latitude_5530_firmware< 1.13.2

▶NVDdell/precision_3570_firmware< 1.13.2

🔴Vulnerability Details

GHSA

GHSA-2v5c-2qr6-w2pv: Dell BIOS contains an improper authentication vulnerability↗2023-06-23

▶

CVEList

CVE-2023-28073: Dell BIOS contains an improper authentication vulnerability↗2023-06-23

▶