CVE-2023-32453

CWE-287 — Improper Authentication3 documents3 sources

Severity

3.9LOW

EPSS

0.0%

top 91.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

112

Dell Alienware M15 R7 Firmware Dell Alienware M16 Firmware Dell Alienware M18 Firmware +109 more

Timeline

PublishedAug 16

Description

Dell BIOS contains an improper authentication vulnerability. A malicious user with physical access to the system may potentially exploit this vulnerability in order to modify a security-critical UEFI variable without knowledge of the BIOS administrator.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:LExploitability: 0.3 | Impact: 4.2

Affected Packages112 packages

▶CVEListV5dell/cpg_biosAll versions

▶NVDdell/g3_3500_firmware< 1.26.0

▶NVDdell/g15_5520_firmware< 1.18.0

▶NVDdell/g16_7620_firmware< 1.18.0

▶NVDdell/g5_15_5500_firmware< 1.26.0

🔴Vulnerability Details

CVEList

CVE-2023-32453: Dell BIOS contains an improper authentication vulnerability↗2023-08-16

▶

GHSA

GHSA-4qg5-96hp-hqjf: Dell BIOS contains an improper authentication vulnerability↗2023-08-16

▶