CVE-2023-39251

CWE-20 — Improper Input Validation3 documents3 sources

Severity

6.7MEDIUM

EPSS

0.0%

top 89.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Inspiron 7510 Firmware Dell Inspiron 7610 Firmware Dell Latitude 5430 Rugged Firmware +11 more

Timeline

PublishedDec 22

Description

Dell BIOS contains an Improper Input Validation vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability in order to corrupt memory on the system.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:LExploitability: 1.5 | Impact: 4.7

Affected Packages14 packages

▶CVEListV5dell/cpg_bios5 versions+4

▶NVDdell/vostro_7510_firmware< 1.20.0

▶NVDdell/xps_15_9510_firmware< 1.25.0

▶NVDdell/xps_17_9710_firmware< 1.24.0

▶NVDdell/inspiron_7510_firmware< 1.20.0

🔴Vulnerability Details

CVEList

CVE-2023-39251: Dell BIOS contains an Improper Input Validation vulnerability↗2023-12-22

▶

GHSA

GHSA-jh5h-57c3-2c78: Dell BIOS contains an Improper Input Validation vulnerability↗2023-12-22

▶