CVE-2023-48674

CWE-1703 documents3 sources

Severity

4.9MEDIUM

EPSS

0.1%

top 68.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

174

Dell CPG Bios Dell Latitude 5280 Firmware Dell Latitude 5288 Firmware +171 more

Timeline

PublishedMar 1

Description

Dell Platform BIOS contains an Improper Null Termination vulnerability. A high privilege user with network access to the system could potentially send malicious data to the device in order to cause some services to cease to function.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:HExploitability: 2.3 | Impact: 4.0

Affected Packages174 packages

▶CVEListV5dell/cpg_biosN/A — 1.28.0+11

▶NVDdell/xps_13_9310_firmware< 3.20.0

▶NVDdell/xps_13_9315_firmware< 1.19.1

▶NVDdell/xps_15_9520_firmware< 1.20.0

▶NVDdell/xps_17_9720_firmware< 1.22.0

🔴Vulnerability Details

CVEList

CVE-2023-48674: Dell Platform BIOS contains an Improper Null Termination vulnerability↗2024-03-01

▶

GHSA

GHSA-q76r-57vr-2j23: Dell Platform BIOS contains an Improper Null Termination vulnerability↗2024-03-01

▶