Strix
26.1K

CVE-2023-32460

HIGHCVSS 7.8/10EPSS 0.19%

Last modified

CVE-2023-32460 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation. . EPSS estimates a 0.19% chance of exploitation in the next 30 days.

Description

Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.

Metrics

CVSS 3.1
7.8/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.19%

9.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
DellPoweredge R660 Firmware< 1.6.6
DellPoweredge R760 Firmware< 1.6.6
DellPoweredge C6620 Firmware< 1.6.6
DellPoweredge Mx760c Firmware< 1.6.6
DellPoweredge R860 Firmware< 1.6.6
DellPoweredge R960 Firmware< 1.6.6
DellPoweredge Hs5610 Firmware< 1.6.6
DellPoweredge Hs5620 Firmware< 1.6.6
DellPoweredge R660xs Firmware< 1.6.6
DellPoweredge R760xs Firmware< 1.6.6
DellPoweredge R760xd2 Firmware< 1.6.6
DellPoweredge T560 Firmware< 1.6.6
DellPoweredge R760xa Firmware< 1.6.6
DellPoweredge Xr5610 Firmware< 1.6.6
DellPoweredge Xr8610t Firmware< 1.6.6
DellPoweredge Xr8620t Firmware< 1.6.6
DellPoweredge R6615 Firmware< 1.6.6
DellPoweredge R7615 Firmware< 1.6.6
DellPoweredge Xr7620 Firmware< 1.6.6
DellPoweredge Xe8640 Firmware< 1.3.6
DellPoweredge Xe9640 Firmware< 1.3.6
DellPoweredge Xe9680 Firmware< 1.3.6
DellPoweredge R6625 Firmware< 1.6.8
DellPoweredge R7625 Firmware< 1.6.8
DellPoweredge C6615 Firmware< 1.1.2
DellPoweredge R650 Firmware< 1.12.1
DellPoweredge R750 Firmware< 1.12.1
DellPoweredge R750xa Firmware< 1.12.1
DellPoweredge C6520 Firmware< 1.12.1
DellPoweredge Mx750c Firmware< 1.12.1
DellPoweredge R550 Firmware< 1.12.1
DellPoweredge R450 Firmware< 1.12.1
DellPoweredge R650xs Firmware< 1.12.1
DellPoweredge R750xs Firmware< 1.12.1
DellPoweredge T550 Firmware< 1.12.1
DellPoweredge Xr11 Firmware< 1.12.1
DellPoweredge Xr12 Firmware< 1.12.1
DellPoweredge T150 Firmware< 1.8.1
DellPoweredge T350 Firmware< 1.8.1
DellPoweredge R250 Firmware< 1.8.1
DellPoweredge R350 Firmware< 1.8.1
DellPoweredge Xr4510c Firmware< 1.13.3
DellPoweredge Xr4520c Firmware< 1.13.3
DellPoweredge R6515 Firmware< 2.13.3
DellPoweredge R6525 Firmware< 2.13.3
DellPoweredge R7515 Firmware< 2.13.3
DellPoweredge R7525 Firmware< 2.13.3
DellPoweredge C6525 Firmware< 2.13.3
DellPoweredge Xe8545 Firmware< 2.13.3
DellPoweredge R740 Firmware< 2.20.1

Showing 50 of 126 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2023-32460?
Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.
How severe is CVE-2023-32460?
CVE-2023-32460 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 0.19% probability of exploitation in the next 30 days.
How do I fix CVE-2023-32460?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-32460?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST