Strix
26.1K

CVE-2023-32461

MEDIUMCVSS 6.7/10EPSS 0.16%

Last modified

CVE-2023-32461 is a medium-severity vulnerability rated 6.7/10 on the CVSS scale. Dell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, leading to corrupt memory and potentially escalate privileges. EPSS estimates a 0.16% chance of exploitation in the next 30 days.

Description

Dell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, leading to corrupt memory and potentially escalate privileges.  

Metrics

CVSS 3.1
6.7/10

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.16%

5.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
DellPoweredge R660 Firmware< 1.5.6
DellPoweredge R760 Firmware< 1.5.6
DellPoweredge C6620 Firmware< 1.5.6
DellPoweredge Mx760c Firmware< 1.5.6
DellPoweredge R860 Firmware< 1.5.6
DellPoweredge R960 Firmware< 1.5.6
DellPoweredge Hs5610 Firmware< 1.5.6
DellPoweredge Hs5620 Firmware< 1.5.6
DellPoweredge R660xs Firmware< 1.5.6
DellPoweredge R760xs Firmware< 1.5.6
DellPoweredge R760xd2 Firmware< 1.5.6
DellPoweredge T560 Firmware< 1.5.6
DellPoweredge R760xa Firmware< 1.1.3
DellPoweredge Xe9680 Firmware< 1.1.3
DellPoweredge Xr5610 Firmware< 1.1.4
DellPoweredge Xr8620t Firmware< 1.1.3
DellPoweredge Xr7620 Firmware< 1.5.6
DellPoweredge Xe8640 Firmware< 1.2.5
DellPoweredge R6615 Firmware< 1.3.11
DellPoweredge R7615 Firmware< 1.3.11
DellPoweredge R6625 Firmware< 1.3.11
DellPoweredge R7625 Firmware< 1.3.11
DellPoweredge R650 Firmware< 1.10.2
DellPoweredge R750 Firmware< 1.10.2
DellPoweredge R750xa Firmware< 1.10.2
DellPoweredge C6520 Firmware< 1.10.2
DellPoweredge Mx750c Firmware< 1.10.2
DellPoweredge R550 Firmware< 1.10.2
DellPoweredge R450 Firmware< 1.10.2
DellPoweredge R650xs Firmware< 1.10.2
DellPoweredge R750xs Firmware< 1.10.2
DellPoweredge T550 Firmware< 1.10.2
DellPoweredge Xr11 Firmware< 1.10.2
DellPoweredge Xr12 Firmware< 1.10.2
DellPoweredge T150 Firmware< 1.6.3
DellPoweredge T350 Firmware< 1.6.3
DellPoweredge R250 Firmware< 1.6.3
DellPoweredge R350 Firmware< 1.6.3
DellPoweredge Xr4510c Firmware< 1.10.4
DellPoweredge Xr4520c Firmware< 1.10.4
DellPoweredge Xr4520c Firmware1.10.4
DellPoweredge R6515 Firmware< 2.11.4
DellPoweredge R6525 Firmware< 2.11.3
DellPoweredge R7515 Firmware< 2.11.4
DellPoweredge R7525 Firmware< 2.11.3
DellPoweredge C6525 Firmware< 2.11.3
DellPoweredge Xe8545 Firmware< 2.11.3
DellEmc Xc Core Xc450 Firmware< 1.11.2
DellEmc Xc Core Xc650 Firmware< 1.11.2
DellEmc Xc Core Xc750 Firmware< 1.11.2

Showing 50 of 53 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2023-32461?
Dell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, leading to corrupt memory and potentially escalate privileges.  
How severe is CVE-2023-32461?
CVE-2023-32461 has a CVSS score of 6.7/10 (MEDIUM severity). The EPSS model estimates a 0.16% probability of exploitation in the next 30 days.
How do I fix CVE-2023-32461?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-32461?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST