CVE-2023-25537
Vulnerability from cvelistv5
Published
2023-05-22 10:48
Modified
2025-01-21 15:07
Severity ?
6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Summary
Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.
References
security_alert@emc.comhttps://www.dell.com/support/kbdoc/en-us/000213550/dsa-2023-098-security-update-for-dell-poweredge-14g-server-bios-for-an-out-of-bounds-write-vulnerabilityVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.dell.com/support/kbdoc/en-us/000213550/dsa-2023-098-security-update-for-dell-poweredge-14g-server-bios-for-an-out-of-bounds-write-vulnerabilityVendor Advisory
Impacted products
Vendor Product Version
Dell PowerEdge Platform Version: Versions prior to 2.18.1
Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:25:18.634Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/kbdoc/en-us/000213550/dsa-2023-098-security-update-for-dell-poweredge-14g-server-bios-for-an-out-of-bounds-write-vulnerability"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-25537",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-21T15:06:34.370163Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-21T15:07:54.481Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "BIOS",
            "PowerEdge R740",
            "PowerEdge R740XD",
            "PowerEdge R640",
            "PowerEdge R940",
            "PowerEdge R540",
            "PowerEdge R440",
            "PowerEdge T440",
            "PowerEdge XR2",
            "PowerEdge R740xD2",
            "PowerEdge R840",
            "PowerEdge R940xa",
            "PowerEdge T640",
            "PowerEdge C6420",
            "PowerEdge FC640",
            "PowerEdge M640",
            "PowerEdge M640 (for PE VRTX)",
            "PowerEdge MX740c",
            "PowerEdge MX840c",
            "PowerEdge C4140",
            "DSS 8440",
            "PowerEdge XE2420",
            "PowerEdge XE7420",
            "PowerEdge XE7440",
            "Dell EMC Storage NX3240",
            "Dell EMC Storage NX3340",
            "Dell EMC XC Core 6420 System",
            "Dell EMC XC Core XC640 System",
            "Dell EMC XC Core XC740xd System",
            "Dell EMC XC Core XC740xd2",
            "Dell EMC XC Core XC940 System",
            "Dell EMC XC Core XCXR2"
          ],
          "product": "PowerEdge Platform",
          "vendor": "Dell",
          "versions": [
            {
              "status": "affected",
              "version": "Versions prior to 2.18.1 "
            }
          ]
        }
      ],
      "datePublic": "2023-05-15T06:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.\u003c/span\u003e\n\n"
            }
          ],
          "value": "\nDell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787: Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-22T10:48:45.847Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000213550/dsa-2023-098-security-update-for-dell-poweredge-14g-server-bios-for-an-out-of-bounds-write-vulnerability"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2023-25537",
    "datePublished": "2023-05-22T10:48:45.847Z",
    "dateReserved": "2023-02-07T09:35:27.079Z",
    "dateUpdated": "2025-01-21T15:07:54.481Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-25537\",\"sourceIdentifier\":\"security_alert@emc.com\",\"published\":\"2023-05-22T11:15:09.333\",\"lastModified\":\"2024-11-21T07:49:41.453\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"\\nDell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.\\n\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security_alert@emc.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":4.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security_alert@emc.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_r740_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"B37675EF-6040-4F8A-A5C2-44E715B8AD21\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_r740:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE562535-3D9B-4A82-AC0D-6A2225E63E8D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_r740xd_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"60523971-FED3-440E-A82C-AF88D48DEA44\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_r740xd:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"868ECD3F-77CD-4F5D-86E5-61689E4C5BA0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_r640_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"E95A1EDC-D580-4976-8A54-EB5D1A992DBA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_r640:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81416C16-D7FA-4165-BB0E-6458A4EA5AEE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_r940_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"222DF748-DA7B-4DF2-868B-67E6674FAE7C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_r940:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B581E1DE-4E94-49E5-B5CF-2A94B2570708\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_r540_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"947180B0-04CE-4BAE-BC7A-625656A90631\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_r540:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73B27F54-3CE3-4A5F-BBA1-2C6ED5316B47\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_r440_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"A142530D-DD9C-4EA5-BE09-10A8DDBBB957\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_r440:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBC3957E-791A-4052-A9C4-F3ECBD746E37\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_t440_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"15D9902E-9BDF-4E56-9A72-FC2D84DDBB6F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_t440:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"28F97F1A-B41E-4CC5-B668-8C194CE2C29E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_xr2_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"CF6D1AA1-7DC5-48B1-9A0D-D18101C66BB0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_xr2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88EC4390-C39F-4E56-9631-B8A22986690D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_r740xd2_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"FC4EC25A-5544-4B3F-B173-FF0A54FD9F39\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_r740xd2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5395D3F-58D4-49F9-AA2F-0D5C6D8C4651\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_r840_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"3B1CF99B-0D79-4A02-B847-D32E473529FF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_r840:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E058B9C6-CD1C-42F5-8781-05450254E9E5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_r940xa_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"E901926A-84F1-4799-8B6F-1C8A481210A1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_r940xa:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D143853-3D62-4AD7-B899-F726036A34D2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_t640_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"A675F7CB-D3C3-4378-A322-1ED1299D05DC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_t640:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DEC0235-DDA1-4EE4-B3F8-512F1B29AFC6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_c6420_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"FF28AE6F-A2D3-4972-8777-FD91B9F6DEFF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_c6420:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"027D86DE-076F-4CE9-9DE9-E6976C655E8F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_fc640_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"C6E643BF-C1E1-4B72-9904-0EDD5AD6FD60\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_fc640:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9C59D4B-1122-4782-A686-559E7DF8C3C9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_m640_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"C8D7ED32-1674-4F10-B1F8-B30FCF5232A8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_m640:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F8B50A1-577F-451E-8D03-C8A6A78000DC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_mx740c_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"296BDDBF-6C54-4D65-8C9D-C4639074A9AD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_mx740c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"757039D5-60B9-40B0-B719-38E27409BDDE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_mx840c_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"31A27B9B-3B03-41C5-913F-1119B6E7E238\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_mx840c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4305D0F-CB59-49D5-8D21-8ECC3342C36C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_c4140_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"630E8769-99DD-4062-8BC4-A793816C5D76\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_c4140:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9ACC9B8-C046-4304-BA58-7D6D7945BE95\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:dss_8440_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"F862C85D-F4DC-4B11-826A-C6AD3AEBB0A8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:dss_8440:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"239C2103-C4BB-4C6A-8E09-C6F7D52024D3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_xe2420_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"AAF0FAAA-AD3C-476D-AAF5-C566A1B1E865\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_xe2420:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30D12E41-8F03-435C-B137-CD3465923E5C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_xe7420_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"43348CD0-0B16-4798-85B3-58017417B7C2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_xe7420:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB402EFE-DEFF-40D1-B1C8-8A7D6923669E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:poweredge_xe7440_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"372DC8AD-61A4-4353-B7DE-71DFA5440401\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:poweredge_xe7440:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB265071-7294-4317-A854-0D90844CDC17\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:emc_storage_nx3240_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"58815A75-5427-48FE-98E5-6FBF5D022E46\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:emc_storage_nx3240:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFCDCB3C-4995-4211-8592-3D7F94098A26\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:emc_storage_nx3340_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"C6C5E7C0-E28C-4D45-AC2D-518FC3E72D49\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:emc_storage_nx3340:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66F375D2-85E4-4994-AE90-99D25A50F9AD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:emc_xc_core_6420_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"B14BA9CF-84BE-406F-AE9C-48418E9045B3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:emc_xc_core_6420:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A54DBA6D-E506-4557-8659-1707F6C9D02F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:emc_xc_core_xc640_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"4884D9D6-3EE9-4041-9D9D-188215F8C73D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:emc_xc_core_xc640:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8EE5A591-AFD4-43B0-9383-B2F306940679\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:emc_xc_core_xc740xd_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"D897026E-70E2-40E7-A59C-E6A1F0FDFA02\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:emc_xc_core_xc740xd:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AD7E6DE-4B9B-4C23-81A1-D8D52D2E4215\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:emc_xc_core_xc740xd2_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"B1D21691-AA78-4603-9E46-12D3B4D64411\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:emc_xc_core_xc740xd2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0127228B-FBC4-4C66-AFA1-749C151F79C5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:emc_xc_core_xc940_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"533FF26E-95F7-4CD7-BBCA-9A80831489A9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:emc_xc_core_xc940:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A160D84-3C5D-4789-8AF3-B006A5956B3F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:emc_xc_core_xcxr2_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.18.1\",\"matchCriteriaId\":\"120AA799-23AE-4D51-8EC2-11A59A1E0EAB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dell:emc_xc_core_xcxr2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FF8CC72-C32F-476D-86D3-CFF022185D76\"}]}]}],\"references\":[{\"url\":\"https://www.dell.com/support/kbdoc/en-us/000213550/dsa-2023-098-security-update-for-dell-poweredge-14g-server-bios-for-an-out-of-bounds-write-vulnerability\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.dell.com/support/kbdoc/en-us/000213550/dsa-2023-098-security-update-for-dell-poweredge-14g-server-bios-for-an-out-of-bounds-write-vulnerability\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.dell.com/support/kbdoc/en-us/000213550/dsa-2023-098-security-update-for-dell-poweredge-14g-server-bios-for-an-out-of-bounds-write-vulnerability\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T11:25:18.634Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-25537\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-21T15:06:34.370163Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-21T15:06:42.265Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.1, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Dell\", \"product\": \"PowerEdge Platform\", \"versions\": [{\"status\": \"affected\", \"version\": \"Versions prior to 2.18.1 \"}], \"platforms\": [\"BIOS\", \"PowerEdge R740\", \"PowerEdge R740XD\", \"PowerEdge R640\", \"PowerEdge R940\", \"PowerEdge R540\", \"PowerEdge R440\", \"PowerEdge T440\", \"PowerEdge XR2\", \"PowerEdge R740xD2\", \"PowerEdge R840\", \"PowerEdge R940xa\", \"PowerEdge T640\", \"PowerEdge C6420\", \"PowerEdge FC640\", \"PowerEdge M640\", \"PowerEdge M640 (for PE VRTX)\", \"PowerEdge MX740c\", \"PowerEdge MX840c\", \"PowerEdge C4140\", \"DSS 8440\", \"PowerEdge XE2420\", \"PowerEdge XE7420\", \"PowerEdge XE7440\", \"Dell EMC Storage NX3240\", \"Dell EMC Storage NX3340\", \"Dell EMC XC Core 6420 System\", \"Dell EMC XC Core XC640 System\", \"Dell EMC XC Core XC740xd System\", \"Dell EMC XC Core XC740xd2\", \"Dell EMC XC Core XC940 System\", \"Dell EMC XC Core XCXR2\"], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2023-05-15T06:30:00.000Z\", \"references\": [{\"url\": \"https://www.dell.com/support/kbdoc/en-us/000213550/dsa-2023-098-security-update-for-dell-poweredge-14g-server-bios-for-an-out-of-bounds-write-vulnerability\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"\\nDell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\n\\n\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eDell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.\u003c/span\u003e\\n\\n\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787: Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"c550e75a-17ff-4988-97f0-544cde3820fe\", \"shortName\": \"dell\", \"dateUpdated\": \"2023-05-22T10:48:45.847Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-25537\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-21T15:07:54.481Z\", \"dateReserved\": \"2023-02-07T09:35:27.079Z\", \"assignerOrgId\": \"c550e75a-17ff-4988-97f0-544cde3820fe\", \"datePublished\": \"2023-05-22T10:48:45.847Z\", \"assignerShortName\": \"dell\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.