← Back

CVE-2023-25537

nvd nist
Published: May 22, 2023Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.

Affected (30)

Products: Dell: Poweredge R740 Firmware, Poweredge R740xd Firmware, Poweredge R640 Firmware, Poweredge R940 Firmware, Poweredge R540 Firmware, Poweredge R440 Firmware, Poweredge T440 Firmware, Poweredge Xr2 Firmware, Poweredge R740xd2 Firmware, Poweredge R840 Firmware, Poweredge R940xa Firmware, Poweredge T640 Firmware, Poweredge C6420 Firmware, Poweredge Fc640 Firmware, Poweredge M640 Firmware, Poweredge Mx740c Firmware, Poweredge Mx840c Firmware, Poweredge C4140 Firmware, Dss 8440 Firmware, Poweredge Xe2420 Firmware, Poweredge Xe7420 Firmware, Poweredge Xe7440 Firmware, Emc Storage Nx3240 Firmware, Emc Storage Nx3340 Firmware, Emc Xc Core 6420 Firmware, Emc Xc Core Xc640 Firmware, Emc Xc Core Xc740xd Firmware, Emc Xc Core Xc740xd2 Firmware, Emc Xc Core Xc940 Firmware, Emc Xc Core Xcxr2 Firmware
Dell
30 products
Poweredge R740 Firmware
Poweredge R740xd Firmware
Poweredge R640 Firmware
Poweredge R940 Firmware
Poweredge R540 Firmware
Poweredge R440 Firmware
Poweredge T440 Firmware
Poweredge Xr2 Firmware
Poweredge R740xd2 Firmware
Poweredge R840 Firmware
Poweredge R940xa Firmware
Poweredge T640 Firmware
Poweredge C6420 Firmware
Poweredge Fc640 Firmware
Poweredge M640 Firmware
Poweredge Mx740c Firmware
Poweredge Mx840c Firmware
Poweredge C4140 Firmware
Dss 8440 Firmware
Poweredge Xe2420 Firmware
Poweredge Xe7420 Firmware
Poweredge Xe7440 Firmware
Emc Storage Nx3240 Firmware
Emc Storage Nx3340 Firmware
Emc Xc Core 6420 Firmware
Emc Xc Core Xc640 Firmware
Emc Xc Core Xc740xd Firmware
Emc Xc Core Xc740xd2 Firmware
Emc Xc Core Xc940 Firmware
Emc Xc Core Xcxr2 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Poweredge R740 Firmware
Before 2.18.1
Running on/withPlatform Versions
Dell
Poweredge R740
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Poweredge R740xd Firmware
Before 2.18.1
Running on/withPlatform Versions
Dell
Poweredge R740xd
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Poweredge R640 Firmware
Before 2.18.1
Running on/withPlatform Versions
Dell
Poweredge R640
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Poweredge R940 Firmware
Before 2.18.1
Running on/withPlatform Versions
Dell
Poweredge R940
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Poweredge R540 Firmware
Before 2.18.1
Running on/withPlatform Versions
Dell
Poweredge R540
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Poweredge R440 Firmware
Before 2.18.1
Running on/withPlatform Versions
Dell
Poweredge R440
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Poweredge T440 Firmware
Before 2.18.1
Running on/withPlatform Versions
Dell
Poweredge T440
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Poweredge Xr2 Firmware
Before 2.18.1
Running on/withPlatform Versions
Dell
Poweredge Xr2
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Poweredge R740xd2 Firmware
Before 2.18.1
Running on/withPlatform Versions
Dell
Poweredge R740xd2
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Poweredge R840 Firmware
Before 2.18.1
Running on/withPlatform Versions
Dell
Poweredge R840
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Poweredge R940xa Firmware
Before 2.18.1
Running on/withPlatform Versions
Dell
Poweredge R940xa
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Poweredge T640 Firmware
Before 2.18.1
Running on/withPlatform Versions
Dell
Poweredge T640
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Poweredge C6420 Firmware
Before 2.18.1
Running on/withPlatform Versions
Dell
Poweredge C6420
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Poweredge Fc640 Firmware
Before 2.18.1
Running on/withPlatform Versions
Dell
Poweredge Fc640
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Poweredge M640 Firmware
Before 2.18.1
Running on/withPlatform Versions
Dell
Poweredge M640
All versions
Configuration P
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Poweredge Mx740c Firmware
Before 2.18.1
Running on/withPlatform Versions
Dell
Poweredge Mx740c
All versions
Configuration Q
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Poweredge Mx840c Firmware
Before 2.18.1
Running on/withPlatform Versions
Dell
Poweredge Mx840c
All versions
Configuration R
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Poweredge C4140 Firmware
Before 2.18.1
Running on/withPlatform Versions
Dell
Poweredge C4140
All versions
Configuration S
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Dss 8440 Firmware
Before 2.18.1
Running on/withPlatform Versions
Dell
Dss 8440
All versions
Configuration T
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Poweredge Xe2420 Firmware
Before 2.18.1
Running on/withPlatform Versions
Dell
Poweredge Xe2420
All versions
Configuration U
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Poweredge Xe7420 Firmware
Before 2.18.1
Running on/withPlatform Versions
Dell
Poweredge Xe7420
All versions
Configuration V
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Poweredge Xe7440 Firmware
Before 2.18.1
Running on/withPlatform Versions
Dell
Poweredge Xe7440
All versions
Configuration W
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Emc Storage Nx3240 Firmware
Before 2.18.1
Running on/withPlatform Versions
Dell
Emc Storage Nx3240
All versions
Configuration X
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Emc Storage Nx3340 Firmware
Before 2.18.1
Running on/withPlatform Versions
Dell
Emc Storage Nx3340
All versions
Configuration Y
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Emc Xc Core 6420 Firmware
Before 2.18.1
Running on/withPlatform Versions
Dell
Emc Xc Core 6420
All versions
Configuration Z
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Emc Xc Core Xc640 Firmware
Before 2.18.1
Running on/withPlatform Versions
Dell
Emc Xc Core Xc640
All versions
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Emc Xc Core Xc740xd Firmware
Before 2.18.1
Running on/withPlatform Versions
Dell
Emc Xc Core Xc740xd
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Emc Xc Core Xc740xd2 Firmware
Before 2.18.1
Running on/withPlatform Versions
Dell
Emc Xc Core Xc740xd2
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Emc Xc Core Xc940 Firmware
Before 2.18.1
Running on/withPlatform Versions
Dell
Emc Xc Core Xc940
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Emc Xc Core Xcxr2 Firmware
Before 2.18.1
Running on/withPlatform Versions
Dell
Emc Xc Core Xcxr2
All versions

Related CWEs

CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

Source: security_alert@emc.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.