CVE-2023-44298

Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information tampering, code execution, denial of service.

Published: Dec 5, 2023
Updated: Dec 13, 2023
CVE: CVE-2023-44298
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.8
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-667

Affected Software
References

Software	From	Fixed in
dell / poweredge_r660_firmware	1.4.4	1.4.4.x
dell / poweredge_r760_firmware	1.4.4	1.4.4.x
dell / poweredge_c6620_firmware	1.4.4	1.4.4.x
dell / poweredge_mx760c_firmware	1.4.4	1.4.4.x
dell / poweredge_r860_firmware	1.4.4	1.4.4.x
dell / poweredge_r960_firmware	1.4.4	1.4.4.x
dell / poweredge_hs5610_firmware	1.4.4	1.4.4.x
dell / poweredge_hs5620_firmware	1.4.4	1.4.4.x
dell / poweredge_r660xs_firmware	1.4.4	1.4.4.x
dell / poweredge_r760xs_firmware	1.4.4	1.4.4.x
dell / poweredge_r760xd2_firmware	1.4.4	1.4.4.x
dell / poweredge_t560_firmware	1.4.4	1.4.4.x
dell / poweredge_r760xa_firmware	1.4.4	1.4.4.x

https://www.dell.com/support/kbdoc/en-us/000220047/dsa-2023-429-security-update-for-dell-16g-poweredge-server-bios-for-a-debug-code-security-vulnerability

Vulnerability Database

290,206

CVE-2023-44298