CVE-2023-32480 MEDIUM

CVE-2023-32480

Vendor Dell

Product CPG BIOS

Weakness CWE-20 · Input validation

Published June 23, 2023

Last update November 29, 2024

View on NVD All CVEs

CVSS base score

6.8/10

Attack vector Physical

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Dell BIOS contains an Improper Input Validation vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability to perform arbitrary code execution.

Key dates

02Disclosure timeline

June 23, 2023 CVE published

November 29, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-32480

Related vulnerabilities

04Related CVE

CVE-2024-21631 Integer overflow in URI leading to potential host spoofing CVE-2020-3206 Cisco IOS XE Software Catalyst 9800 Series Wireless Controllers Denial of Service Vulnerability CVE-2018-15422 Cisco Webex Network Recording Player Remote Code Execution Vulnerabilities CVE-2024-4609 Rockwell Automation Datalog Function within in FactoryTalk® View SE contains SQL Injection Vulnerability CVE-2024-4003 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.15 - Authenticated (Contributor+) Stored Cross-Site Scripting