CVE-2023-44297 HIGH

CVE-2023-44297

Vendor Dell
Product PowerEdge BIOS
Weakness CWE-1234
Published December 5, 2023
Last update August 2, 2024

CVSS base score

7.1/10
Attack vector Physical
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L

What the vulnerability does

01Description

Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information disclosure, information tampering, code execution, denial of service.

Key dates

02Disclosure timeline

December 5, 2023 CVE published
August 2, 2024 Record updated