Headline
CVE-2023-44298: DSA-2023-429: Security Update for Dell 16G PowerEdge Server BIOS for a Debug Code Security Vulnerability
Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information tampering, code execution, denial of service.
Impact
High
Details
Proprietary Code CVEs
Description
CVSS Base Score
CVSS Vector String
CVE-2023-44297
Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information disclosure, information tampering, code execution, denial of service.
7.1
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L
CVE-2023-44298
Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information tampering, code execution, denial of service.
3.6
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L
Proprietary Code CVEs
Description
CVSS Base Score
CVSS Vector String
CVE-2023-44297
Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information disclosure, information tampering, code execution, denial of service.
7.1
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L
CVE-2023-44298
Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information tampering, code execution, denial of service.
3.6
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.
Affected Products and Remediation
The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
Workarounds and Mitigations
None
Revision History
Revision
Date
Description
1.0
2023-12-04
Initial release
Related Information
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide
PowerEdge C6620, PowerEdge HS5610, PowerEdge HS5620, PowerEdge MX760c, PowerEdge R660, PowerEdge R660xs, PowerEdge R760, PowerEdge R760XA, PowerEdge R760xd2, PowerEdge R760xs, PowerEdge R860, PowerEdge R960, PowerEdge T560