CVE-2023-25537

Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dell:poweredge_r740_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r740:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:dell:poweredge_r740xd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r740xd:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:dell:poweredge_r640_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r640:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:dell:poweredge_r940_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r940:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:dell:poweredge_r540_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r540:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:dell:poweredge_r440_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r440:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:dell:poweredge_t440_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_t440:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:dell:poweredge_xr2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_xr2:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:dell:poweredge_r740xd2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r740xd2:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:dell:poweredge_r840_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r840:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:dell:poweredge_r940xa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r940xa:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:dell:poweredge_t640_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_t640:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:dell:poweredge_c6420_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_c6420:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:dell:poweredge_fc640_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_fc640:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:dell:poweredge_m640_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_m640:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:dell:poweredge_mx740c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_mx740c:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:dell:poweredge_mx840c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_mx840c:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:dell:poweredge_c4140_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_c4140:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:dell:dss_8440_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:dss_8440:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:dell:poweredge_xe2420_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_xe2420:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:dell:poweredge_xe7420_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_xe7420:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:dell:poweredge_xe7440_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_xe7440:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:dell:emc_storage_nx3240_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:emc_storage_nx3240:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:dell:emc_storage_nx3340_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:emc_storage_nx3340:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
cpe:2.3:o:dell:emc_xc_core_6420_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:emc_xc_core_6420:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND
cpe:2.3:o:dell:emc_xc_core_xc640_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:emc_xc_core_xc640:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND
cpe:2.3:o:dell:emc_xc_core_xc740xd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:emc_xc_core_xc740xd:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND
cpe:2.3:o:dell:emc_xc_core_xc740xd2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:emc_xc_core_xc740xd2:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND
cpe:2.3:o:dell:emc_xc_core_xc940_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:emc_xc_core_xc940:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND
cpe:2.3:o:dell:emc_xc_core_xcxr2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:emc_xc_core_xcxr2:-:*:*:*:*:*:*:*

History

30 May 2023, 21:32

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8
References (MISC) https://www.dell.com/support/kbdoc/en-us/000213550/dsa-2023-098-security-update-for-dell-poweredge-14g-server-bios-for-an-out-of-bounds-write-vulnerability - (MISC) https://www.dell.com/support/kbdoc/en-us/000213550/dsa-2023-098-security-update-for-dell-poweredge-14g-server-bios-for-an-out-of-bounds-write-vulnerability - Vendor Advisory
First Time Dell poweredge Xe2420 Firmware
Dell poweredge C4140
Dell poweredge R640
Dell poweredge R740xd Firmware
Dell poweredge Xe7440
Dell emc Storage Nx3240 Firmware
Dell poweredge R940
Dell poweredge Xe2420
Dell emc Xc Core Xc640 Firmware
Dell poweredge Xe7440 Firmware
Dell poweredge C6420
Dell poweredge Mx740c Firmware
Dell poweredge Xe7420 Firmware
Dell emc Xc Core 6420
Dell poweredge T640 Firmware
Dell emc Xc Core Xc740xd
Dell poweredge M640
Dell dss 8440
Dell emc Xc Core 6420 Firmware
Dell
Dell emc Xc Core Xc740xd2
Dell poweredge R540
Dell poweredge R740xd2 Firmware
Dell poweredge C4140 Firmware
Dell poweredge M640 Firmware
Dell poweredge Xr2
Dell emc Storage Nx3340
Dell emc Storage Nx3240
Dell poweredge Xe7420
Dell poweredge R740
Dell poweredge Mx740c
Dell poweredge T440 Firmware
Dell poweredge Mx840c Firmware
Dell poweredge R540 Firmware
Dell emc Xc Core Xc740xd Firmware
Dell poweredge R840 Firmware
Dell poweredge R840
Dell poweredge T640
Dell emc Xc Core Xc940 Firmware
Dell emc Xc Core Xcxr2 Firmware
Dell poweredge Xr2 Firmware
Dell poweredge R440
Dell poweredge R440 Firmware
Dell emc Xc Core Xcxr2
Dell poweredge R640 Firmware
Dell emc Storage Nx3340 Firmware
Dell emc Xc Core Xc940
Dell poweredge R940xa Firmware
Dell poweredge R940xa
Dell poweredge R740xd2
Dell emc Xc Core Xc640
Dell poweredge T440
Dell poweredge R940 Firmware
Dell dss 8440 Firmware
Dell poweredge Mx840c
Dell poweredge C6420 Firmware
Dell poweredge Fc640 Firmware
Dell emc Xc Core Xc740xd2 Firmware
Dell poweredge R740 Firmware
Dell poweredge R740xd
Dell poweredge Fc640
CPE cpe:2.3:h:dell:emc_xc_core_xc640:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:poweredge_r940xa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:emc_xc_core_6420_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:emc_xc_core_xc640_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:emc_xc_core_xcxr2:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r940:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:dss_8440_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_m640:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:poweredge_r740xd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_xe7440:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:poweredge_t640_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:emc_xc_core_xc740xd:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_mx740c:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r940xa:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:emc_storage_nx3340:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r640:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:emc_xc_core_xc740xd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:emc_xc_core_xc740xd2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:poweredge_xe7420_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:poweredge_c6420_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_mx840c:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:emc_storage_nx3340_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r840:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r540:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r440:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:emc_xc_core_xc740xd2:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:poweredge_r540_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:poweredge_r740xd2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_t440:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:poweredge_r640_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_fc640:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:poweredge_c4140_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:emc_xc_core_6420:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:emc_storage_nx3240_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:dss_8440:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:poweredge_xr2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:poweredge_xe7440_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:emc_xc_core_xc940:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_c6420:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:poweredge_xe2420_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:poweredge_r440_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_xe2420:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r740:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_xe7420:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r740xd2:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:poweredge_m640_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:poweredge_fc640_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:poweredge_r740_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:emc_storage_nx3240:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:emc_xc_core_xcxr2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:poweredge_mx740c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r740xd:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:poweredge_t440_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_c4140:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:poweredge_mx840c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_t640:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:poweredge_r940_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:emc_xc_core_xc940_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_xr2:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:poweredge_r840_firmware:*:*:*:*:*:*:*:*

22 May 2023, 13:21

Type Values Removed Values Added
New CVE

Information

Published : 2023-05-22 11:15

Updated : 2023-12-10 15:01


NVD link : CVE-2023-25537

Mitre link : CVE-2023-25537

CVE.ORG link : CVE-2023-25537


JSON object : View

Products Affected

dell

  • emc_xc_core_xc740xd2
  • emc_xc_core_6420
  • poweredge_r740
  • emc_xc_core_xc640_firmware
  • poweredge_mx740c_firmware
  • poweredge_r440_firmware
  • poweredge_c4140_firmware
  • poweredge_r740xd_firmware
  • emc_xc_core_xc640
  • poweredge_r740_firmware
  • poweredge_t640
  • poweredge_xr2
  • poweredge_mx840c_firmware
  • emc_storage_nx3240
  • emc_xc_core_xcxr2
  • poweredge_r940
  • poweredge_r940xa
  • emc_xc_core_xc740xd2_firmware
  • poweredge_t640_firmware
  • poweredge_xe7440
  • poweredge_xe7420
  • emc_storage_nx3240_firmware
  • emc_storage_nx3340
  • poweredge_r540_firmware
  • poweredge_fc640_firmware
  • poweredge_mx840c
  • poweredge_xe7420_firmware
  • poweredge_r840
  • emc_xc_core_xc740xd_firmware
  • emc_xc_core_xc740xd
  • emc_xc_core_6420_firmware
  • dss_8440_firmware
  • poweredge_r940_firmware
  • poweredge_t440
  • poweredge_m640
  • poweredge_r740xd
  • poweredge_r940xa_firmware
  • poweredge_c6420
  • poweredge_r640_firmware
  • poweredge_r540
  • poweredge_c4140
  • poweredge_xe2420_firmware
  • emc_xc_core_xcxr2_firmware
  • emc_xc_core_xc940
  • poweredge_mx740c
  • emc_storage_nx3340_firmware
  • poweredge_fc640
  • poweredge_m640_firmware
  • poweredge_xr2_firmware
  • poweredge_r840_firmware
  • poweredge_r440
  • poweredge_xe2420
  • emc_xc_core_xc940_firmware
  • poweredge_c6420_firmware
  • poweredge_r740xd2_firmware
  • poweredge_r640
  • dss_8440
  • poweredge_r740xd2
  • poweredge_xe7440_firmware
  • poweredge_t440_firmware
CWE
CWE-787

Out-of-bounds Write