CVE-2023-25537
moderate-risk
Published 2023-05-22
Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.
Do I need to act?
-
0.04% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.1/10
Medium
LOCAL
/ LOW complexity
Affected Products (20)
Poweredge R740 Firmware
Poweredge R740Xd Firmware
Poweredge R640 Firmware
Poweredge R940 Firmware
Poweredge R540 Firmware
Poweredge R440 Firmware
Poweredge T440 Firmware
Poweredge Xr2 Firmware
Poweredge R740Xd2 Firmware
Poweredge R840 Firmware
Poweredge R940Xa Firmware
Poweredge T640 Firmware
Poweredge C6420 Firmware
Poweredge Fc640 Firmware
Poweredge M640 Firmware
Poweredge Mx740C Firmware
Poweredge Mx840C Firmware
Poweredge C4140 Firmware
Dss 8440 Firmware
Poweredge Xe2420 Firmware
Affected Vendors
References (2)
42
/ 100
moderate-risk
Severity
20/34 · Moderate
Exploitability
0/34 · Minimal
Exposure
22/34 · High