CVE-2023-48674

high-risk

Published 2024-03-01

Dell Platform BIOS contains an Improper Null Termination vulnerability. A high privilege user with network access to the system could potentially send malicious data to the device in order to cause some services to cease to function.

Do I need to act?

0.13% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.8/10 Medium

NETWORK / LOW complexity

Affected Products (20)

Precision 3430 Tower Firmware

Precision 3431 Tower Firmware

Precision 3630 Tower Firmware

Precision 5820 Tower Firmware

Precision 7820 Tower Firmware

Precision 7920 Tower Firmware

Latitude 5280 Firmware

Latitude 5288 Firmware

Latitude 5290 Firmware

Latitude 5290 2-In-1 Firmware

Latitude 5300 Firmware

Latitude 5300 2-In-1 Firmware

Latitude 5310 Firmware

Latitude 5310 2-In-1 Firmware

Latitude 5320 Firmware

Latitude 5330 Firmware

Latitude 5340 Firmware

Latitude 5400 Firmware

Latitude 5401 Firmware

Latitude 5410 Firmware

Affected Vendors

Dell

References (2)

Vendor Advisory https://www.dell.com/support/kbdoc/en-us/000220410/dsa-2023-467

/ 100

high-risk

Severity 25/34 · High

Exploitability 1/34 · Minimal

Exposure 33/34 · Critical