CVE-2023-32460

Home/CVE/Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker

CVE

Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker

Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.

HIGH · CVSS 8.8 EPSS 0.00039

Schedule remediation

CVSS base score ≥ 7.0

Sigma rules0 YARA rules0

⬡

Weakness Classification

CWE-306Missing Authentication for Critical Function

▤

Affected Products & Versions

dell poweredge r660 firmware< 1.6.6
dell poweredge r760 firmware< 1.6.6
dell poweredge c6620 firmware< 1.6.6
dell poweredge mx760c firmware< 1.6.6
dell poweredge r860 firmware< 1.6.6
dell poweredge r960 firmware< 1.6.6
dell poweredge hs5610 firmware< 1.6.6
dell poweredge hs5620 firmware< 1.6.6
Show all 60 affected productsdell poweredge r660xs firmware< 1.6.6
dell poweredge r760xs firmware< 1.6.6
dell poweredge r760xd2 firmware< 1.6.6
dell poweredge t560 firmware< 1.6.6
dell poweredge r760xa firmware< 1.6.6
dell poweredge xr5610 firmware< 1.6.6
dell poweredge xr8610t firmware< 1.6.6
dell poweredge xr8620t firmware< 1.6.6
dell poweredge r6615 firmware< 1.6.6
dell poweredge r7615 firmware< 1.6.6
dell poweredge xr7620 firmware< 1.6.6
dell poweredge xe8640 firmware< 1.3.6
dell poweredge xe9640 firmware< 1.3.6
dell poweredge xe9680 firmware< 1.3.6
dell poweredge r6625 firmware< 1.6.8
dell poweredge r7625 firmware< 1.6.8
dell poweredge c6615 firmware< 1.1.2
dell poweredge r650 firmware< 1.12.1
dell poweredge r750 firmware< 1.12.1
dell poweredge r750xa firmware< 1.12.1
dell poweredge c6520 firmware< 1.12.1
dell poweredge mx750c firmware< 1.12.1
dell poweredge r550 firmware< 1.12.1
dell poweredge r450 firmware< 1.12.1
dell poweredge r650xs firmware< 1.12.1
dell poweredge r750xs firmware< 1.12.1
dell poweredge t550 firmware< 1.12.1
dell poweredge xr11 firmware< 1.12.1
dell poweredge xr12 firmware< 1.12.1
dell poweredge t150 firmware< 1.8.1
dell poweredge t350 firmware< 1.8.1
dell poweredge r250 firmware< 1.8.1
dell poweredge r350 firmware< 1.8.1
dell poweredge xr4510c firmware< 1.13.3
dell poweredge xr4520c firmware< 1.13.3
dell poweredge r6515 firmware< 2.13.3
dell poweredge r6525 firmware< 2.13.3
dell poweredge r7515 firmware< 2.13.3
dell poweredge r7525 firmware< 2.13.3
dell poweredge c6525 firmware< 2.13.3
dell poweredge xe8545 firmware< 2.13.3
dell poweredge r740 firmware< 2.20.1
dell poweredge r640 firmware< 2.20.1
dell poweredge r940 firmware< 2.20.1
dell poweredge r540 firmware< 2.20.1
dell poweredge r440 firmware< 2.20.1
dell poweredge t440 firmware< 2.20.1
dell poweredge xr2 firmware< 2.20.1
dell poweredge r840 firmware< 2.20.1
dell poweredge t640 firmware< 2.20.1
dell poweredge c6420 firmware< 2.20.1
dell poweredge fc640 firmware< 2.20.1

▣

Scoring & Timeline

8.8

HIGH · CVSS v3.1 · security_alert@emc.com

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD08 Dec 2023 · 06:15 AM

CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

🔗

References & Sources

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

https://www.dell.com/support/kbdoc/en-us/000219550/dsa-2023-361-security-update-for-dell-poweredge-server-bios-for-an-improper-privilege-management-security-vulnerabilityVendor Advisory

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin