Vulnerability Description
Dell BIOS contains an improper authentication vulnerability. A malicious user with physical access to the system may potentially exploit this vulnerability in order to modify a security-critical UEFI variable without knowledge of the BIOS administrator.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Alienware M15 R7 Firmware | < 1.18.0 |
| Dell | Alienware M15 R7 | - |
| Dell | Alienware M16 Firmware | < 1.10.1 |
| Dell | Alienware M16 | - |
| Dell | Alienware M18 Firmware | < 1.10.1 |
| Dell | Alienware M18 | - |
| Dell | Chengming 3900 Firmware | < 1.15.0 |
| Dell | Chengming 3900 | - |
| Dell | Chengming 3901 Firmware | < 1.15.0 |
| Dell | Chengming 3901 | - |
| Dell | Chengming 3910 Firmware | < 1.6.0 |
| Dell | Chengming 3910 | - |
| Dell | Chengming 3911 Firmware | < 1.6.0 |
| Dell | Chengming 3911 | - |
| Dell | G15 5520 Firmware | < 1.18.0 |
| Dell | G15 5520 | - |
| Dell | G16 7620 Firmware | < 1.18.0 |
| Dell | G16 7620 | - |
| Dell | G3 3500 Firmware | < 1.26.0 |
| Dell | G3 3500 | - |
Related Weaknesses (CWE)
References
- https://www.dell.com/support/kbdoc/en-us/000215217/dsa-2023-190-dell-client-biosVendor Advisory
- https://www.dell.com/support/kbdoc/en-us/000215217/dsa-2023-190-dell-client-biosVendor Advisory
FAQ
What is CVE-2023-32453?
CVE-2023-32453 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Dell BIOS contains an improper authentication vulnerability. A malicious user with physical access to the system may potentially exploit this vulnerability in order to modify a security-critical UEFI...
How severe is CVE-2023-32453?
CVE-2023-32453 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-32453?
Check the references section above for vendor advisories and patch information. Affected products include: Dell Alienware M15 R7 Firmware, Dell Alienware M15 R7, Dell Alienware M16 Firmware, Dell Alienware M16, Dell Alienware M18 Firmware.