Vulnerability Description
Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Poweredge R660 Firmware | < 1.6.6 |
| Dell | Poweredge R660 | - |
| Dell | Poweredge R760 Firmware | < 1.6.6 |
| Dell | Poweredge R760 | - |
| Dell | Poweredge C6620 Firmware | < 1.6.6 |
| Dell | Poweredge C6620 | - |
| Dell | Poweredge Mx760C Firmware | < 1.6.6 |
| Dell | Poweredge Mx760C | - |
| Dell | Poweredge R860 Firmware | < 1.6.6 |
| Dell | Poweredge R860 | - |
| Dell | Poweredge R960 Firmware | < 1.6.6 |
| Dell | Poweredge R960 | - |
| Dell | Poweredge Hs5610 Firmware | < 1.6.6 |
| Dell | Poweredge Hs5610 | - |
| Dell | Poweredge Hs5620 Firmware | < 1.6.6 |
| Dell | Poweredge Hs5620 | - |
| Dell | Poweredge R660Xs Firmware | < 1.6.6 |
| Dell | Poweredge R660Xs | - |
| Dell | Poweredge R760Xs Firmware | < 1.6.6 |
| Dell | Poweredge R760Xs | - |
Related Weaknesses (CWE)
References
- https://www.dell.com/support/kbdoc/en-us/000219550/dsa-2023-361-security-update-Vendor Advisory
- https://www.dell.com/support/kbdoc/en-us/000219550/dsa-2023-361-security-update-Vendor Advisory
FAQ
What is CVE-2023-32460?
CVE-2023-32460 is a vulnerability with a CVSS score of 8.8 (HIGH). Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation. ...
How severe is CVE-2023-32460?
CVE-2023-32460 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-32460?
Check the references section above for vendor advisories and patch information. Affected products include: Dell Poweredge R660 Firmware, Dell Poweredge R660, Dell Poweredge R760 Firmware, Dell Poweredge R760, Dell Poweredge C6620 Firmware.