CVE-2023-48674 — MEDIUM (6.8)

Q: How severe is CVE-2023-48674?

CVE-2023-48674 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-48674?

Check the references section above for vendor advisories and patch information. Affected products include: Dell Precision 3430 Tower Firmware, Dell Precision 3430 Tower, Dell Precision 3431 Tower Firmware, Dell Precision 3431 Tower, Dell Precision 3630 Tower Firmware.

Vulnerability Description

Dell Platform BIOS contains an Improper Null Termination vulnerability. A high privilege user with network access to the system could potentially send malicious data to the device in order to cause some services to cease to function.

CVSS Score

6.8

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Dell	Precision 3430 Tower Firmware	< 1.28.0
Dell	Precision 3430 Tower	-
Dell	Precision 3431 Tower Firmware	< 1.24.0
Dell	Precision 3431 Tower	-
Dell	Precision 3630 Tower Firmware	< 2.26.0
Dell	Precision 3630 Tower	-
Dell	Precision 5820 Tower Firmware	< 2.34.0
Dell	Precision 5820 Tower	-
Dell	Precision 7820 Tower Firmware	< 2.38.0
Dell	Precision 7820 Tower	-
Dell	Precision 7920 Tower Firmware	< 2.38.0
Dell	Precision 7920 Tower	-
Dell	Latitude 5280 Firmware	< 1.34.0
Dell	Latitude 5280	-
Dell	Latitude 5288 Firmware	< 1.34.0
Dell	Latitude 5288	-
Dell	Latitude 5290 Firmware	< 1.33.0
Dell	Latitude 5290	-
Dell	Latitude 5290 2-In-1 Firmware	< 1.32.0
Dell	Latitude 5290 2-In-1	-

Related Weaknesses (CWE)

CWE-170

References

https://www.dell.com/support/kbdoc/en-us/000220410/dsa-2023-467Vendor Advisory
https://www.dell.com/support/kbdoc/en-us/000220410/dsa-2023-467Vendor Advisory

FAQ

What is CVE-2023-48674?

CVE-2023-48674 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Dell Platform BIOS contains an Improper Null Termination vulnerability. A high privilege user with network access to the system could potentially send malicious data to the device in order to cause so...

How severe is CVE-2023-48674?

CVE-2023-48674 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-48674?

Check the references section above for vendor advisories and patch information. Affected products include: Dell Precision 3430 Tower Firmware, Dell Precision 3430 Tower, Dell Precision 3431 Tower Firmware, Dell Precision 3431 Tower, Dell Precision 3630 Tower Firmware.