CVE-2023-44298 Vulnerability Details

  /     /     /  

CVE-2023-44298 Metadata Quick Info

CVE Published: 05/12/2023 | CVE Updated: 02/08/2024 | CVE Year: 2023
Source: dell | Vendor: Dell | Product: PowerEdge BIOS
Status : PUBLISHED

---

CVE-2023-44298 Description

Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information tampering, code execution, denial of service.

Metrics

CVSS Version: 3.1 | Base Score: 3.6 LOW
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L

l➤ Exploitability Metrics:
    Attack Vector (AV)* PHYSICAL
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* NONE
    Integrity Impact (I)* LOW
    Availability Impact (A)* LOW

Weakness Enumeration (CWE)

CWE-ID: CWE-1234
CWE Name: CWE-1234: Hardware Internal or Debug Modes Allow Override of Locks
Source: Dell

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).