Improper Input Validation in Dell BIOS Affects Security Configurations
CVE-2023-28044

5.1MEDIUM

Key Information:

Vendor

Dell
Status
Cpg BiOS
Vendor
CVE Published:
23 June 2023

What is CVE-2023-28044?

An improper input validation vulnerability in Dell BIOS allows a local authenticated user with administrator privileges to potentially manipulate UEFI variables. This vulnerability poses a significant risk as it may enable the attacker to modify crucial system configurations. Users are advised to apply available security updates to mitigate this issue and enhance their device security.

Affected Version(s)

CPG BIOS All Versions

References

https://www.dell.com/support/kbdoc/en-us/000212204/dsa-20...
vendor-advisory

CVSS V3.1

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.