Improper Input Validation in Dell BIOS Software
CVE-2023-39251

6.7MEDIUM

Key Information:

Vendor: Dell
Status: CPG BIOS
Vendor: CVE Published:; 22 December 2023

Summary

Dell BIOS has a vulnerability characterized by improper input validation. A local user with elevated privileges could leverage this flaw to manipulate memory, potentially leading to system instability or unauthorized access. This vulnerability emphasizes the importance of ensuring firmware security and timely updates to mitigate risks.

Affected Version(s)

CPG BIOS Inspiron 7510 Versions prior to 1.20.0

CPG BIOS Inspiron 7510 Versions prior to 1.23.0

CPG BIOS Inspiron 7510 Versions prior to 1.27.0

References

https://www.dell.com/support/kbdoc/en-us/000217707/dsa-20...

vendor-advisory

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 22, 2023
Vulnerability Reserved
Jul 26, 2023

Credit

Dell Technologies would like to thank Eason for reporting this issue.