Pre-Boot Direct Memory Access Vulnerability in Dell Client BIOS
CVE-2023-43088

7.2HIGH

Key Information:

Vendor: Dell
Status: CPG BIOS
Vendor: CVE Published:; 22 December 2023

Summary

The Dell Client BIOS contains a vulnerability that allows for direct memory access (DMA) during the pre-boot phase. This vulnerability can potentially be exploited by an authenticated attacker with physical access to the system, which may lead to arbitrary code execution on the affected device. It highlights significant security risks, especially in environments where physical access controls may be lax.

Affected Version(s)

CPG BIOS Precision 7865 Tower Versions prior to 1.5.0

References

https://www.dell.com/support/kbdoc/en-us/000218223/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 22, 2023
Vulnerability Reserved
Sep 15, 2023