Active Debug Code Security Vulnerability in Dell PowerEdge and Precision BIOS
CVE-2023-44298

3.6LOW

Key Information:

Vendor: Dell
Status: PowerEdge BIOS
Vendor: CVE Published:; 5 December 2023

What is CVE-2023-44298?

Dell PowerEdge platforms utilizing 16G Intel E5 BIOS and Dell Precision BIOS version 1.4.4 exhibit a security vulnerability linked to active debug code. This flaw allows unauthenticated physical attackers to potentially exploit the system, posing risks of information tampering, unauthorized code execution, and service disruption. Immediate mitigation strategies and patches from Dell are recommended to safeguard affected systems.

Affected Version(s)

PowerEdge BIOS PowerEdge R660 Version 1.4.4

References

https://www.dell.com/support/kbdoc/en-us/000220047/dsa-20...

vendor-advisory

CVSS V3.1

Score:

3.6

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Physical

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 5, 2023
Vulnerability Reserved
Sep 28, 2023