CVE-2023-32469

{"id": "CVE-2023-32469", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}, {"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 0.8}]}, "published": "2023-11-16T09:15:07.077", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000216242/dsa-2023-223-security-update-for-a-dell-precision-tower-bios-vulnerability", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Secondary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "\nDell Precision Tower BIOS contains an Improper Input Validation vulnerability. A locally authenticated malicious user with admin privileges could potentially exploit this vulnerability to perform arbitrary code execution.\n\n"}, {"lang": "es", "value": "El BIOS Dell Precision Tower contiene una vulnerabilidad de validaci\u00f3n de entrada incorrecta. Un usuario malicioso autenticado localmente con privilegios de administrador podr\u00eda explotar esta vulnerabilidad para realizar la ejecuci\u00f3n de c\u00f3digo arbitrario."}], "lastModified": "2023-11-29T19:49:42.947", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:precision_5820_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D9FE138-FF30-4105-94D6-80E1EA7D7B3C", "versionEndExcluding": "2.32.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:precision_5820:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E12F96DC-54C7-4891-8723-D1B240165CBC"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:precision_7820_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D5945F9-7C84-4CB7-82B8-1706AAF683FF", "versionEndExcluding": "2.36.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:precision_7820:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FA0FD696-4C1F-416C-95EB-36FEA77BEB6F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:precision_7920_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0B22610-AFC8-40EA-AB4D-179038E0D1D6", "versionEndExcluding": "2.36.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:precision_7920:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0BCCF11B-05BD-4E70-AD26-6B26A7E701FA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security_alert@emc.com"}