CVE-2023-32460

Severity CVSS v4.0:
Pending analysis
Type:
CWE-306 Missing Authentication for Critical Function
Publication date:
08/12/2023
Last modified:
14/12/2023

Description

Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:dell:poweredge_r660_firmware:*:*:*:*:*:*:*:* 1.6.6 (excluding)
cpe:2.3:h:dell:poweredge_r660:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:poweredge_r760_firmware:*:*:*:*:*:*:*:* 1.6.6 (excluding)
cpe:2.3:h:dell:poweredge_r760:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:poweredge_c6620_firmware:*:*:*:*:*:*:*:* 1.6.6 (excluding)
cpe:2.3:h:dell:poweredge_c6620:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:poweredge_mx760c_firmware:*:*:*:*:*:*:*:* 1.6.6 (excluding)
cpe:2.3:h:dell:poweredge_mx760c:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:poweredge_r860_firmware:*:*:*:*:*:*:*:* 1.6.6 (excluding)
cpe:2.3:h:dell:poweredge_r860:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:poweredge_r960_firmware:*:*:*:*:*:*:*:* 1.6.6 (excluding)
cpe:2.3:h:dell:poweredge_r960:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:poweredge_hs5610_firmware:*:*:*:*:*:*:*:* 1.6.6 (excluding)
cpe:2.3:h:dell:poweredge_hs5610:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:poweredge_hs5620_firmware:*:*:*:*:*:*:*:* 1.6.6 (excluding)