Description
Dell BIOS contains an improper authentication vulnerability. A malicious user with physical access to the system may potentially exploit this vulnerability in order to modify a security-critical UEFI variable without knowledge of the BIOS administrator.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
https://www.dell.com/support/kbdoc/en-us/000215217/dsa-2023-190-dell-client-bios
Scores
CVSS v3
4.6
EPSS
0.0003
EPSS Percentile
9.8%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-287
Status
published
Products (50)
dell/alienware_m15_r7_firmware
< 1.18.0
dell/alienware_m16_firmware
< 1.10.1
dell/alienware_m18_firmware
< 1.10.1
dell/chengming_3900_firmware
< 1.15.0
dell/chengming_3901_firmware
< 1.15.0
dell/chengming_3910_firmware
< 1.6.0
dell/chengming_3911_firmware
< 1.6.0
dell/g15_5520_firmware
< 1.18.0
dell/g16_7620_firmware
< 1.18.0
dell/g3_3500_firmware
< 1.26.0
... and 40 more
Published
Aug 16, 2023
Tracked Since
Feb 18, 2026