First published: Mon May 22 2023(Updated: )
Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.
Credit: security_alert@emc.com
Affected Software | Affected Version | How to fix |
---|---|---|
Dell PowerEdge R740 Firmware | <2.18.1 | |
Dell PowerEdge R740 Firmware | ||
Dell PowerEdge R740xd Firmware | <2.18.1 | |
Dell PowerEdge R740xd2 | ||
Dell PowerEdge R640 Firmware | <2.18.1 | |
Dell PowerEdge R640 Firmware | ||
Dell PowerEdge R940 Firmware | <2.18.1 | |
Dell PowerEdge R940xa Firmware | ||
Dell PowerEdge R540 Firmware | <2.18.1 | |
Dell PowerEdge R540 Firmware | ||
Dell PowerEdge R440 Firmware | <2.18.1 | |
Dell PowerEdge R440 Firmware | ||
Dell PowerEdge T440 | <2.18.1 | |
Dell PowerEdge T440 Firmware | ||
Dell PowerEdge XR2 Firmware | <2.18.1 | |
Dell PowerEdge XR2 Firmware | ||
Dell PowerEdge R740xd2 Firmware | <2.18.1 | |
Dell PowerEdge R740xd2 Firmware | ||
Dell PowerEdge R840 Firmware | <2.18.1 | |
Dell PowerEdge R840 Firmware | ||
Dell PowerEdge R940xa | <2.18.1 | |
Dell PowerEdge R940xa | ||
Dell PowerEdge T640 Firmware | <2.18.1 | |
Juniper T640 | ||
Dell PowerEdge | <2.18.1 | |
Dell PowerEdge c6420 firmware | ||
Dell PowerEdge FC640 | <2.18.1 | |
Dell PowerEdge FC640 | ||
Dell PowerEdge m640 | <2.18.1 | |
Dell PowerEdge m640 Firmware | ||
Dell MX740c Firmware | <2.18.1 | |
Dell MX740c | ||
Dell MX840c Firmware | <2.18.1 | |
Dell PowerEdge mx840c firmware | ||
Dell PowerEdge C4140 Firmware | <2.18.1 | |
Dell PowerEdge C4140 | ||
Dell DSS 8440 Firmware | <2.18.1 | |
Dell DSS 8440 Firmware | ||
Dell PowerEdge XE2420 Firmware | <2.18.1 | |
Dell PowerEdge xe2420 firmware | ||
Dell PowerEdge XE7420 Firmware | <2.18.1 | |
Dell PowerEdge xe7420 firmware | ||
Dell XE7440 Firmware | <2.18.1 | |
Dell PowerEdge xe7440 firmware | ||
Dell NX3240 Firmware | <2.18.1 | |
Dell EMC Storage NX3240 Firmware | ||
Dell NX3340 Firmware | <2.18.1 | |
Dell EMC Storage NX3340 Firmware | ||
Dell EMC XC Core 6420 Firmware | <2.18.1 | |
Dell EMC XC Core 6420 Firmware | ||
Dell EMC XC Core XC640 Firmware | <2.18.1 | |
Dell EMC XC Core XC640 System | ||
Dell EMC XC Core XC740XD Firmware | <2.18.1 | |
Dell EMC XC Core XC740XD Firmware | ||
Dell EMC XC Core XC740XD2 Firmware | <2.18.1 | |
Dell EMC XC Core XC740XD2 Firmware | ||
Dell EMC XC Core XC940 Firmware | <2.18.1 | |
Dell EMC XC940 | ||
Dell EMC XC Core XCX-R2 | <2.18.1 | |
Dell EMC XC Core XCX-R2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-25537 is considered a high-severity vulnerability due to its potential impact on system integrity.
To fix CVE-2023-25537, update the Dell PowerEdge 14G server BIOS to version 2.18.1 or higher.
CVE-2023-25537 affects Dell PowerEdge 14G servers with BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2.
No, exploitation of CVE-2023-25537 requires local access by the attacker.
CVE-2023-25537 is classified as an Out of Bounds write vulnerability.