First published: Tue Dec 05 2023(Updated: )
Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information tampering, code execution, denial of service.
Credit: security_alert@emc.com
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
Dell PowerEdge r660 firmware | =1.4.4 | |
Dell PowerEdge r660 firmware | ||
All of | ||
Dell PowerEdge r760 firmware | =1.4.4 | |
Dell PowerEdge r760 | ||
All of | ||
Dell PowerEdge c6620 firmware | =1.4.4 | |
Dell PowerEdge c6620 firmware | ||
All of | ||
Dell PowerEdge mx760c firmware | =1.4.4 | |
Dell PowerEdge mx760c firmware | ||
All of | ||
Dell PowerEdge r860 firmware | =1.4.4 | |
Dell PowerEdge r860 firmware | ||
All of | ||
Dell PowerEdge r960 firmware | =1.4.4 | |
Dell PowerEdge R960 | ||
All of | ||
Dell PowerEdge hs5610 | =1.4.4 | |
Dell PowerEdge hs5610 | ||
All of | ||
Dell PowerEdge hs5620 firmware | =1.4.4 | |
Dell PowerEdge hs5620 firmware | ||
All of | ||
Dell PowerEdge r660xs firmware | =1.4.4 | |
Dell PowerEdge r660xs | ||
All of | ||
Dell PowerEdge R760xs firmware | =1.4.4 | |
Dell PowerEdge R760xs firmware | ||
All of | ||
Dell PowerEdge r760xd2 | =1.4.4 | |
Dell PowerEdge r760xd2 firmware | ||
All of | ||
Dell PowerEdge t560 firmware | =1.4.4 | |
Dell PowerEdge t560 firmware | ||
All of | ||
Dell PowerEdge r760xa firmware | =1.4.4 | |
Dell PowerEdge r760xa firmware |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-44298 is considered high due to potential exploitation by an unauthenticated attacker.
To fix CVE-2023-44298, update the affected Dell PowerEdge firmware to the latest version available from Dell.
CVE-2023-44298 affects various Dell PowerEdge platforms with BIOS version 1.4.4.
CVE-2023-44298 could be exploited to perform information tampering, code execution, or denial of service attacks.
Remote access is not required to exploit CVE-2023-44298, as it can be exploited by an unauthenticated physical attacker.