Skip to main content

Poweredge R660 Firmware CVE-2023-32460

HIGH
Missing Authentication for Critical Function (CWE-306)
2023-12-08 security_alert@emc.com
Privilege Escalation Dell Authentication Bypass Poweredge R660 Firmware Poweredge R760 Firmware Poweredge C6620 Firmware Poweredge Mx760C Firmware Poweredge R860 Firmware Poweredge R960 Firmware Poweredge Hs5610 Firmware Poweredge Hs5620 Firmware Poweredge R660Xs Firmware Poweredge R760Xs Firmware Poweredge R760Xd2 Firmware Poweredge T560 Firmware Poweredge R760Xa Firmware Poweredge Xr5610 Firmware Poweredge Xr8610T Firmware Poweredge Xr8620T Firmware Poweredge R6615 Firmware Poweredge R7615 Firmware Poweredge Xr7620 Firmware Poweredge Xe8640 Firmware Poweredge Xe9640 Firmware Poweredge Xe9680 Firmware Poweredge R6625 Firmware Poweredge R7625 Firmware Poweredge C6615 Firmware Poweredge R650 Firmware Poweredge R750 Firmware Poweredge R750Xa Firmware Poweredge C6520 Firmware Poweredge Mx750C Firmware Poweredge R550 Firmware Poweredge R450 Firmware Poweredge R650Xs Firmware Poweredge R750Xs Firmware Poweredge T550 Firmware Poweredge Xr11 Firmware Poweredge Xr12 Firmware Poweredge T150 Firmware Poweredge T350 Firmware Poweredge R250 Firmware Poweredge R350 Firmware Poweredge Xr4510C Firmware Poweredge Xr4520C Firmware Poweredge R6515 Firmware Poweredge R6525 Firmware Poweredge R7515 Firmware Poweredge R7525 Firmware Poweredge C6525 Firmware Poweredge Xe8545 Firmware Poweredge R740 Firmware Poweredge R640 Firmware Poweredge R940 Firmware Poweredge R540 Firmware Poweredge R440 Firmware Poweredge T440 Firmware Poweredge Xr2 Firmware Poweredge R840 Firmware Poweredge T640 Firmware Poweredge C6420 Firmware Poweredge Fc640 Firmware Poweredge M640 Firmware Poweredge C4140 Firmware Poweredge Mx740C Firmware Poweredge Mx840C Firmware Poweredge R740Xd Firmware Poweredge R740Xd2 Firmware Poweredge R940Xa Firmware Poweredge Xe2420 Firmware Poweredge Xe7420 Firmware Poweredge Xe7440 Firmware Poweredge T140 Firmware Poweredge T340 Firmware Poweredge R240 Firmware Poweredge R340 Firmware Poweredge R6415 Firmware Poweredge R7415 Firmware Poweredge R7425 Firmware Poweredge R930 Firmware Poweredge R730 Firmware Poweredge R730Xd Firmware Poweredge R630 Firmware Poweredge C4130 Firmware Poweredge M630 Firmware Poweredge Fc630 Firmware Poweredge Fc430 Firmware Poweredge M830 Firmware Poweredge Fc830 Firmware Poweredge T630 Firmware Poweredge R530 Firmware Poweredge R430 Firmware Poweredge T430 Firmware Poweredge C6320 Firmware Poweredge T130 Firmware Poweredge R230 Firmware Poweredge T330 Firmware Poweredge R330 Firmware Poweredge R830 Firmware Poweredge M640 Pe Vrtx Firmware Poweredge M630 Pe Vrtx Firmware Poweredge M830 Pe Vrtx Firmware Dss 8440 Firmware Nx3230 Firmware Nx3330 Firmware Nx430 Firmware Emc Storage Nx3240 Firmware Emc Storage Nx3340 Firmware Emc Nx440 Firmware Emc Xc Core Xc450 Firmware Emc Xc Core Xc650 Firmware Emc Xc Core Xc750 Firmware Emc Xc Core Xc750Xa Firmware Emc Xc Core Xc6520 Firmware Emc Xc Core Xcxr2 Firmware Emc Xc Core Xc740Xd2 Firmware Emc Xc Core Xc7525 Firmware Emc Xc Core 6420 Firmware Emc Xc Core Xc640 Firmware Emc Xc Core Xc740Xd Firmware Emc Xc Core Xc940 Firmware Xc Core Xc660 Firmware Xc Core Xc760 Firmware Xc6320 Hyperconverged Appliance Firmware Xc430 Hyperconverged Appliance Firmware Xc630 Hyperconverged Appliance Firmware Xc730 Hyperconverged Appliance Firmware Xc730Xd Hyperconverged Appliance Firmware
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 08, 2023 - 06:15 nvd
HIGH 7.8

DescriptionNVD

Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.

AnalysisAI

Dell PowerEdge BIOS contains an improper privilege management security vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Missing Authentication for Critical Function (CWE-306), which allows attackers to access critical functionality without authentication. Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation. Affected products include: Dell Poweredge R660 Firmware, Dell Poweredge R760 Firmware, Dell Poweredge C6620 Firmware, Dell Poweredge Mx760C Firmware, Dell Poweredge R860 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Require authentication for all sensitive operations, implement defense in depth.

Share

CVE-2023-32460 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy