CVE-2023-28064

4.6

MEDIUM

Dell BIOS Out-of-bounds Write Vulnerability

Description

Dell BIOS contains an Out-of-bounds Write vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability, leading to denial of service.

INFO

Published Date :

June 23, 2023, 11:15 a.m.

Last Modified :

June 30, 2023, 9:18 p.m.

Source :

[email protected]

Remotely Exploitable :

No

Impact Score :

3.6

Exploitability Score :

0.9

Affected Products

The following products are affected by CVE-2023-28064 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID	Vendor	Product
1	Dell	cpg_bios
2	Dell	alienware_m15_r6_firmware
3	Dell	alienware_m15_r7_firmware
4	Dell	chengming_3900_firmware
5	Dell	chengming_3901_firmware
6	Dell	g15_5510_firmware
7	Dell	g15_5511_firmware
8	Dell	g15_5520_firmware
9	Dell	inspiron_14_5410_firmware
10	Dell	inspiron_14_5418_firmware
11	Dell	inspiron_14_plus_7420_firmware
12	Dell	inspiron_15_3511_firmware
13	Dell	inspiron_15_5510_firmware
14	Dell	inspiron_15_5518_firmware
15	Dell	inspiron_16_7620_2-in-1_firmware
16	Dell	inspiron_16_plus_7620_firmware
17	Dell	inspiron_3511_firmware
18	Dell	inspiron_3520_firmware
19	Dell	inspiron_3891_firmware
20	Dell	inspiron_3910_firmware
21	Dell	inspiron_5310_firmware
22	Dell	inspiron_5320_firmware
23	Dell	inspiron_5410_firmware
24	Dell	inspiron_5420_firmware
25	Dell	inspiron_5620_firmware
26	Dell	inspiron_7420_firmware
27	Dell	inspiron_7510_firmware
28	Dell	inspiron_7610_firmware
29	Dell	latitude_3120_firmware
30	Dell	latitude_3320_firmware
31	Dell	latitude_3330_firmware
32	Dell	latitude_3420_firmware
33	Dell	latitude_3430_firmware
34	Dell	latitude_3520_firmware
35	Dell	latitude_3530_firmware
36	Dell	latitude_5320_firmware
37	Dell	latitude_5330_firmware
38	Dell	latitude_5520_firmware
39	Dell	latitude_5530_firmware
40	Dell	latitude_5531_firmware
41	Dell	latitude_7330_firmware
42	Dell	latitude_7430_firmware
43	Dell	latitude_7530_firmware
44	Dell	latitude_rugged_5430_firmware
45	Dell	latitude_rugged_7330_firmware
46	Dell	optiplex_3000_firmware
47	Dell	optiplex_5000_firmware
48	Dell	optiplex_5400_firmware
49	Dell	optiplex_7000_firmware
50	Dell	optiplex_7000_oem_firmware
51	Dell	optiplex_7400_firmware
52	Dell	optiplex_7410_all-in-one_firmware
53	Dell	precision_3560_firmware
54	Dell	precision_3570_firmware
55	Dell	precision_3571_firmware
56	Dell	precision_5760_firmware
57	Dell	precision_5770_firmware
58	Dell	vostro_3420_firmware
59	Dell	vostro_3510_firmware
60	Dell	vostro_3520_firmware
61	Dell	vostro_3910_firmware
62	Dell	vostro_5310_firmware
63	Dell	vostro_5320_firmware
64	Dell	vostro_5410_firmware
65	Dell	vostro_5510_firmware
66	Dell	vostro_5620_firmware
67	Dell	vostro_7510_firmware
68	Dell	vostro_7620_firmware
69	Dell	xps_13_9315_2-in-1_firmware
70	Dell	xps_17_9710_firmware
71	Dell	xps_17_9720_firmware

: Total Affected Vendor : 1 | Products : 71

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2023-28064.

URL	Resource
https://www.dell.com/support/kbdoc/en-us/000214778/dsa-2023-174-dell-client-bios-security-update-for-an-out-of-bounds-write-vulnerability	Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2023-28064 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2023-28064 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

CVE Modified by [email protected]

May. 14, 2024

Action Type Old Value New Value

Initial Analysis by [email protected]

Jun. 30, 2023

Action	Type	Old Value	New Value
Added	CVSS V3.1		NIST AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Changed	Reference Type	https://www.dell.com/support/kbdoc/en-us/000214778/dsa-2023-174-dell-client-bios-security-update-for-an-out-of-bounds-write-vulnerability No Types Assigned	https://www.dell.com/support/kbdoc/en-us/000214778/dsa-2023-174-dell-client-bios-security-update-for-an-out-of-bounds-write-vulnerability Vendor Advisory
Added	CPE Configuration		AND OR cpe:2.3:o:dell:alienware_m15_r6_firmware::::::::* versions up to (excluding) 1.22.1 OR cpe:2.3:h:dell:alienware_m15_r6:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:alienware_m15_r7_firmware::::::::* versions up to (excluding) 1.17.0 OR cpe:2.3:h:dell:alienware_m15_r7:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:chengming_3900_firmware::::::::* versions up to (excluding) 1.13.0 OR cpe:2.3:h:dell:chengming_3900:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:chengming_3901_firmware::::::::* versions up to (excluding) 1.13.0 OR cpe:2.3:h:dell:chengming_3901:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:g15_5510_firmware::::::::* versions up to (excluding) 1.19.0 OR cpe:2.3:h:dell:g15_5510:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:g15_5511_firmware::::::::* versions up to (excluding) 1.22.1 OR cpe:2.3:h:dell:g15_5511:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:g15_5520_firmware::::::::* versions up to (excluding) 1.17.0 OR cpe:2.3:h:dell:g15_5520:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:inspiron_14_5418_firmware::::::::* versions up to (excluding) 2.19.1 OR cpe:2.3:h:dell:inspiron_14_5418:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:inspiron_14_5410_firmware::::::::* versions up to (excluding) 2.19.1 OR cpe:2.3:h:dell:inspiron_14_5410:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:inspiron_14_plus_7420_firmware::::::::* versions up to (excluding) 1.13.0 OR cpe:2.3:h:dell:inspiron_14_plus_7420:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:inspiron_15_3511_firmware::::::::* versions up to (excluding) 1.22.1 OR cpe:2.3:h:dell:inspiron_15_3511:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:inspiron_15_5510_firmware::::::::* versions up to (excluding) 2.19.1 OR cpe:2.3:h:dell:inspiron_15_5510:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:inspiron_15_5518_firmware::::::::* versions up to (excluding) 2.19.1 OR cpe:2.3:h:dell:inspiron_15_5518:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:inspiron_16_7620_2-in-1_firmware::::::::* versions up to (excluding) 1.12.1 OR cpe:2.3:h:dell:inspiron_16_7620_2-in-1:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:inspiron_16_plus_7620_firmware::::::::* versions up to (excluding) 1.13.0 OR cpe:2.3:h:dell:inspiron_16_plus_7620:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:inspiron_3511_firmware::::::::* versions up to (excluding) 1.22.1 OR cpe:2.3:h:dell:inspiron_3511:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:inspiron_3520_firmware::::::::* versions up to (excluding) 1.15.0 OR cpe:2.3:h:dell:inspiron_3520:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:inspiron_3891_firmware::::::::* versions up to (excluding) 1.18.1 OR cpe:2.3:h:dell:inspiron_3891:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:inspiron_3910_firmware::::::::* versions up to (excluding) 1.13.0 OR cpe:2.3:h:dell:inspiron_3910:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:inspiron_5310_firmware::::::::* versions up to (excluding) 2.20.1 OR cpe:2.3:h:dell:inspiron_5310:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:inspiron_5320_firmware::::::::* versions up to (excluding) 1.11.1 OR cpe:2.3:h:dell:inspiron_5320:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:inspiron_5410_firmware::::::::* versions up to (excluding) 2.19.1 OR cpe:2.3:h:dell:inspiron_5410:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:inspiron_5420_firmware::::::::* versions up to (excluding) 1.14.1 OR cpe:2.3:h:dell:inspiron_5420:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:inspiron_5620_firmware::::::::* versions up to (excluding) 1.14.1 OR cpe:2.3:h:dell:inspiron_5620:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:inspiron_7420_firmware::::::::* versions up to (excluding) 1.12.1 OR cpe:2.3:h:dell:inspiron_7420:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:inspiron_7510_firmware::::::::* versions up to (excluding) 1.16.1 OR cpe:2.3:h:dell:inspiron_7510:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:inspiron_7610_firmware::::::::* versions up to (excluding) 1.16.1 OR cpe:2.3:h:dell:inspiron_7610:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:latitude_3120_firmware::::::::* versions up to (excluding) 1.17.2 OR cpe:2.3:h:dell:latitude_3120:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:latitude_3320_firmware::::::::* versions up to (excluding) 1.22.2 OR cpe:2.3:h:dell:latitude_3320:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:latitude_3330_firmware::::::::* versions up to (excluding) 1.13.0 OR cpe:2.3:h:dell:latitude_3330:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:latitude_3420_firmware::::::::* versions up to (excluding) 1.29.0 OR cpe:2.3:h:dell:latitude_3420:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:latitude_3430_firmware::::::::* versions up to (excluding) 1.10.1 OR cpe:2.3:h:dell:latitude_3430:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:latitude_3520_firmware::::::::* versions up to (excluding) 1.29.0 OR cpe:2.3:h:dell:latitude_3520:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:latitude_3530_firmware::::::::* versions up to (excluding) 1.10.1 OR cpe:2.3:h:dell:latitude_3530:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:latitude_5320_firmware::::::::* versions up to (excluding) 1.28.1 OR cpe:2.3:h:dell:latitude_5320:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:latitude_5330_firmware::::::::* versions up to (excluding) 1.13.1 OR cpe:2.3:h:dell:latitude_5330:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:latitude_5520_firmware::::::::* versions up to (excluding) 1.28.1 OR cpe:2.3:h:dell:latitude_5520:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:latitude_5530_firmware::::::::* versions up to (excluding) 1.13.2 OR cpe:2.3:h:dell:latitude_5530:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:latitude_5531_firmware::::::::* versions up to (excluding) 1.14.1 OR cpe:2.3:h:dell:latitude_5531:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:latitude_7330_firmware::::::::* versions up to (excluding) 1.14.1 OR cpe:2.3:h:dell:latitude_7330:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:latitude_7430_firmware::::::::* versions up to (excluding) 1.14.1 OR cpe:2.3:h:dell:latitude_7430:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:latitude_7530_firmware::::::::* versions up to (excluding) 1.14.1 OR cpe:2.3:h:dell:latitude_7530:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:latitude_rugged_5430_firmware::::::::* versions up to (excluding) 1.18.1 OR cpe:2.3:h:dell:latitude_rugged_5430:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:latitude_rugged_7330_firmware::::::::* versions up to (excluding) 1.18.1 OR cpe:2.3:h:dell:latitude_rugged_7330:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:optiplex_3000_firmware::::::::* versions up to (excluding) 1.13.1 OR cpe:2.3:h:dell:optiplex_3000:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:optiplex_5000_firmware::::::::* versions up to (excluding) 1.13.1 OR cpe:2.3:h:dell:optiplex_5000:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:optiplex_5400_firmware::::::::* versions up to (excluding) 1.1.28 OR cpe:2.3:h:dell:optiplex_5400:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:optiplex_7000_firmware::::::::* versions up to (excluding) 1.13.1 OR cpe:2.3:h:dell:optiplex_7000:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:optiplex_7000_oem_firmware::::::::* versions up to (excluding) 1.13.1 OR cpe:2.3:h:dell:optiplex_7000_oem:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:optiplex_7400_firmware::::::::* versions up to (excluding) 1.1.28 OR cpe:2.3:h:dell:optiplex_7400:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:optiplex_7410_all-in-one_firmware::::::::* versions up to (excluding) 1.4.1 OR cpe:2.3:h:dell:optiplex_7410_all-in-one:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:precision_3560_firmware::::::::* versions up to (excluding) 1.28.1 OR cpe:2.3:h:dell:precision_3560:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:precision_3570_firmware::::::::* versions up to (excluding) 1.13.2 OR cpe:2.3:h:dell:precision_3570:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:precision_3571_firmware::::::::* versions up to (excluding) 1.14.1 OR cpe:2.3:h:dell:precision_3571:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:precision_5760_firmware::::::::* versions up to (excluding) 1.20.1 OR cpe:2.3:h:dell:precision_5760:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:precision_5770_firmware::::::::* versions up to (excluding) 1.17.1 OR cpe:2.3:h:dell:precision_5770:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:vostro_3420_firmware::::::::* versions up to (excluding) 1.15.0 OR cpe:2.3:h:dell:vostro_3420:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:vostro_3510_firmware::::::::* versions up to (excluding) 1.22.1 OR cpe:2.3:h:dell:vostro_3510:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:vostro_3520_firmware::::::::* versions up to (excluding) 1.15.0 OR cpe:2.3:h:dell:vostro_3520:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:vostro_3910_firmware::::::::* versions up to (excluding) 1.13.0 OR cpe:2.3:h:dell:vostro_3910:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:vostro_5310_firmware::::::::* versions up to (excluding) 2.20.1 OR cpe:2.3:h:dell:vostro_5310:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:vostro_5320_firmware::::::::* versions up to (excluding) 1.11.1 OR cpe:2.3:h:dell:vostro_5320:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:vostro_5410_firmware::::::::* versions up to (excluding) 2.19.1 OR cpe:2.3:h:dell:vostro_5410:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:vostro_5510_firmware::::::::* versions up to (excluding) 2.19.1 OR cpe:2.3:h:dell:vostro_5510:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:vostro_5620_firmware::::::::* versions up to (excluding) 1.14.1 OR cpe:2.3:h:dell:vostro_5620:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:vostro_7510_firmware::::::::* versions up to (excluding) 1.16.1 OR cpe:2.3:h:dell:vostro_7510:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:vostro_7620_firmware::::::::* versions up to (excluding) 1.13.0 OR cpe:2.3:h:dell:vostro_7620:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:xps_13_9315_2-in-1_firmware::::::::* versions up to (excluding) 1.8.1 OR cpe:2.3:h:dell:xps_13_9315_2-in-1:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:xps_17_9710_firmware::::::::* versions up to (excluding) 1.20.1 OR cpe:2.3:h:dell:xps_17_9710:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:dell:xps_17_9720_firmware::::::::* versions up to (excluding) 1.17.1 OR cpe:2.3:h:dell:xps_17_9720:-:::::::*

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.

CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2023-28064 is associated with the following CWEs:

CWE-787: Out-of-bounds Write

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2023-28064 weaknesses.

CVE-2023-28064

Dell BIOS Out-of-bounds Write Vulnerability

Description

INFO

June 23, 2023, 11:15 a.m.

June 30, 2023, 9:18 p.m.

[email protected]

No

3.6

0.9

Affected Products

References to Advisories, Solutions, and Tools

CVE Modified by [email protected]

Initial Analysis by [email protected]

CWE - Common Weakness Enumeration

Common Attack Pattern Enumeration and Classification (CAPEC)

Exploit Prediction

0.05 }} 0.00%

0.15205

CVSS31 - Vulnerability Scoring System

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable