7.6
HIGH
CVE-2023-32475
Dell BIOS Denial of Integrity
Description

Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially bypass security mechanisms to run arbitrary code on the system.

INFO

Published Date :

June 7, 2024, 3:15 a.m.

Last Modified :

Nov. 21, 2024, 8:03 a.m.

Remotely Exploitable :

No

Impact Score :

6.0

Exploitability Score :

0.9
Affected Products

The following products are affected by CVE-2023-32475 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Dell cpg_bios
2 Dell inspiron_3505_firmware
3 Dell inspiron_5405_firmware
4 Dell inspiron_5415_firmware
5 Dell inspiron_5505_firmware
6 Dell inspiron_5515_firmware
7 Dell inspiron_7405_2-in-1_firmware
8 Dell vostro_3405_firmware
9 Dell vostro_5415_firmware
10 Dell vostro_5515_firmware
11 Dell g15_5515_firmware
12 Dell inspiron_14_5425_firmware
13 Dell g15_5525_firmware
14 Dell vostro_5625_firmware
15 Dell alienware_m15_ryzen_edition_r5_firmware
16 Dell alienware_m18_firmware
17 Dell alienware_aurora_r10_firmware
18 Dell alienware_m17_r5_amd_firmware
19 Dell alienware_aurora_r15_amd_firmware
20 Dell alienware_aurora_r15_amd
21 Dell alienware_aurora_ryzen_edition_r14_firmware
22 Dell alienware_aurora_ryzen_edition_r14
23 Dell alienware_aurora_r10
24 Dell vostro_5625
25 Dell vostro_5515
26 Dell vostro_5415
27 Dell vostro_3405
28 Dell vostro_16_5635_firmware
29 Dell vostro_16_5635
30 Dell vostro_15_3535_firmware
31 Dell vostro_15_3535
32 Dell vostro_15_3525_firmware
33 Dell vostro_15_3525
34 Dell vostro_15_3515_firmware
35 Dell vostro_15_3515
36 Dell vostro_14_3435_firmware
37 Dell vostro_14_3435
38 Dell vostro_14_3425_firmware
39 Dell vostro_14_3425
40 Dell inspiron_7415_2-in-1_firmware
41 Dell inspiron_7415_2-in-1
42 Dell inspiron_7405_2-in-1
43 Dell inspiron_5515
44 Dell inspiron_5505
45 Dell inspiron_5415
46 Dell inspiron_5405
47 Dell inspiron_3505
48 Dell inspiron_24_5415_all-in-one_firmware
49 Dell inspiron_24_5415_all-in-one
50 Dell inspiron_16_7635_2-in-1_firmware
51 Dell inspiron_16_7635_2-in-1
52 Dell inspiron_16_5635_firmware
53 Dell inspiron_16_5635
54 Dell inspiron_16_5625_firmware
55 Dell inspiron_16_5625
56 Dell inspiron_15_3535_firmware
57 Dell inspiron_15_3535
58 Dell inspiron_15_3525_firmware
59 Dell inspiron_15_3525
60 Dell inspiron_15_3515_firmware
61 Dell inspiron_15_3515
62 Dell inspiron_14_7435_2-in-1_firmware
63 Dell inspiron_14_7435_2-in-1
64 Dell inspiron_14_7425_2-in-1_firmware
65 Dell inspiron_14_7425_2-in-1
66 Dell inspiron_14_5435_firmware
67 Dell inspiron_14_5435
68 Dell inspiron_14_5425
69 Dell g5_5505_firmware
70 Dell g5_5505
71 Dell g15_5535_firmware
72 Dell g15_5535
73 Dell g15_5525
74 Dell g15_5515
75 Dell alienware_m18
76 Dell alienware_m17_r5_amd
77 Dell alienware_m16_r1_amd_firmware
78 Dell alienware_m16_r1_amd
79 Dell alienware_m15_ryzen_edition_r5
80 Dell alienware_m15_r7_amd_firmware
81 Dell alienware_m15_r7_amd
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2023-32475.

URL Resource
https://www.dell.com/support/kbdoc/en-us/000215644/dsa-2023-222-security-update-for-an-amd-bios-vulnerability Vendor Advisory
https://www.dell.com/support/kbdoc/en-us/000215644/dsa-2023-222-security-update-for-an-amd-bios-vulnerability Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2023-32475 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2023-32475 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference https://www.dell.com/support/kbdoc/en-us/000215644/dsa-2023-222-security-update-for-an-amd-bios-vulnerability
  • Initial Analysis by [email protected]

    Oct. 29, 2024

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
    Changed Reference Type https://www.dell.com/support/kbdoc/en-us/000215644/dsa-2023-222-security-update-for-an-amd-bios-vulnerability No Types Assigned https://www.dell.com/support/kbdoc/en-us/000215644/dsa-2023-222-security-update-for-an-amd-bios-vulnerability Vendor Advisory
    Added CPE Configuration AND OR *cpe:2.3:o:dell:vostro_5625_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.13.0 OR cpe:2.3:h:dell:vostro_5625:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:vostro_5515_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.19.0 OR cpe:2.3:h:dell:vostro_5515:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:vostro_5415_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.19.0 OR cpe:2.3:h:dell:vostro_5415:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:vostro_3405_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.16.0 OR cpe:2.3:h:dell:vostro_3405:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:vostro_16_5635_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.8.0 OR cpe:2.3:h:dell:vostro_16_5635:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:vostro_15_3535_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.12.0 OR cpe:2.3:h:dell:vostro_15_3535:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:vostro_15_3525_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.15.1 OR cpe:2.3:h:dell:vostro_15_3525:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:vostro_15_3515_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.16.0 OR cpe:2.3:h:dell:vostro_15_3515:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:vostro_14_3435_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.12.0 OR cpe:2.3:h:dell:vostro_14_3435:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:vostro_14_3425_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.15.1 OR cpe:2.3:h:dell:vostro_14_3425:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:inspiron_7415_2-in-1_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.19.0 OR cpe:2.3:h:dell:inspiron_7415_2-in-1:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:inspiron_7405_2-in-1_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.15.0 OR cpe:2.3:h:dell:inspiron_7405_2-in-1:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:inspiron_5515_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.19.0 OR cpe:2.3:h:dell:inspiron_5515:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:inspiron_5505_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.14.0 OR cpe:2.3:h:dell:inspiron_5505:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:inspiron_5415_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.19.0 OR cpe:2.3:h:dell:inspiron_5415:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:inspiron_5405_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.14.0 OR cpe:2.3:h:dell:inspiron_5405:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:inspiron_3505_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.16.0 OR cpe:2.3:h:dell:inspiron_3505:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:inspiron_24_5415_all-in-one_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.17.0 OR cpe:2.3:h:dell:inspiron_24_5415_all-in-one:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:inspiron_16_7635_2-in-1_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.8.0 OR cpe:2.3:h:dell:inspiron_16_7635_2-in-1:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:inspiron_16_5635_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.8.0 OR cpe:2.3:h:dell:inspiron_16_5635:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:inspiron_16_5625_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.13.0 OR cpe:2.3:h:dell:inspiron_16_5625:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:inspiron_15_3535_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.12.0 OR cpe:2.3:h:dell:inspiron_15_3535:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:inspiron_15_3525_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.15.1 OR cpe:2.3:h:dell:inspiron_15_3525:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:inspiron_15_3515_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.16.0 OR cpe:2.3:h:dell:inspiron_15_3515:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:inspiron_14_7435_2-in-1_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.8.0 OR cpe:2.3:h:dell:inspiron_14_7435_2-in-1:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:inspiron_14_7425_2-in-1_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.13.0 OR cpe:2.3:h:dell:inspiron_14_7425_2-in-1:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:inspiron_14_5435_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.8.0 OR cpe:2.3:h:dell:inspiron_14_5435:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:inspiron_14_5425_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.13.0 OR cpe:2.3:h:dell:inspiron_14_5425:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:g5_5505_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.18.0 OR cpe:2.3:h:dell:g5_5505:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:g15_5535_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.5.0 OR cpe:2.3:h:dell:g15_5535:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:g15_5525_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.15.0 OR cpe:2.3:h:dell:g15_5525:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:g15_5515_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.15.0 OR cpe:2.3:h:dell:g15_5515:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:alienware_m18_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.9.0 OR cpe:2.3:h:dell:alienware_m18:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:alienware_m17_r5_amd_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.15.0 OR cpe:2.3:h:dell:alienware_m17_r5_amd:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:alienware_m16_r1_amd_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.9.0 OR cpe:2.3:h:dell:alienware_m16_r1_amd:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:alienware_m15_ryzen_edition_r5_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.16.0 OR cpe:2.3:h:dell:alienware_m15_ryzen_edition_r5:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:alienware_m15_r7_amd_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.15.0 OR cpe:2.3:h:dell:alienware_m15_r7_amd:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:alienware_aurora_ryzen_edition_r14_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 2.16.0 OR cpe:2.3:h:dell:alienware_aurora_ryzen_edition_r14:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:alienware_aurora_r15_amd_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.13.0 OR cpe:2.3:h:dell:alienware_aurora_r15_amd:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:dell:alienware_aurora_r10_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 2.6.0 OR cpe:2.3:h:dell:alienware_aurora_r10:-:*:*:*:*:*:*:*
  • CVE Received by [email protected]

    Jun. 07, 2024

    Action Type Old Value New Value
    Added Description Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially bypass security mechanisms to run arbitrary code on the system.
    Added Reference Dell https://www.dell.com/support/kbdoc/en-us/000215644/dsa-2023-222-security-update-for-an-amd-bios-vulnerability [No types assigned]
    Added CWE Dell CWE-353
    Added CVSS V3.1 Dell AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2023-32475 is associated with the following CWEs:

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability