Rewterz Threat Advisory – Multiple Dell PowerEdge Server BIOS Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2023-44297, CVE-2023-44298

Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS could allow a physically proximate attacker to execute arbitrary code on the system, caused by an active debug code security vulnerability. An attacker could exploit this vulnerability to execute arbitrary code on the system, tamper with information, or cause a denial of service.

Impact

• Code Execution

Indicators Of Compromise

CVE

• CVE-2023-44297
• CVE-2023-44298

Affected Vendors

Dell

Affected Products

• Dell PowerEdge R660 1.4.4
• Dell PowerEdge R760 1.4.4
• Dell PowerEdge R860 1.4.4
• Dell PowerEdge R960 1.4.4
• Dell PowerEdge T560 1.4.4
• Dell PowerEdge C6620 1.4.4
• Dell PowerEdge MX760c 1.4.4
• Dell PowerEdge HS5610 1.4.4
• Dell PowerEdge HS5620 1.4.4
• Dell PowerEdge R660xs 1.4.4
• Dell PowerEdge R760xs 1.4.4
• Dell PowerEdge R760xd2 1.4.4
• Dell PowerEdge R760xa 1.4.4

Remediation

Refer to Dell Security Advisory for patch, upgrade or suggested workaround information.

Dell Security Advisory