CVE-2023-28075
CVSS 3.1 Score 6.3 of 10 (medium)
Details
Summary
CVE-2023-28075 is a Time-of-check Time-of-use vulnerability affecting Dell BIOS. This issue allows a local authenticated attacker with physical access to the system to execute arbitrary code. By manipulating the timing of DMA transactions during a System Management Interrupt (SMI), an attacker can bypass BIOS checks and gain unauthorized control over the system. This vulnerability poses a significant risk to security, particularly in environments where system access is not closely monitored. Organizations are strongly encouraged to apply the available patches to mitigate this threat.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Dell Vostro 3480 Firmware
- Dell Latitude 5420 Firmware
- Dell Vostro 3583 Firmware
- Dell Vostro 3581 Firmware
- Dell Inspiron 3480 Firmware
Affected Vendors
- Dell Technologies, Inc.