CVE-2023-28075

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Published Aug 16, 2023
Updated: Aug 22, 2023
CWE ID 367

Summary

CVE-2023-28075 is a Time-of-check Time-of-use vulnerability affecting Dell BIOS. This issue allows a local authenticated attacker with physical access to the system to execute arbitrary code. By manipulating the timing of DMA transactions during a System Management Interrupt (SMI), an attacker can bypass BIOS checks and gain unauthorized control over the system. This vulnerability poses a significant risk to security, particularly in environments where system access is not closely monitored. Organizations are strongly encouraged to apply the available patches to mitigate this threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Dell Vostro 3480 Firmware
  • Dell Latitude 5420 Firmware
  • Dell Vostro 3583 Firmware
  • Dell Vostro 3581 Firmware
  • Dell Inspiron 3480 Firmware

Affected Vendors

  • Dell Technologies, Inc.