SB2023051147 - Multiple vulnerabilities in Dell PowerEdge T30/T40 Mini Tower Server
Published: May 11, 2023
Security Bulletin ID
SB2023051147
Severity
Low
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2022-33894)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient input validation in the BIOS firmware. A local user can execute arbitrary code with escalated privileges.
2) Exposure of resource to wrong sphere (CVE-ID: CVE-2022-38087)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to exposure of resource to wrong sphere in BIOS firmware. A local user can gain access to sensitive information.
Remediation
Install update from vendor's website.
References
- https://www.dell.com/support/kbdoc/nl-nl/000213233/dsa-2023-163-security-update-for-dell-poweredge-t30-t40-mini-tower-server-for-intel-may-2023-security-advisories-2023-2-ipu"
- https://www.dell.com/support/kbdoc/nl-nl/000213233/dsa-2023-163-security-update-for-dell-poweredge-t30-t40-mini-tower-server-for-intel-may-2023-security-advisories-2023-2-ipu</a></p><p><a
- https://www.dell.com/support/home/product-support/product/poweredge-t40/drivers"
- https://www.dell.com/support/home/product-support/product/poweredge-t40/drivers</a></p><p>
- https://www.dell.com/support/home/product-support/product/poweredge-t30/drivers<br></p>