Lucene search

CertccCVE-2013-3582

HistoryAug 28, 2013 - 1:13 p.m.

CVE-2013-3582

2013-08-2813:13:58

CWE-119

certcc

web.nvd.nist.gov

dell

bios

buffer overflow

cve-2013-3582

dell latitude

dell precision

security vulnerability

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

AI Score

6.9

Confidence

Low

EPSS

0.001

Percentile

37.1%

JSON

Buffer overflow in Dell BIOS on Dell Latitude D###, E####, XT2, and Z600 devices, and Dell Precision M#### devices, allows local users to bypass intended BIOS signing requirements and install arbitrary BIOS images by leveraging administrative privileges and providing a crafted rbu_packet.pktNum value in conjunction with a crafted rbu_packet.pktSize value.

Affected configurations

Nvd

Node

delllatitude_d530Match-

delllatitude_d531Match-

delllatitude_d630Match-

delllatitude_d631Match-

delllatitude_d830Match-

delllatitude_e4200Match-

delllatitude_e4300Match-

delllatitude_e5400Match-

delllatitude_e5500Match-

delllatitude_e6400Match-

delllatitude_e6400_atgMatch-

delllatitude_e6400_atg_xfrMatch-

delllatitude_e6500Match-

delllatitude_xt2Match-

delllatitude_z600Match-

dellprecision_m2300Match-

dellprecision_m2400Match-

dellprecision_m4300Match-

dellprecision_m4400Match-

dellprecision_m6300Match-

dellprecision_m6400Match-

dellprecision_m6500Match-

VendorProductVersionCPE
delllatitude_d530-cpe:2.3:h:dell:latitude_d530:-:*:*:*:*:*:*:*
delllatitude_d531-cpe:2.3:h:dell:latitude_d531:-:*:*:*:*:*:*:*
delllatitude_d630-cpe:2.3:h:dell:latitude_d630:-:*:*:*:*:*:*:*
delllatitude_d631-cpe:2.3:h:dell:latitude_d631:-:*:*:*:*:*:*:*
delllatitude_d830-cpe:2.3:h:dell:latitude_d830:-:*:*:*:*:*:*:*
delllatitude_e4200-cpe:2.3:h:dell:latitude_e4200:-:*:*:*:*:*:*:*
delllatitude_e4300-cpe:2.3:h:dell:latitude_e4300:-:*:*:*:*:*:*:*
delllatitude_e5400-cpe:2.3:h:dell:latitude_e5400:-:*:*:*:*:*:*:*
delllatitude_e5500-cpe:2.3:h:dell:latitude_e5500:-:*:*:*:*:*:*:*
delllatitude_e6400-cpe:2.3:h:dell:latitude_e6400:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	latitude_d530	-	cpe:2.3:h:dell:latitude_d530:-:::::::*
dell	latitude_d531	-	cpe:2.3:h:dell:latitude_d531:-:::::::*
dell	latitude_d630	-	cpe:2.3:h:dell:latitude_d630:-:::::::*
dell	latitude_d631	-	cpe:2.3:h:dell:latitude_d631:-:::::::*
dell	latitude_d830	-	cpe:2.3:h:dell:latitude_d830:-:::::::*
dell	latitude_e4200	-	cpe:2.3:h:dell:latitude_e4200:-:::::::*
dell	latitude_e4300	-	cpe:2.3:h:dell:latitude_e4300:-:::::::*
dell	latitude_e5400	-	cpe:2.3:h:dell:latitude_e5400:-:::::::*
dell	latitude_e5500	-	cpe:2.3:h:dell:latitude_e5500:-:::::::*
dell	latitude_e6400	-	cpe:2.3:h:dell:latitude_e6400:-:::::::*

Rows per page:

1-10 of 221

References

www.kb.cert.org/vuls/id/912156

www.kb.cert.org/vuls/id/BLUU-99HSLA

media.blackhat.com/us-13/US-13-Butterworth-BIOS-Security-Slides.pdf

media.blackhat.com/us-13/US-13-Butterworth-BIOS-Security-WP.pdf

www.blackhat.com/us-13/archives.html#Butterworth

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

AI Score

6.9

Confidence

Low

EPSS

0.001

Percentile

37.1%

JSON

Related for CVE-2013-3582