CVE-2013-3582

CVSS V2 High 7.6 CVSS V3 None
Description
Buffer overflow in Dell BIOS on Dell Latitude D###, E####, XT2, and Z600 devices, and Dell Precision M#### devices, allows local users to bypass intended BIOS signing requirements and install arbitrary BIOS images by leveraging administrative privileges and providing a crafted rbu_packet.pktNum value in conjunction with a crafted rbu_packet.pktSize value.
Overview
  • CVE ID
  • CVE-2013-3582
  • Assigner
  • cret@cert.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2013-08-28T13:13:58
  • Last Modified Date
  • 2013-10-07T18:04:28
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:h:dell:latitude_d530:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:dell:latitude_d531:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:dell:latitude_d630:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:dell:latitude_d631:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:dell:latitude_d830:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:dell:latitude_e4200:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:dell:latitude_e4300:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:dell:latitude_e5400:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:dell:latitude_e5500:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:dell:latitude_e6400:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:dell:latitude_e6400_atg:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:dell:latitude_e6400_atg_xfr:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:dell:latitude_e6500:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:dell:latitude_xt2:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:dell:latitude_z600:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:dell:precision_m2300:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:dell:precision_m2400:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:dell:precision_m4300:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:dell:precision_m4400:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:dell:precision_m6300:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:dell:precision_m6400:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:dell:precision_m6500:-:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:H/Au:N/C:C/I:C/A:C
  • Access Vector
  • NETWORK
  • Access Compatibility
  • HIGH
  • Authentication
  • NONE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • COMPLETE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 7.6
  • Severity
  • HIGH
  • Exploitability Score
  • 4.9
  • Impact Score
  • 10
History
Created Old Value New Value Data Type Notes
2022-05-10 10:42:04 Added to TrackCVE
2022-12-01 19:29:45 cert@cert.org cret@cert.org CVE Assigner updated
2022-12-01 19:29:45 2013-08-28T13:13Z 2013-08-28T13:13:58 CVE Published Date updated
2022-12-01 19:29:45 2013-10-07T18:04:28 CVE Modified Date updated
2022-12-01 19:29:45 Analyzed Vulnerability Status updated