Vulnerability Details CVE-2013-3582
Buffer overflow in Dell BIOS on Dell Latitude D###, E####, XT2, and Z600 devices, and Dell Precision M#### devices, allows local users to bypass intended BIOS signing requirements and install arbitrary BIOS images by leveraging administrative privileges and providing a crafted rbu_packet.pktNum value in conjunction with a crafted rbu_packet.pktSize value.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 77.3%
CVSS Severity
CVSS v2 Score 7.6
References
- http://www.kb.cert.org/vuls/id/912156
- http://www.kb.cert.org/vuls/id/BLUU-99HSLA
- https://media.blackhat.com/us-13/US-13-Butterworth-BIOS-Security-Slides.pdf
- https://media.blackhat.com/us-13/US-13-Butterworth-BIOS-Security-WP.pdf
- https://www.blackhat.com/us-13/archives.html#Butterworth
- http://www.kb.cert.org/vuls/id/912156
- http://www.kb.cert.org/vuls/id/BLUU-99HSLA
- https://media.blackhat.com/us-13/US-13-Butterworth-BIOS-Security-Slides.pdf
- https://media.blackhat.com/us-13/US-13-Butterworth-BIOS-Security-WP.pdf
- https://www.blackhat.com/us-13/archives.html#Butterworth
Products affected by CVE-2013-3582
-
cpe:2.3:h:dell:latitude_d530:-
-
cpe:2.3:h:dell:latitude_d531:-
-
cpe:2.3:h:dell:latitude_d630:-
-
cpe:2.3:h:dell:latitude_d631:-
-
cpe:2.3:h:dell:latitude_d830:-
-
cpe:2.3:h:dell:latitude_e4200:-
-
cpe:2.3:h:dell:latitude_e4300:-
-
cpe:2.3:h:dell:latitude_e5400:-
-
cpe:2.3:h:dell:latitude_e5500:-
-
cpe:2.3:h:dell:latitude_e6400:-
-
cpe:2.3:h:dell:latitude_e6400_atg:-
-
cpe:2.3:h:dell:latitude_e6400_atg_xfr:-
-
cpe:2.3:h:dell:latitude_e6500:-
-
cpe:2.3:h:dell:latitude_xt2:-
-
cpe:2.3:h:dell:latitude_z600:-
-
cpe:2.3:h:dell:precision_m2300:-
-
cpe:2.3:h:dell:precision_m2400:-
-
cpe:2.3:h:dell:precision_m4300:-
-
cpe:2.3:h:dell:precision_m4400:-
-
cpe:2.3:h:dell:precision_m6300:-
-
cpe:2.3:h:dell:precision_m6400:-
-
cpe:2.3:h:dell:precision_m6500:-