CVE-2023-32460

Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.

Published: 2023-12-08 Last update: 2026-06-17 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2023-32460 is rated Low Risk (38.5/100): CVSS High severity, with low exploitation likelihood (EPSS 0.19%). Monitor for updates and reassess as exploit intelligence or EPSS changes.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2023-32460

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.04% 0.19% +0.15%
2 2026-03-02 0.05% 0.04% -0.01%
3 2025-11-21 0.05%

Full EPSS history (8 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2023-32460

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
8.8 3.1 HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Click to expand
Attack vector (AV:L)
They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:L)
A normal user session is enough; they don’t have to be admin.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:C)
Breaking this can reach past the original component and bite other resources—bigger blast radius.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:H)
They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
 2.0 6.0 [email protected]
7.8 3.1 HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Click to expand
Attack vector (AV:L)
They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:L)
A normal user session is enough; they don’t have to be admin.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:H)
They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
 1.8 5.9 [email protected]

Weakness enumeration for CVE-2023-32460

Affected software / configurations for CVE-2023-32460

Vendor Product Version Raw CPE
dell poweredge_r660_firmware < 1.6.6 cpe:2.3:o:dell:poweredge_r660_firmware:*:*:*:*:*:*:*:*
dell poweredge_r760_firmware < 1.6.6 cpe:2.3:o:dell:poweredge_r760_firmware:*:*:*:*:*:*:*:*
dell poweredge_c6620_firmware < 1.6.6 cpe:2.3:o:dell:poweredge_c6620_firmware:*:*:*:*:*:*:*:*
dell poweredge_mx760c_firmware < 1.6.6 cpe:2.3:o:dell:poweredge_mx760c_firmware:*:*:*:*:*:*:*:*
dell poweredge_r860_firmware < 1.6.6 cpe:2.3:o:dell:poweredge_r860_firmware:*:*:*:*:*:*:*:*
dell poweredge_r960_firmware < 1.6.6 cpe:2.3:o:dell:poweredge_r960_firmware:*:*:*:*:*:*:*:*
dell poweredge_hs5610_firmware < 1.6.6 cpe:2.3:o:dell:poweredge_hs5610_firmware:*:*:*:*:*:*:*:*
dell poweredge_hs5620_firmware < 1.6.6 cpe:2.3:o:dell:poweredge_hs5620_firmware:*:*:*:*:*:*:*:*
dell poweredge_r660xs_firmware < 1.6.6 cpe:2.3:o:dell:poweredge_r660xs_firmware:*:*:*:*:*:*:*:*
dell poweredge_r760xs_firmware < 1.6.6 cpe:2.3:o:dell:poweredge_r760xs_firmware:*:*:*:*:*:*:*:*
dell poweredge_r760xd2_firmware < 1.6.6 cpe:2.3:o:dell:poweredge_r760xd2_firmware:*:*:*:*:*:*:*:*
dell poweredge_t560_firmware < 1.6.6 cpe:2.3:o:dell:poweredge_t560_firmware:*:*:*:*:*:*:*:*
dell poweredge_r760xa_firmware < 1.6.6 cpe:2.3:o:dell:poweredge_r760xa_firmware:*:*:*:*:*:*:*:*
dell poweredge_xr5610_firmware < 1.6.6 cpe:2.3:o:dell:poweredge_xr5610_firmware:*:*:*:*:*:*:*:*
dell poweredge_xr8610t_firmware < 1.6.6 cpe:2.3:o:dell:poweredge_xr8610t_firmware:*:*:*:*:*:*:*:*
dell poweredge_xr8620t_firmware < 1.6.6 cpe:2.3:o:dell:poweredge_xr8620t_firmware:*:*:*:*:*:*:*:*
dell poweredge_r6615_firmware < 1.6.6 cpe:2.3:o:dell:poweredge_r6615_firmware:*:*:*:*:*:*:*:*
dell poweredge_r7615_firmware < 1.6.6 cpe:2.3:o:dell:poweredge_r7615_firmware:*:*:*:*:*:*:*:*
dell poweredge_xr7620_firmware < 1.6.6 cpe:2.3:o:dell:poweredge_xr7620_firmware:*:*:*:*:*:*:*:*
dell poweredge_xe8640_firmware < 1.3.6 cpe:2.3:o:dell:poweredge_xe8640_firmware:*:*:*:*:*:*:*:*
dell poweredge_xe9640_firmware < 1.3.6 cpe:2.3:o:dell:poweredge_xe9640_firmware:*:*:*:*:*:*:*:*
dell poweredge_xe9680_firmware < 1.3.6 cpe:2.3:o:dell:poweredge_xe9680_firmware:*:*:*:*:*:*:*:*
dell poweredge_r6625_firmware < 1.6.8 cpe:2.3:o:dell:poweredge_r6625_firmware:*:*:*:*:*:*:*:*
dell poweredge_r7625_firmware < 1.6.8 cpe:2.3:o:dell:poweredge_r7625_firmware:*:*:*:*:*:*:*:*
dell poweredge_c6615_firmware < 1.1.2 cpe:2.3:o:dell:poweredge_c6615_firmware:*:*:*:*:*:*:*:*
dell poweredge_r650_firmware < 1.12.1 cpe:2.3:o:dell:poweredge_r650_firmware:*:*:*:*:*:*:*:*
dell poweredge_r750_firmware < 1.12.1 cpe:2.3:o:dell:poweredge_r750_firmware:*:*:*:*:*:*:*:*
dell poweredge_r750xa_firmware < 1.12.1 cpe:2.3:o:dell:poweredge_r750xa_firmware:*:*:*:*:*:*:*:*
dell poweredge_c6520_firmware < 1.12.1 cpe:2.3:o:dell:poweredge_c6520_firmware:*:*:*:*:*:*:*:*
dell poweredge_mx750c_firmware < 1.12.1 cpe:2.3:o:dell:poweredge_mx750c_firmware:*:*:*:*:*:*:*:*
dell poweredge_r550_firmware < 1.12.1 cpe:2.3:o:dell:poweredge_r550_firmware:*:*:*:*:*:*:*:*
dell poweredge_r450_firmware < 1.12.1 cpe:2.3:o:dell:poweredge_r450_firmware:*:*:*:*:*:*:*:*
dell poweredge_r650xs_firmware < 1.12.1 cpe:2.3:o:dell:poweredge_r650xs_firmware:*:*:*:*:*:*:*:*
dell poweredge_r750xs_firmware < 1.12.1 cpe:2.3:o:dell:poweredge_r750xs_firmware:*:*:*:*:*:*:*:*
dell poweredge_t550_firmware < 1.12.1 cpe:2.3:o:dell:poweredge_t550_firmware:*:*:*:*:*:*:*:*
dell poweredge_xr11_firmware < 1.12.1 cpe:2.3:o:dell:poweredge_xr11_firmware:*:*:*:*:*:*:*:*
dell poweredge_xr12_firmware < 1.12.1 cpe:2.3:o:dell:poweredge_xr12_firmware:*:*:*:*:*:*:*:*
dell poweredge_t150_firmware < 1.8.1 cpe:2.3:o:dell:poweredge_t150_firmware:*:*:*:*:*:*:*:*
dell poweredge_t350_firmware < 1.8.1 cpe:2.3:o:dell:poweredge_t350_firmware:*:*:*:*:*:*:*:*
dell poweredge_r250_firmware < 1.8.1 cpe:2.3:o:dell:poweredge_r250_firmware:*:*:*:*:*:*:*:*
dell poweredge_r350_firmware < 1.8.1 cpe:2.3:o:dell:poweredge_r350_firmware:*:*:*:*:*:*:*:*
dell poweredge_xr4510c_firmware < 1.13.3 cpe:2.3:o:dell:poweredge_xr4510c_firmware:*:*:*:*:*:*:*:*
dell poweredge_xr4520c_firmware < 1.13.3 cpe:2.3:o:dell:poweredge_xr4520c_firmware:*:*:*:*:*:*:*:*
dell poweredge_r6515_firmware < 2.13.3 cpe:2.3:o:dell:poweredge_r6515_firmware:*:*:*:*:*:*:*:*
dell poweredge_r6525_firmware < 2.13.3 cpe:2.3:o:dell:poweredge_r6525_firmware:*:*:*:*:*:*:*:*
dell poweredge_r7515_firmware < 2.13.3 cpe:2.3:o:dell:poweredge_r7515_firmware:*:*:*:*:*:*:*:*
dell poweredge_r7525_firmware < 2.13.3 cpe:2.3:o:dell:poweredge_r7525_firmware:*:*:*:*:*:*:*:*
dell poweredge_c6525_firmware < 2.13.3 cpe:2.3:o:dell:poweredge_c6525_firmware:*:*:*:*:*:*:*:*
dell poweredge_xe8545_firmware < 2.13.3 cpe:2.3:o:dell:poweredge_xe8545_firmware:*:*:*:*:*:*:*:*
dell poweredge_r740_firmware < 2.20.1 cpe:2.3:o:dell:poweredge_r740_firmware:*:*:*:*:*:*:*:*
dell poweredge_r640_firmware < 2.20.1 cpe:2.3:o:dell:poweredge_r640_firmware:*:*:*:*:*:*:*:*
dell poweredge_r940_firmware < 2.20.1 cpe:2.3:o:dell:poweredge_r940_firmware:*:*:*:*:*:*:*:*
dell poweredge_r540_firmware < 2.20.1 cpe:2.3:o:dell:poweredge_r540_firmware:*:*:*:*:*:*:*:*
dell poweredge_r440_firmware < 2.20.1 cpe:2.3:o:dell:poweredge_r440_firmware:*:*:*:*:*:*:*:*
dell poweredge_t440_firmware < 2.20.1 cpe:2.3:o:dell:poweredge_t440_firmware:*:*:*:*:*:*:*:*
dell poweredge_xr2_firmware < 2.20.1 cpe:2.3:o:dell:poweredge_xr2_firmware:*:*:*:*:*:*:*:*
dell poweredge_r840_firmware < 2.20.1 cpe:2.3:o:dell:poweredge_r840_firmware:*:*:*:*:*:*:*:*
dell poweredge_t640_firmware < 2.20.1 cpe:2.3:o:dell:poweredge_t640_firmware:*:*:*:*:*:*:*:*
dell poweredge_c6420_firmware < 2.20.1 cpe:2.3:o:dell:poweredge_c6420_firmware:*:*:*:*:*:*:*:*
dell poweredge_fc640_firmware < 2.20.1 cpe:2.3:o:dell:poweredge_fc640_firmware:*:*:*:*:*:*:*:*
dell poweredge_m640_firmware < 2.20.1 cpe:2.3:o:dell:poweredge_m640_firmware:*:*:*:*:*:*:*:*
dell poweredge_c4140_firmware < 2.20.1 cpe:2.3:o:dell:poweredge_c4140_firmware:*:*:*:*:*:*:*:*
dell poweredge_mx740c_firmware < 2.20.1 cpe:2.3:o:dell:poweredge_mx740c_firmware:*:*:*:*:*:*:*:*
dell poweredge_mx840c_firmware < 2.20.1 cpe:2.3:o:dell:poweredge_mx840c_firmware:*:*:*:*:*:*:*:*
dell poweredge_r740xd_firmware < 2.20.1 cpe:2.3:o:dell:poweredge_r740xd_firmware:*:*:*:*:*:*:*:*
dell poweredge_r740xd2_firmware < 2.20.1 cpe:2.3:o:dell:poweredge_r740xd2_firmware:*:*:*:*:*:*:*:*
dell poweredge_r940xa_firmware < 2.20.1 cpe:2.3:o:dell:poweredge_r940xa_firmware:*:*:*:*:*:*:*:*
dell poweredge_xe2420_firmware < 2.20.0 cpe:2.3:o:dell:poweredge_xe2420_firmware:*:*:*:*:*:*:*:*
dell poweredge_xe7420_firmware < 2.20.0 cpe:2.3:o:dell:poweredge_xe7420_firmware:*:*:*:*:*:*:*:*
dell poweredge_xe7440_firmware < 2.20.0 cpe:2.3:o:dell:poweredge_xe7440_firmware:*:*:*:*:*:*:*:*
dell poweredge_t140_firmware < 2.15.1 cpe:2.3:o:dell:poweredge_t140_firmware:*:*:*:*:*:*:*:*
dell poweredge_t340_firmware < 2.15.1 cpe:2.3:o:dell:poweredge_t340_firmware:*:*:*:*:*:*:*:*
dell poweredge_r240_firmware < 2.15.1 cpe:2.3:o:dell:poweredge_r240_firmware:*:*:*:*:*:*:*:*
dell poweredge_r340_firmware < 2.15.1 cpe:2.3:o:dell:poweredge_r340_firmware:*:*:*:*:*:*:*:*
dell poweredge_r6415_firmware < 1.21.0 cpe:2.3:o:dell:poweredge_r6415_firmware:*:*:*:*:*:*:*:*
dell poweredge_r7415_firmware < 1.21.0 cpe:2.3:o:dell:poweredge_r7415_firmware:*:*:*:*:*:*:*:*
dell poweredge_r7425_firmware < 1.21.0 cpe:2.3:o:dell:poweredge_r7425_firmware:*:*:*:*:*:*:*:*
dell poweredge_r930_firmware < 2.13.0 cpe:2.3:o:dell:poweredge_r930_firmware:*:*:*:*:*:*:*:*
dell poweredge_r730_firmware < 2.18.1 cpe:2.3:o:dell:poweredge_r730_firmware:*:*:*:*:*:*:*:*
dell poweredge_r730xd_firmware < 2.18.1 cpe:2.3:o:dell:poweredge_r730xd_firmware:*:*:*:*:*:*:*:*

References for CVE-2023-32460

cvelogic Threat Intelligence