Operating System Command Injection in Dell Edge Gateway 5200
CVE-2022-34383

8.1HIGH

Key Information:

Vendor: Dell
Status: Edge Gateway 5200
Vendor: CVE Published:; 31 August 2022

What is CVE-2022-34383?

The Dell Edge Gateway 5200 (EGW) prior to version 1.03.10 contains a vulnerability that allows local malicious users to perform operating system command injection. By leveraging a System Management Interrupt (SMI), attackers can bypass Platform Management Controller (PMC) mitigation measures. This exploitation can lead to arbitrary code execution within the System Management Mode (SMM), creating significant security risks for affected devices.

Affected Version(s)

Edge Gateway 5200 < 1.03.10

References

https://www.dell.com/support/kbdoc/en-us/000202711

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 31, 2022
Vulnerability Reserved
Jun 23, 2022