Dell Edge Gateway BIOS Vulnerability Could Lead to Code Execution or Privilege Escalation
CVE-2023-32466

5.7MEDIUM

Key Information:

Vendor: Dell
Status: Dell Edge Gateway 3200
Vendor: CVE Published:; 24 July 2024

Summary

Affected versions of the Dell Edge Gateway BIOS, specifically versions 3200 and 5200, contain an out-of-bounds write vulnerability. This flaw could be exploited by a local authenticated user with elevated privileges, allowing for potential exposure of UEFI code. Such exploitation may result in arbitrary code execution and escalation of privileges within the affected systems, posing significant risks to the security and integrity of the devices.

Affected Version(s)

Dell Edge Gateway 3200 < N/A

References

https://www.dell.com/support/kbdoc/en-us/000214917/dsa-20...

vendor-advisory

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jul 24, 2024
Vulnerability Reserved
May 9, 2023

Credit

Dell Technologies would like to thank the BINARLY efiXplorer team for reporting these issues.