Dell Edge Gateway BIOS Vulnerability Could Lead to Arbitrary Code Execution
CVE-2023-32467

8.2HIGH

Key Information:

Vendor: Dell
Status: Powerswitch Z9664f-on BiOS
Vendor: CVE Published:; 10 July 2024

Summary

A local authenticated malicious user with elevated privileges may exploit an out-of-bounds write vulnerability present in the BIOS of the Dell Edge Gateway 3200 and 5200 models. This exploitation could lead to unintended exposure of UEFI code, potentially allowing the attacker to execute arbitrary code or escalate privileges on the affected systems. Such scenarios pose significant security risks to the integrity and confidentiality of the systems utilizing this affected BIOS version.

Affected Version(s)

PowerSwitch Z9664F-ON BIOS < N/A

References

https://www.dell.com/support/kbdoc/en-in/000214917/dsa-20...

vendor-advisory

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jul 10, 2024
Vulnerability Reserved
May 9, 2023

Credit

Dell Technologies would also like to thank yngweijw (Jiawei Yin) for reporting this issue

Dell Technologies would like to thank the BINARLY efiXplorer team for reporting these issues