Dell Edge Gateway BIOS Vulnerability
CVE-2023-32472

8.2HIGH

Key Information:

Vendor: Dell
Status: Powerswitch Z9664f-on BiOS
Vendor: CVE Published:; 10 July 2024

Summary

The Dell Edge Gateway BIOS for models 3200 and 5200 has a vulnerability that allows an authenticated local user with elevated privileges to exploit an out-of-bounds write condition. This could result in unintended exposure of sensitive code residing in the System Management Mode, which may lead to arbitrary code execution or the potential escalation of privileges within the affected system. It's essential for users of the affected products to apply the necessary security updates to mitigate these risks.

Affected Version(s)

PowerSwitch Z9664F-ON BIOS < N/A

References

https://www.dell.com/support/kbdoc/en-in/000214917/dsa-20...

vendor-advisory

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jul 10, 2024
Vulnerability Reserved
May 9, 2023

Credit

Dell Technologies would like to thank the BINARLY efiXplorer team for reporting these issues