CVE-2023-32467

EUVD-2023-36711
Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some UEFI code, leading to arbitrary code execution or escalation of privilege.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
dellCNA
5.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
Affected Products (NVD)
VendorProductVersion
delledge_gateway_5000_firmware
0.1.19.0
delledge_gateway_5100_firmware
0.1.19.0
delledge_gateway_5200_firmware
𝑥
< 1.05.10
delledge_gateway_3200_firmware
-
dellxps_13_9350_firmware
0.1.13.0
dellchengming_3977_firmware
0.1.13.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.dell.com/support/kbdoc/en-in/000214917/dsa-2023-225-security-update-for-dell-bios-edge-gateway-5200-and-edge-gateway-3200
https://www.dell.com/support/kbdoc/en-in/000214917/dsa-2023-225-security-update-for-dell-bios-edge-gateway-5200-and-edge-gateway-3200