CVE-2024-38296

EUVD-2024-37710
Dell Edge Gateway 3200, versions prior to 15.40.30.2879, and Edge Gateway 5200, versions prior to 12.0.94.2380, contain an Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 9%
Affected Products (NVD)
VendorProductVersion
dellintel_management_engine_firmware_update_utility
𝑥
< 15.40.30.2879
dellintel_management_engine_firmware_update_utility
𝑥
< 12.0.94.2380
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
delledge_gateway_5200_firmware
𝑥
< 12.0.94.2380
ADP
References
https://www.dell.com/support/kbdoc/en-us/000250949/dsa-2024-345-security-update-for-dell-networking-edge-gateway-5200-vulnerability