Description

Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some code in System Management Mode, leading to arbitrary code execution or escalation of privilege.

Related CPE's

o

dell

edge_gateway_3200_firmware

-

Vulnerable

h

dell

edge_gateway_3200

-

o

dell

edge_gateway_5200_firmware

Vulnerable

h

dell

edge_gateway_5200

-

References

https://www.dell.com/support/kbdoc/en-in/000214917/dsa-2023-225-security-update-for-dell-bios-edge-gateway-5200-and-edge-gateway-3200

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-787

[email protected]

Secondary
CWE-787

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

8.2 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2024-07-10T03:15:02.193

3 months ago

Last modified

2024-09-26T12:15:02.800

3 weeks ago