Lucene search

[email protected]CVE-2022-34383

HistoryAug 31, 2022 - 8:15 p.m.

CVE-2022-34383

2022-08-3120:15:08

CWE-78

CWE-77

[email protected]

web.nvd.nist.gov

dell

edge gateway

egw

cve-2022-34383

command injection

vulnerability

nvd

8.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.2%

JSON

Dell Edge Gateway 5200 (EGW) versions before 1.03.10 contain an operating system command injection vulnerability. A local malicious user may potentially exploit this vulnerability by using an SMI to bypass PMC mitigation and gain arbitrary code execution during SMM.

Affected configurations

NVD

Node

delledge_gateway_5200Match-

AND

delledge_gateway_5200_firmwareRange<1.03.10

CPENameOperatorVersion
dell:edge_gateway_5200_firmwaredell edge gateway 5200 firmwarelt1.03.10

CPE	Name	Operator	Version
dell:edge_gateway_5200_firmware	dell edge gateway 5200 firmware	lt	1.03.10

CNA Affected

[
  {
    "product": "Edge Gateway 5200",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "1.03.10",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000202711

Social References

8.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.2%

JSON

Related for CVE-2022-34383

prion1 nvd1 cvelist1