DellCVE-2023-32472CVE-2023-32472
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
9.2%
Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some code in System Management Mode, leading to arbitrary code execution or escalation of privilege.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| dell | edge_gateway_3200_firmware | - | cpe:2.3:o:dell:edge_gateway_3200_firmware:-:*:*:*:*:*:*:* |
| dell | edge_gateway_3200 | - | cpe:2.3:h:dell:edge_gateway_3200:-:*:*:*:*:*:*:* |
| dell | edge_gateway_5200_firmware | * | cpe:2.3:o:dell:edge_gateway_5200_firmware:*:*:*:*:*:*:*:* |
| dell | edge_gateway_5200 | - | cpe:2.3:h:dell:edge_gateway_5200:-:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "PowerSwitch Z9664F-ON BIOS",
"vendor": "Dell",
"versions": [
{
"lessThan": "v1.05.10",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
]Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
9.2%