Lucene search

[email protected]NVD:CVE-2022-34383

HistoryAug 31, 2022 - 8:15 p.m.

CVE-2022-34383

2022-08-3120:15:08

CWE-77

CWE-78

[email protected]

web.nvd.nist.gov

dell

edge gateway

command injection

8.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

13.3%

JSON

Dell Edge Gateway 5200 (EGW) versions before 1.03.10 contain an operating system command injection vulnerability. A local malicious user may potentially exploit this vulnerability by using an SMI to bypass PMC mitigation and gain arbitrary code execution during SMM.

Affected configurations

NVD

Node

delledge_gateway_5200Match-

AND

delledge_gateway_5200_firmwareRange<1.03.10

References

www.dell.com/support/kbdoc/en-us/000202711

8.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

13.3%

JSON

Related for NVD:CVE-2022-34383

cve1 cvelist1 prion1