FKIE_CVE-2023-32471

Vulnerability from fkie_nvd - Published: 2024-07-24 08:15 - Updated: 2024-11-21 08:03
Severity ?
6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Summary
Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds read vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability to read contents of stack memory and use this information for further exploits.
References
security_alert@emc.comhttps://www.dell.com/support/kbdoc/en-us/000214917/dsa-2023-225-security-update-for-dell-bios-edge-gateway-5200-and-edge-gateway-3200Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.dell.com/support/kbdoc/en-us/000214917/dsa-2023-225-security-update-for-dell-bios-edge-gateway-5200-and-edge-gateway-3200Vendor Advisory
Impacted products
Vendor Product Version
dell edge_gateway_3200_firmware -
dell edge_gateway_3200 -
dell edge_gateway_5200_firmware -
dell edge_gateway_5200 -
dell precision_3930_rack_firmware -
dell precision_3930_rack -
dell optiplex_7080_firmware -
dell optiplex_7080 -
dell precision_5520_firmware -
dell precision_5520 -
dell inspiron_7460_firmware -
dell inspiron_7460 -
dell precision_5820_tower_firmware -
dell precision_5820_tower -
dell g5_5587_firmware -
dell g5_5587 -
dell g7_7588_firmware -
dell g7_7588 -
dell vostro_15_7580_firmware -
dell vostro_15_7580 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:edge_gateway_3200_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "44A5114F-DF4F-4E59-9644-079B266D3C7E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:edge_gateway_3200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBA59414-5A32-4706-85A5-D5459EE22BA5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:edge_gateway_5200_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A33717D-3EF1-4A63-B34A-495EE29ED512",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:edge_gateway_5200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6832A53-E950-4572-A178-CF5DC14CACC5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:precision_3930_rack_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A07DED87-9B3B-45DE-B9E7-BD1FE4D93C53",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:precision_3930_rack:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BEC8FAE-1E4E-48A1-8570-5F7A6FE67701",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:optiplex_7080_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6169425-876E-4EFE-8E59-FC3E654774F5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:optiplex_7080:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC8D3BF8-D39B-4137-AC10-79037CD2B1EF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:precision_5520_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0003FD82-34DB-4443-9661-A2130E23ABB9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:precision_5520:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBBFE522-7630-4BED-9B2C-2AC12CA693DE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:inspiron_7460_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "213B78DA-BCD2-4609-A3D4-E1F7043E8AE3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:inspiron_7460:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FFB8D95-2938-4B40-BA59-32BC194B5DC6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:precision_5820_tower_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "601988B3-86FB-4304-B8C7-3CB37FFCEBE7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:precision_5820_tower:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C2EC78F-36B6-4B73-96C9-EDC94F4CF4B2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:g5_5587_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C029E28D-DA7E-4CF8-BA0A-0130DBF4188E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:g5_5587:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4274911B-43DC-4827-AB0D-314ACCE5B26A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:g7_7588_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "83284EC7-748A-4E0F-83DD-F815CF0FB5D7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:g7_7588:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "269CF69F-0633-461A-A265-AB9728C40DA3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dell:vostro_15_7580_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "77293B25-DEB9-4FE3-ABA3-517107B668C1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dell:vostro_15_7580:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "089423B4-E489-4AAD-ABFA-4961DFC26C97",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds read vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability to read contents of stack memory and use this information for further exploits."
    },
    {
      "lang": "es",
      "value": "El BIOS de Dell Edge Gateway, versiones 3200 y 5200, contiene una vulnerabilidad de lectura fuera de los l\u00edmites. Un usuario malintencionado local autenticado con altos privilegios podr\u00eda explotar esta vulnerabilidad para leer el contenido de la memoria de la pila y utilizar esta informaci\u00f3n para futuras vulnerabilidades."
    }
  ],
  "id": "CVE-2023-32471",
  "lastModified": "2024-11-21T08:03:25.483",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 6.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.5,
        "impactScore": 4.0,
        "source": "security_alert@emc.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 6.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.5,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-07-24T08:15:02.393",
  "references": [
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.dell.com/support/kbdoc/en-us/000214917/dsa-2023-225-security-update-for-dell-bios-edge-gateway-5200-and-edge-gateway-3200"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.dell.com/support/kbdoc/en-us/000214917/dsa-2023-225-security-update-for-dell-bios-edge-gateway-5200-and-edge-gateway-3200"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "security_alert@emc.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.