CVE-2023-32471

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-32471
Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds read vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability to read contents of stack memory and use this information for further exploits.

6.0 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.5 / Impact : 4.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://www.dell.com/support/kbdoc/en-us/000214917/dsa-2023-225-security-update-for-dell-bios-edge-gateway-5200-and-edge-gateway-3200 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dell:edge_gateway_3200_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:edge_gateway_3200:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:dell:edge_gateway_5200_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:edge_gateway_5200:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:dell:precision_3930_rack_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_3930_rack:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:dell:optiplex_7080_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_7080:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:dell:precision_5520_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_5520:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:dell:inspiron_7460_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_7460:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:dell:precision_5820_tower_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_5820_tower:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:dell:g5_5587_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:g5_5587:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:dell:g7_7588_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:g7_7588:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:dell:vostro_15_7580_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_15_7580:-:*:*:*:*:*:*:*
History

11 Sep 2024, 13:50

Type Values Removed Values Added
First Time Dell edge Gateway 5200 Firmware
Dell inspiron 7460
Dell g5 5587
Dell precision 5520
Dell g7 7588 Firmware
Dell optiplex 7080
Dell
Dell vostro 15 7580 Firmware
Dell precision 5820 Tower Firmware
Dell vostro 15 7580
Dell precision 5520 Firmware
Dell edge Gateway 3200
Dell g5 5587 Firmware
Dell inspiron 7460 Firmware
Dell edge Gateway 3200 Firmware
Dell precision 3930 Rack
Dell optiplex 7080 Firmware
Dell precision 3930 Rack Firmware
Dell edge Gateway 5200
Dell g7 7588
Dell precision 5820 Tower
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.0
References () https://www.dell.com/support/kbdoc/en-us/000214917/dsa-2023-225-security-update-for-dell-bios-edge-gateway-5200-and-edge-gateway-3200 - () https://www.dell.com/support/kbdoc/en-us/000214917/dsa-2023-225-security-update-for-dell-bios-edge-gateway-5200-and-edge-gateway-3200 - Vendor Advisory
CPE cpe:2.3:o:dell:inspiron_7460_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:g7_7588:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_5520:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:g5_5587:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:edge_gateway_5200_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_5820_tower:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:precision_5820_tower_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:g5_5587_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_7460:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_7080:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:precision_5520_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:precision_3930_rack_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:vostro_15_7580_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_15_7580:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:edge_gateway_5200:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_3930_rack:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:edge_gateway_3200_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:g7_7588_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:edge_gateway_3200:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:optiplex_7080_firmware:-:*:*:*:*:*:*:*

24 Jul 2024, 08:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-07-24 08:15

Updated : 2024-09-11 13:50

NVD link : CVE-2023-32471

Mitre link : CVE-2023-32471

JSON object : View

Products Affected

dell

  • g7_7588_firmware
  • g5_5587_firmware
  • edge_gateway_3200_firmware
  • inspiron_7460
  • precision_5520_firmware
  • precision_5820_tower
  • precision_5520
  • inspiron_7460_firmware
  • g7_7588
  • edge_gateway_3200
  • vostro_15_7580_firmware
  • precision_3930_rack_firmware
  • edge_gateway_5200
  • optiplex_7080
  • precision_3930_rack
  • g5_5587
  • edge_gateway_5200_firmware
  • vostro_15_7580
  • optiplex_7080_firmware
  • precision_5820_tower_firmware
CWE
CWE-125

Out-of-bounds Read