Details of VAR-202208-2261

ID

VAR-202208-2261

CVE

CVE-2022-34383

TITLE

Dell's edge gateway 5200 in the firmware OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-016135

DESCRIPTION

Dell Edge Gateway 5200 (EGW) versions before 1.03.10 contain an operating system command injection vulnerability. A local malicious user may potentially exploit this vulnerability by using an SMI to bypass PMC mitigation and gain arbitrary code execution during SMM. (DoS) It may be in a state. Dell Edge Gateway is a series of intelligent gateway devices from Dell in the United States. It is designed to aggregate, protect, analyze and relay data from various sensors and devices at the edge of the network. The vulnerability is caused by improper input validation

Trust: 2.25

sources: NVD: CVE-2022-34383 // JVNDB: JVNDB-2022-016135 // CNVD: CNVD-2024-38787 // VULMON: CVE-2022-34383

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-38787

AFFECTED PRODUCTS

vendor:	dell	model:	edge gateway 5200	scope:	lt	version:	1.03.10	Trust: 1.0
vendor:	デル	model:	edge gateway 5200	scope:	eq	version:	edge gateway 5200 firmware 1.03.10	Trust: 0.8
vendor:	デル	model:	edge gateway 5200	scope:	eq	version:	-	Trust: 0.8
vendor:	デル	model:	edge gateway 5200	scope:	-	version:	-	Trust: 0.8
vendor:	dell	model:	edge gateway	scope:	eq	version:	5200<1.03.10	Trust: 0.6

sources: CNVD: CNVD-2024-38787 // JVNDB: JVNDB-2022-016135 // NVD: CVE-2022-34383

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-34383
value:	HIGH
Trust: 1.0
security_alert@emc.com:	CVE-2022-34383
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-34383
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2024-38787
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202208-4529
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2024-38787
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:L/AC:L/AU:M/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	2.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-34383
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.5
impactScore:	6.0
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2022-34383
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	LOW
exploitabilityScore:	1.5
impactScore:	6.0
version:	3.1
Trust: 1.0
NVD:	CVE-2022-34383
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2024-38787 // JVNDB: JVNDB-2022-016135 // CNNVD: CNNVD-202208-4529 // NVD: CVE-2022-34383 // NVD: CVE-2022-34383

PROBLEMTYPE DATA

problemtype:	CWE-77	Trust: 1.0
problemtype:	CWE-78	Trust: 1.0
problemtype:	OS Command injection (CWE-78) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-016135 // NVD: CVE-2022-34383

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202208-4529

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202208-4529

PATCH

title:	Patch for Dell Edge Gateway Operating System Command Injection Vulnerability (CNVD-2024-38787)	url:	https://www.cnvd.org.cn/patchInfo/show/587601	Trust: 0.6
title:	Dell Edge Gateway Fixes for operating system command injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=206820	Trust: 0.6

sources: CNVD: CNVD-2024-38787 // CNNVD: CNNVD-202208-4529

EXTERNAL IDS

db:	NVD	id:	CVE-2022-34383	Trust: 3.9
db:	JVNDB	id:	JVNDB-2022-016135	Trust: 0.8
db:	CNVD	id:	CNVD-2024-38787	Trust: 0.6
db:	CNNVD	id:	CNNVD-202208-4529	Trust: 0.6
db:	VULMON	id:	CVE-2022-34383	Trust: 0.1

sources: CNVD: CNVD-2024-38787 // VULMON: CVE-2022-34383 // JVNDB: JVNDB-2022-016135 // CNNVD: CNNVD-202208-4529 // NVD: CVE-2022-34383

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000202711	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-34383	Trust: 1.4
url:	https://cxsecurity.com/cveshow/cve-2022-34383/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2024-38787 // VULMON: CVE-2022-34383 // JVNDB: JVNDB-2022-016135 // CNNVD: CNNVD-202208-4529 // NVD: CVE-2022-34383

SOURCES

db:	CNVD	id:	CNVD-2024-38787
db:	VULMON	id:	CVE-2022-34383
db:	JVNDB	id:	JVNDB-2022-016135
db:	CNNVD	id:	CNNVD-202208-4529
db:	NVD	id:	CVE-2022-34383

LAST UPDATE DATE

2024-09-25T23:31:53.075000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-38787	date:	2024-09-23T00:00:00
db:	VULMON	id:	CVE-2022-34383	date:	2022-08-31T00:00:00
db:	JVNDB	id:	JVNDB-2022-016135	date:	2023-10-02T08:10:00
db:	CNNVD	id:	CNNVD-202208-4529	date:	2022-09-08T00:00:00
db:	NVD	id:	CVE-2022-34383	date:	2022-09-07T17:30:56.257

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-38787	date:	2024-09-04T00:00:00
db:	VULMON	id:	CVE-2022-34383	date:	2022-08-31T00:00:00
db:	JVNDB	id:	JVNDB-2022-016135	date:	2023-10-02T00:00:00
db:	CNNVD	id:	CNNVD-202208-4529	date:	2022-08-31T00:00:00
db:	NVD	id:	CVE-2022-34383	date:	2022-08-31T20:15:08.747