Details of VAR-202407-0943

ID

VAR-202407-0943

CVE

CVE-2023-32467

TITLE

Initialization vulnerability in multiple Dell products

Trust: 0.8

sources: JVNDB: JVNDB-2023-027245

DESCRIPTION

Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some UEFI code, leading to arbitrary code execution or escalation of privilege. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2023-32467 // JVNDB: JVNDB-2023-027245

AFFECTED PRODUCTS

vendor:	dell	model:	edge gateway 5100	scope:	eq	version:	0.1.19.0	Trust: 1.0
vendor:	dell	model:	edge gateway 5000	scope:	eq	version:	0.1.19.0	Trust: 1.0
vendor:	dell	model:	xps 13 9350	scope:	eq	version:	0.1.13.0	Trust: 1.0
vendor:	dell	model:	edge gateway 3200	scope:	eq	version:	-	Trust: 1.0
vendor:	dell	model:	edge gateway 5200	scope:	lt	version:	1.05.10	Trust: 1.0
vendor:	dell	model:	chengming 3977	scope:	eq	version:	0.1.13.0	Trust: 1.0
vendor:	デル	model:	dell edge gateway 5000	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	edge gateway 5100	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	xps 13 9350	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	edge gateway 5200	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	edge gateway 3200	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	chengming 3977	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-027245 // NVD: CVE-2023-32467

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-32467
value:	HIGH
Trust: 1.0
security_alert@emc.com:	CVE-2023-32467
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2023-32467
value:	HIGH
Trust: 0.8

nvd@nist.gov:	CVE-2023-32467
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.5
impactScore:	6.0
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2023-32467
baseSeverity:	MEDIUM
baseScore:	5.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	1.5
impactScore:	3.7
version:	3.1
Trust: 1.0
NVD:	CVE-2023-32467
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-027245 // NVD: CVE-2023-32467 // NVD: CVE-2023-32467

PROBLEMTYPE DATA

problemtype:	CWE-665	Trust: 1.0
problemtype:	Improper initialization (CWE-665) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-027245 // NVD: CVE-2023-32467

EXTERNAL IDS

db:	NVD	id:	CVE-2023-32467	Trust: 2.6
db:	JVNDB	id:	JVNDB-2023-027245	Trust: 0.8

sources: JVNDB: JVNDB-2023-027245 // NVD: CVE-2023-32467

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-in/000214917/dsa-2023-225-security-update-for-dell-bios-edge-gateway-5200-and-edge-gateway-3200	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-32467	Trust: 0.8

sources: JVNDB: JVNDB-2023-027245 // NVD: CVE-2023-32467

SOURCES

db:	JVNDB	id:	JVNDB-2023-027245
db:	NVD	id:	CVE-2023-32467

LAST UPDATE DATE

2024-09-12T23:32:57.302000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2023-027245	date:	2024-09-11T01:10:00
db:	NVD	id:	CVE-2023-32467	date:	2024-09-10T20:00:45.843

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2023-027245	date:	2024-09-11T00:00:00
db:	NVD	id:	CVE-2023-32467	date:	2024-07-10T03:15:01.870