Details of VAR-202407-1247

ID

VAR-202407-1247

CVE

CVE-2023-32472

TITLE

Dell's edge gateway 3200 firmware and edge gateway 5200 Out-of-bounds write vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2023-027247

DESCRIPTION

Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some code in System Management Mode, leading to arbitrary code execution or escalation of privilege. (DoS) It may be in a state. Dell Edge Gateway is a series of intelligent gateway devices from Dell in the United States. It is designed to aggregate, protect, analyze and relay data from various sensors and devices at the edge of the network. The vulnerability is caused by a boundary error when the application processes untrusted input

Trust: 2.16

sources: NVD: CVE-2023-32472 // JVNDB: JVNDB-2023-027247 // CNVD: CNVD-2024-37423

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-37423

AFFECTED PRODUCTS

vendor:	dell	model:	edge gateway 3200	scope:	eq	version:	-	Trust: 1.0
vendor:	dell	model:	edge gateway 5200	scope:	lt	version:	1.05.10	Trust: 1.0
vendor:	デル	model:	edge gateway 3200	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	edge gateway 5200	scope:	-	version:	-	Trust: 0.8
vendor:	dell	model:	edge gateway	scope:	eq	version:	3200	Trust: 0.6
vendor:	dell	model:	edge gateway	scope:	eq	version:	5200	Trust: 0.6

sources: CNVD: CNVD-2024-37423 // JVNDB: JVNDB-2023-027247 // NVD: CVE-2023-32472

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-32472
value:	HIGH
Trust: 1.0
security_alert@emc.com:	CVE-2023-32472
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2023-32472
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2024-37423
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2024-37423
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:L/AC:L/AU:M/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	2.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2023-32472
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.5
impactScore:	6.0
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2023-32472
baseSeverity:	MEDIUM
baseScore:	5.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	1.5
impactScore:	3.7
version:	3.1
Trust: 1.0
NVD:	CVE-2023-32472
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2024-37423 // JVNDB: JVNDB-2023-027247 // NVD: CVE-2023-32472 // NVD: CVE-2023-32472

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-027247 // NVD: CVE-2023-32472

PATCH

title:

Patch for Dell Edge Gateway Buffer Overflow Vulnerability (CNVD-2024-37423)

url:

https://www.cnvd.org.cn/patchInfo/show/587561

Trust: 0.6

sources: CNVD: CNVD-2024-37423

EXTERNAL IDS

db:	NVD	id:	CVE-2023-32472	Trust: 3.2
db:	JVNDB	id:	JVNDB-2023-027247	Trust: 0.8
db:	CNVD	id:	CNVD-2024-37423	Trust: 0.6

sources: CNVD: CNVD-2024-37423 // JVNDB: JVNDB-2023-027247 // NVD: CVE-2023-32472

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-in/000214917/dsa-2023-225-security-update-for-dell-bios-edge-gateway-5200-and-edge-gateway-3200	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-32472	Trust: 1.4

sources: CNVD: CNVD-2024-37423 // JVNDB: JVNDB-2023-027247 // NVD: CVE-2023-32472

SOURCES

db:	CNVD	id:	CNVD-2024-37423
db:	JVNDB	id:	JVNDB-2023-027247
db:	NVD	id:	CVE-2023-32472

LAST UPDATE DATE

2024-09-26T23:02:17.262000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-37423	date:	2024-09-04T00:00:00
db:	JVNDB	id:	JVNDB-2023-027247	date:	2024-09-11T01:17:00
db:	NVD	id:	CVE-2023-32472	date:	2024-09-26T12:15:02.800

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-37423	date:	2024-09-04T00:00:00
db:	JVNDB	id:	JVNDB-2023-027247	date:	2024-09-11T00:00:00
db:	NVD	id:	CVE-2023-32472	date:	2024-07-10T03:15:02.193