Details of VAR-202407-2628

ID

VAR-202407-2628

CVE

CVE-2023-32466

TITLE

Dell's edge gateway 3200 Out-of-bounds write vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2023-027259

DESCRIPTION

Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some UEFI code, leading to arbitrary code execution or escalation of privilege. (DoS) It may be in a state. Dell Edge Gateway is a series of intelligent gateway devices from Dell in the United States. It is designed to aggregate, protect, analyze and relay data from various sensors and devices at the edge of the network. The vulnerability is caused by an out-of-bounds write vulnerability

Trust: 2.16

sources: NVD: CVE-2023-32466 // JVNDB: JVNDB-2023-027259 // CNVD: CNVD-2024-35176

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-35176

AFFECTED PRODUCTS

vendor:	dell	model:	edge gateway 3200	scope:	lt	version:	1.03.10	Trust: 1.0
vendor:	デル	model:	edge gateway 3200	scope:	eq	version:	-	Trust: 0.8
vendor:	デル	model:	edge gateway 3200	scope:	eq	version:	edge gateway 3200 firmware 1.03.10	Trust: 0.8
vendor:	デル	model:	edge gateway 3200	scope:	-	version:	-	Trust: 0.8
vendor:	dell	model:	edge gateway	scope:	eq	version:	3200	Trust: 0.6
vendor:	dell	model:	edge gateway	scope:	eq	version:	5200	Trust: 0.6

sources: CNVD: CNVD-2024-35176 // JVNDB: JVNDB-2023-027259 // NVD: CVE-2023-32466

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-32466
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2023-32466
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2023-32466
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2024-35176
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2024-35176
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:L/AC:L/AU:M/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	2.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2023-32466
baseSeverity:	MEDIUM
baseScore:	5.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	1.5
impactScore:	3.7
version:	3.1
Trust: 2.0
NVD:	CVE-2023-32466
baseSeverity:	MEDIUM
baseScore:	5.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2024-35176 // JVNDB: JVNDB-2023-027259 // NVD: CVE-2023-32466 // NVD: CVE-2023-32466

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	Out-of-bounds writing (CWE-787) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-027259 // NVD: CVE-2023-32466

PATCH

title:

Patch for Dell Edge Gateway Buffer Overflow Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/576146

Trust: 0.6

sources: CNVD: CNVD-2024-35176

EXTERNAL IDS

db:	NVD	id:	CVE-2023-32466	Trust: 3.2
db:	JVNDB	id:	JVNDB-2023-027259	Trust: 0.8
db:	CNVD	id:	CNVD-2024-35176	Trust: 0.6

sources: CNVD: CNVD-2024-35176 // JVNDB: JVNDB-2023-027259 // NVD: CVE-2023-32466

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000214917/dsa-2023-225-security-update-for-dell-bios-edge-gateway-5200-and-edge-gateway-3200	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-32466	Trust: 1.4

sources: CNVD: CNVD-2024-35176 // JVNDB: JVNDB-2023-027259 // NVD: CVE-2023-32466

SOURCES

db:	CNVD	id:	CNVD-2024-35176
db:	JVNDB	id:	JVNDB-2023-027259
db:	NVD	id:	CVE-2023-32466

LAST UPDATE DATE

2024-09-13T23:34:37.652000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-35176	date:	2024-08-13T00:00:00
db:	JVNDB	id:	JVNDB-2023-027259	date:	2024-09-12T01:44:00
db:	NVD	id:	CVE-2023-32466	date:	2024-09-11T13:55:07.833

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-35176	date:	2024-08-06T00:00:00
db:	JVNDB	id:	JVNDB-2023-027259	date:	2024-09-12T00:00:00
db:	NVD	id:	CVE-2023-32466	date:	2024-07-24T07:15:01.953