CVE-2023-32471

Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds read vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability to read contents of stack memory and use this information for further exploits.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dell:edge_gateway_3200_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:edge_gateway_3200:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:dell:edge_gateway_5200_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:edge_gateway_5200:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:dell:precision_3930_rack_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_3930_rack:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:dell:optiplex_7080_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_7080:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:dell:precision_5520_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_5520:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:dell:inspiron_7460_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_7460:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:dell:precision_5820_tower_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_5820_tower:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:dell:g5_5587_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:g5_5587:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:dell:g7_7588_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:g7_7588:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:dell:vostro_15_7580_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_15_7580:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:03

Type Values Removed Values Added
References () https://www.dell.com/support/kbdoc/en-us/000214917/dsa-2023-225-security-update-for-dell-bios-edge-gateway-5200-and-edge-gateway-3200 - Vendor Advisory () https://www.dell.com/support/kbdoc/en-us/000214917/dsa-2023-225-security-update-for-dell-bios-edge-gateway-5200-and-edge-gateway-3200 - Vendor Advisory

11 Sep 2024, 13:50

Type Values Removed Values Added
References () https://www.dell.com/support/kbdoc/en-us/000214917/dsa-2023-225-security-update-for-dell-bios-edge-gateway-5200-and-edge-gateway-3200 - () https://www.dell.com/support/kbdoc/en-us/000214917/dsa-2023-225-security-update-for-dell-bios-edge-gateway-5200-and-edge-gateway-3200 - Vendor Advisory
First Time Dell precision 3930 Rack Firmware
Dell g7 7588
Dell precision 5520
Dell optiplex 7080
Dell precision 5820 Tower
Dell edge Gateway 3200 Firmware
Dell edge Gateway 5200
Dell optiplex 7080 Firmware
Dell edge Gateway 3200
Dell edge Gateway 5200 Firmware
Dell vostro 15 7580
Dell vostro 15 7580 Firmware
Dell inspiron 7460
Dell g7 7588 Firmware
Dell precision 5820 Tower Firmware
Dell g5 5587 Firmware
Dell precision 3930 Rack
Dell
Dell precision 5520 Firmware
Dell inspiron 7460 Firmware
Dell g5 5587
CPE cpe:2.3:h:dell:edge_gateway_5200:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:optiplex_7080_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:inspiron_7460_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:vostro_15_7580_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:edge_gateway_3200_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_3930_rack:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_15_7580:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_5520:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_5820_tower:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:g5_5587_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:precision_5520_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:g7_7588_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:edge_gateway_3200:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:precision_3930_rack_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_7460:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:precision_5820_tower_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:g7_7588:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_7080:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:g5_5587:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:edge_gateway_5200_firmware:-:*:*:*:*:*:*:*

24 Jul 2024, 12:55

Type Values Removed Values Added
Summary
  • (es) El BIOS de Dell Edge Gateway, versiones 3200 y 5200, contiene una vulnerabilidad de lectura fuera de los límites. Un usuario malintencionado local autenticado con altos privilegios podría explotar esta vulnerabilidad para leer el contenido de la memoria de la pila y utilizar esta información para futuras vulnerabilidades.

24 Jul 2024, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-24 08:15

Updated : 2024-11-21 08:03


NVD link : CVE-2023-32471

Mitre link : CVE-2023-32471

CVE.ORG link : CVE-2023-32471


JSON object : View

Products Affected

dell

  • optiplex_7080
  • optiplex_7080_firmware
  • g7_7588_firmware
  • edge_gateway_5200
  • edge_gateway_5200_firmware
  • precision_5520_firmware
  • g5_5587_firmware
  • g7_7588
  • vostro_15_7580_firmware
  • precision_3930_rack_firmware
  • inspiron_7460_firmware
  • inspiron_7460
  • g5_5587
  • precision_5820_tower_firmware
  • edge_gateway_3200_firmware
  • precision_5820_tower
  • vostro_15_7580
  • precision_3930_rack
  • edge_gateway_3200
  • precision_5520
CWE
CWE-125

Out-of-bounds Read