CVE-2023-32467 — Improper Initialization in Dell Powerswitch Z9664f-on Bios

CWE-665 — Improper Initialization3 documents3 sources

Severity

8.2HIGHNVD

CNA5.7

EPSS

0.1%

top 76.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Powerswitch Z9664f-on Bios Dell Edge Gateway 5200 Firmware Dell Chengming 3977 Firmware +3 more

Timeline

PublishedJul 10

Description

Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some UEFI code, leading to arbitrary code execution or escalation of privilege.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 1.5 | Impact: 6.0

Affected Packages6 packages

▶NVDdell/edge_gateway_5200_firmware< 1.05.10

▶NVDdell/edge_gateway_5000_firmware0.1.19.0

▶NVDdell/edge_gateway_5100_firmware0.1.19.0

▶CVEListV5dell/powerswitch_z9664f-on_biosN/A — v1.05.10

▶NVDdell/xps_13_9350_firmware0.1.13.0

🔴Vulnerability Details

CVEList

CVE-2023-32467: Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability↗2024-07-10

▶

GHSA

GHSA-r5w6-vhvv-2q6g: Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability↗2024-07-10

▶