CVE-2023-32472 — Out-of-bounds Write in Dell Powerswitch Z9664f-on Bios

CWE-787 — Out-of-bounds Write CWE-125 — Out-of-bounds Read3 documents3 sources

Severity

8.2HIGHNVD

CNA5.7

EPSS

0.1%

top 71.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Powerswitch Z9664f-on Bios Dell Edge Gateway 5200 Firmware

Timeline

PublishedJul 10

Description

Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some code in System Management Mode, leading to arbitrary code execution or escalation of privilege.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 1.5 | Impact: 6.0

Affected Packages2 packages

▶NVDdell/edge_gateway_5200_firmware< 1.05.10

▶CVEListV5dell/powerswitch_z9664f-on_biosN/A — v1.05.10

🔴Vulnerability Details

CVEList

CVE-2023-32472: Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability↗2024-07-10

▶

GHSA

GHSA-jjpv-jrvp-jwr3: Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability↗2024-07-10

▶