CVE-2024-38296 — Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution in Dell Edge Gateway 5200

CWE-1421 — Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution3 documents3 sources

Severity

4.4MEDIUMNVD

CNA6.7

EPSS

0.0%

top 90.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Edge Gateway 5200 Dell Intel Management Engine Firmware Update Utility

Timeline

PublishedNov 22

Description

Dell Edge Gateway 3200, versions prior to 15.40.30.2879, and Edge Gateway 5200, versions prior to 12.0.94.2380, contain an Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5dell/edge_gateway_5200N/A — 12.0.94.2380

▶NVDdell/intel_management_engine_firmware_update_utility< 15.40.30.2879+1

🔴Vulnerability Details

GHSA

GHSA-h32x-x27w-622g: Dell Edge Gateway 5200 (Coffee Lake S), versions prior to 12↗2024-11-22

▶

CVEList

CVE-2024-38296: Dell Edge Gateway 3200, versions prior to 15↗2024-11-22

▶