// For flags

CVE-2023-32467

 

Severity Score

5.7
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some UEFI code, leading to arbitrary code execution or escalation of privilege.

El BIOS de Dell Edge Gateway, versiones 3200 y 5200, contiene una vulnerabilidad de escritura fuera de los límites. Un usuario malicioso local autenticado con altos privilegios podría explotar esta vulnerabilidad, lo que provocaría la exposición de algún código UEFI, lo que provocaría la ejecución de código arbitrario o una escalada de privilegios.

*Credits: Dell Technologies would also like to thank yngweijw (Jiawei Yin) for reporting this issue, Dell Technologies would like to thank the BINARLY efiXplorer team for reporting these issues
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
Low
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2023-05-09 CVE Reserved
  • 2024-07-10 CVE Published
  • 2024-07-10 EPSS Updated
  • 2024-08-02 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-665: Improper Initialization
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Dell
Search vendor "Dell"
 PowerSwitch Z9664F-ON BIOS
Search vendor "Dell" for product "PowerSwitch Z9664F-ON BIOS"
 < v1.05.10
Search vendor "Dell" for product "PowerSwitch Z9664F-ON BIOS" and version " < v1.05.10"
en
Affected