Vulnerabilities > CVE-2023-32471 - Out-of-bounds Read vulnerability in Dell products

CVSS 6.0 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

dell

CWE-125

NVD

Published: 2024-07-24

Updated: 2024-09-11

Summary

Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds read vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability to read contents of stack memory and use this information for further exploits.

Vulnerable Configurations

Part	Description	Count
OS	Dell Dell Edge Gateway 3200 Firmware - Dell Edge Gateway 5200 Firmware - Dell Precision 3930 Rack Firmware - Dell Optiplex 7080 Firmware - Dell Precision 5520 Firmware - Dell Inspiron 7460 Firmware - Dell Precision 5820 Tower Firmware - Dell G5 5587 Firmware - Dell G7 7588 Firmware - Dell Vostro 15 7580 Firmware -	10
Hardware	Dell Dell Edge Gateway 3200 - Dell Edge Gateway 5200 - Dell Precision 3930 Rack - Dell Optiplex 7080 - Dell Precision 5520 - Dell Inspiron 7460 - Dell Precision 5820 Tower - Dell G5 5587 - Dell G7 7588 - Dell Vostro 15 7580 -	10

Common Weakness Enumeration (CWE)

CWE-125 - Out-of-bounds Read

Common Attack Pattern Enumeration and Classification (CAPEC)

Overread Buffers
An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

References

https://www.dell.com/support/kbdoc/en-us/000214917/dsa-2023-225-security-update-for-dell-bios-edge-gateway-5200-and-edge-gateway-3200