Headline
CVE-2022-34383: DSA-2022-221: Dell Networking Security Update for a BIOS Vulnerability
Dell Edge Gateway 5200 (EGW) versions before 1.03.10 contain an operating system command injection vulnerability. A local malicious user may potentially exploit this vulnerability by using an SMI to bypass PMC mitigation and gain arbitrary code execution during SMM.
Vaikutus
High
Tiedot
Proprietary Code CVE
Description
CVSS Base Score
CVSS Vector String
CVE-2022-34383
Dell Edge Gateway 5200 (EGW) versions before 1.03.10 contain an operating system command injection vulnerability. A local malicious user may potentially exploit this vulnerability by using an SMI to bypass PMC mitigation and gain arbitrary code execution during SMM.
8.1
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
Proprietary Code CVE
Description
CVSS Base Score
CVSS Vector String
CVE-2022-34383
Dell Edge Gateway 5200 (EGW) versions before 1.03.10 contain an operating system command injection vulnerability. A local malicious user may potentially exploit this vulnerability by using an SMI to bypass PMC mitigation and gain arbitrary code execution during SMM.
8.1
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.
Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen
CVE Addressed
Product
Affected Versions
Updated Version
Link to Update
CVE-2022-34383
Dell Edge Gateway 5200
Versions before 1.03.10
1.03.10
Dell Edge Gateway 5200 drivers
CVE Addressed
Product
Affected Versions
Updated Version
Link to Update
CVE-2022-34383
Dell Edge Gateway 5200
Versions before 1.03.10
1.03.10
Dell Edge Gateway 5200 drivers
Kiitokset
Dell Technologies would like to thank yngweijw for reporting this issue.
Versiohistoria
Revision
Date
Description
1.0
2022-08-24
Initial Release
Asiaan liittyvät tiedot
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide
30 elok. 2022