CVE-2022-34383: DSA-2022-221: Dell Networking Security Update for a BIOS Vulnerability

Vaikutus

High

Tiedot

Proprietary Code CVE

Description

CVSS Base Score

CVSS Vector String

CVE-2022-34383

Dell Edge Gateway 5200 (EGW) versions before 1.03.10 contain an operating system command injection vulnerability. A local malicious user may potentially exploit this vulnerability by using an SMI to bypass PMC mitigation and gain arbitrary code execution during SMM.

8.1

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L

Proprietary Code CVE

Description

CVSS Base Score

CVSS Vector String

CVE-2022-34383

Dell Edge Gateway 5200 (EGW) versions before 1.03.10 contain an operating system command injection vulnerability. A local malicious user may potentially exploit this vulnerability by using an SMI to bypass PMC mitigation and gain arbitrary code execution during SMM.

8.1

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen

CVE Addressed

Product

Affected Versions

Updated Version

Link to Update

CVE-2022-34383

Dell Edge Gateway 5200

Versions before 1.03.10

1.03.10

Dell Edge Gateway 5200 drivers

CVE Addressed

Product

Affected Versions

Updated Version

Link to Update

CVE-2022-34383

Dell Edge Gateway 5200

Versions before 1.03.10

1.03.10

Dell Edge Gateway 5200 drivers

Kiitokset

Dell Technologies would like to thank yngweijw for reporting this issue.

Versiohistoria

Revision

Date

Description

1.0

2022-08-24

Initial Release

Asiaan liittyvät tiedot

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

30 elok. 2022