DSA-2024-345: Security Update for Dell Networking Edge Gateway 3200 and Edge Gateway 5200 Vulnerability
Yhteenveto: Dell Edge Gateway 3200 and Edge Gateway 5200 remediation is available for a security vulnerability that could be exploited by malicious users to compromise the affected system.
Vaikutus
Medium
Tiedot
| Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
| CVE-2024-38296 |
Dell Edge Gateway 3200, versions prior to 15.40.30.2879, and Edge Gateway 5200, versions prior to 12.0.94.2380, contain an Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure. |
6.7 |
| Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
| CVE-2024-38296 |
Dell Edge Gateway 3200, versions prior to 15.40.30.2879, and Edge Gateway 5200, versions prior to 12.0.94.2380, contain an Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure. |
6.7 |
Tuotteet, joihin asia vaikuttaa, ja tilanteen korjaaminen
| Product |
Software/Firmware |
Affected Versions |
Remediated Versions |
Link |
| Dell Edge Gateway 3200 |
Intel Management Engine Firmware Update Utility |
Versions prior to 15.40.30.2879 |
Version 15.40.30.2879 or later |
https://www.dell.com/support/home/product-support/product/dell-edge-gateway-3200/drivers |
| Dell Edge Gateway 5200 |
Intel Management Engine Firmware Update Utility |
Versions prior to 12.0.94.2380 |
Version 12.0.94.2380 or later |
https://www.dell.com/support/home/product-support/product/dell-edge-gateway-5200/drivers |
| Product |
Software/Firmware |
Affected Versions |
Remediated Versions |
Link |
| Dell Edge Gateway 3200 |
Intel Management Engine Firmware Update Utility |
Versions prior to 15.40.30.2879 |
Version 15.40.30.2879 or later |
https://www.dell.com/support/home/product-support/product/dell-edge-gateway-3200/drivers |
| Dell Edge Gateway 5200 |
Intel Management Engine Firmware Update Utility |
Versions prior to 12.0.94.2380 |
Version 12.0.94.2380 or later |
https://www.dell.com/support/home/product-support/product/dell-edge-gateway-5200/drivers |
The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
Kiertotavat ja lievennyskeinot
| CVE ID | Workaround and Mitigation |
| CVE-2024-38296 | In addition to upgrading your version of the ME Firmware Utility, please follow the mitigation steps as part of the KB article - https://www.dell.com/support/kbdoc/000250953 |
Versiohistoria
|
Revision |
Date |
Description |
|
1.0 |
2024-11-21 |
Initial Release |
|
2.0 |
2024-11-22 |
Formatting changes only. No changes to content. |
|
3.0 |
2024-12-09 |
Added Edge Gateway 3200 to the affected product list. |
Kiitokset
Dell would like to thank the Eclypsium Research Team for reporting this issue.