DSA-2023-244: Dell Technologies Networking Edge Gateway Security Update for Multiple SMM Vulnerabilities

Summary: Dell Technologies Networking Edge Gateway remediations are available for Multiple SMM Vulnerabilities that could be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Impact

High

Details

Proprietary Code CVE(s) Description CVSS Base Score CVSS Vector String
CVE-2022-24415 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
8.2		 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2022-24416 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
8.2		 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2022-24419 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
8.2		 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2022-24420 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
8.2		 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2022-24421 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
8.2		 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
Proprietary Code CVE(s) Description CVSS Base Score CVSS Vector String
CVE-2022-24415 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
8.2		 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2022-24416 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
8.2		 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2022-24419 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
8.2		 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2022-24420 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
8.2		 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2022-24421 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
8.2		 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

 Product Software/Firmware Affected Versions Remediated Versions Link to Update
Dell Edge Gateway 3200 BIOS Capsule Windows Versions prior to 1.03.10 Version 1.03.10 EGW-3200 BIOS capsule_Windows
Dell Edge Gateway 5200 BIOS Capsule Windows Versions prior to 1.04.10 Version 1.04.10 EGW-5200 BIOS capsule_Windows
Dell Edge Gateway 5200 BIOS Capsule Linux Versions prior to 1.04.10 Version 1.04.10 EGW-5200 BIOS capsule_Linux
 Product Software/Firmware Affected Versions Remediated Versions Link to Update
Dell Edge Gateway 3200 BIOS Capsule Windows Versions prior to 1.03.10 Version 1.03.10 EGW-3200 BIOS capsule_Windows
Dell Edge Gateway 5200 BIOS Capsule Windows Versions prior to 1.04.10 Version 1.04.10 EGW-5200 BIOS capsule_Windows
Dell Edge Gateway 5200 BIOS Capsule Linux Versions prior to 1.04.10 Version 1.04.10 EGW-5200 BIOS capsule_Linux

Workarounds & Mitigations

None.

Revision History

RevisionDateDescription
1.02023-07-06Initial Release

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

Dell Edge Gateway 3200, Dell Edge Gateway 5200
Article Properties
Article Number: 000215608
Article Type: Dell Security Advisory
Last Modified: 06 Jul 2023
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.