Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

Article Number: 000214917


DSA-2023-225: Security Update for Dell BIOS Edge Gateway 5200 and Edge Gateway 3200

Summary: BIOS remediation is available for Dell Edge Gateway 5200 and Edge Gateway 3200 that could be exploited by malicious users to compromise the affected system.

Article Content


Impact

Medium

Details

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2023-32467 Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some UEFI code, leading to arbitrary code execution or escalation of privilege. 5.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2023-32466 Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some UEFI code, leading to arbitrary code execution or escalation of privilege. 5.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2023-32472 Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some code in System Management Mode, leading to arbitrary code execution or escalation of privilege. 5.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2023-32471 Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds read vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability to read contents of stack memory and use this information for further exploits. 6.0  CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2023-32467 Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some UEFI code, leading to arbitrary code execution or escalation of privilege. 5.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2023-32466 Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some UEFI code, leading to arbitrary code execution or escalation of privilege. 5.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2023-32472 Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some code in System Management Mode, leading to arbitrary code execution or escalation of privilege. 5.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2023-32471 Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds read vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability to read contents of stack memory and use this information for further exploits. 6.0  CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

CVEs Addressed Product Software/Firmware
 
Affected Versions Remediated Versions Link
CVE-2023-32467 Dell Edge Gateway 5200 DXE driver Versions prior to v1.05.10 Version v1.05.10 or later https://www.dell.com/support/home/product-support/product/dell-edge-gateway-5200/drivers
 
CVE-2023-32466 Dell Edge Gateway 3200 DXE driver Versions prior to v1.03.10 Version v1.03.10 or later https://www.dell.com/support/home/product-support/product/dell-edge-gateway-3200/drivers
 
CVE-2023-32472 Dell Edge Gateway 5200 SMM Versions prior to v1.05.10 Version v1.05.10 or later https://www.dell.com/support/home/product-support/product/dell-edge-gateway-5200/drivers
 
CVE-2023-32471 Dell Edge Gateway 5200 DXE driver Versions prior to v1.05.10 Version v1.05.10 or later https://www.dell.com/support/home/product-support/product/dell-edge-gateway-5200/drivers
 
CVE-2023-32471 Dell Edge Gateway 3200 DXE driver Versions prior to v1.03.10 Version v1.03.10 or later https://www.dell.com/support/home/product-support/product/dell-edge-gateway-3200/drivers
 
CVEs Addressed Product Software/Firmware
 
Affected Versions Remediated Versions Link
CVE-2023-32467 Dell Edge Gateway 5200 DXE driver Versions prior to v1.05.10 Version v1.05.10 or later https://www.dell.com/support/home/product-support/product/dell-edge-gateway-5200/drivers
 
CVE-2023-32466 Dell Edge Gateway 3200 DXE driver Versions prior to v1.03.10 Version v1.03.10 or later https://www.dell.com/support/home/product-support/product/dell-edge-gateway-3200/drivers
 
CVE-2023-32472 Dell Edge Gateway 5200 SMM Versions prior to v1.05.10 Version v1.05.10 or later https://www.dell.com/support/home/product-support/product/dell-edge-gateway-5200/drivers
 
CVE-2023-32471 Dell Edge Gateway 5200 DXE driver Versions prior to v1.05.10 Version v1.05.10 or later https://www.dell.com/support/home/product-support/product/dell-edge-gateway-5200/drivers
 
CVE-2023-32471 Dell Edge Gateway 3200 DXE driver Versions prior to v1.03.10 Version v1.03.10 or later https://www.dell.com/support/home/product-support/product/dell-edge-gateway-3200/drivers
 

Acknowledgements

All CVEs: Dell Technologies would like to thank the BINARLY efiXplorer team for reporting these issues.

CVE-2023-32467: Dell Technologies would also like to thank yngweijw (Jiawei Yin) for reporting this issue. 
 

Revision History

RevisionDateDescription
1.02023-06-14Initial Release
2.02023-06-19Update
3.02023-07-21Corrected CVSS vector strings

Related Information


Article Properties


Affected Product

Dell Edge Gateway 3200, Dell Edge Gateway 5200

Last Published Date

21 Jul 2023

Version

3

Article Type

Dell Security Advisory