DSA-2023-225: Security Update for Dell BIOS Edge Gateway 5200 and Edge Gateway 3200

Summary: BIOS remediation is available for Dell Edge Gateway 5200 and Edge Gateway 3200 that could be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Impact

Medium

Details

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2023-32467 Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some UEFI code, leading to arbitrary code execution or escalation of privilege. 5.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2023-32466 Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some UEFI code, leading to arbitrary code execution or escalation of privilege. 5.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2023-32472 Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some code in System Management Mode, leading to arbitrary code execution or escalation of privilege. 5.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2023-32471 Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds read vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability to read contents of stack memory and use this information for further exploits. 6.0  CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2023-32467 Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some UEFI code, leading to arbitrary code execution or escalation of privilege. 5.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2023-32466 Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some UEFI code, leading to arbitrary code execution or escalation of privilege. 5.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2023-32472 Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some code in System Management Mode, leading to arbitrary code execution or escalation of privilege. 5.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2023-32471 Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds read vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability to read contents of stack memory and use this information for further exploits. 6.0  CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

CVEs Addressed Product Software/Firmware
 		 Affected Versions Remediated Versions Link
CVE-2023-32467 Dell Edge Gateway 5200 DXE driver Versions prior to v1.05.10 Version v1.05.10 or later https://www.dell.com/support/home/product-support/product/dell-edge-gateway-5200/drivers
 
CVE-2023-32466 Dell Edge Gateway 3200 DXE driver Versions prior to v1.03.10 Version v1.03.10 or later https://www.dell.com/support/home/product-support/product/dell-edge-gateway-3200/drivers
 
CVE-2023-32472 Dell Edge Gateway 5200 SMM Versions prior to v1.05.10 Version v1.05.10 or later https://www.dell.com/support/home/product-support/product/dell-edge-gateway-5200/drivers
 
CVE-2023-32471 Dell Edge Gateway 5200 DXE driver Versions prior to v1.05.10 Version v1.05.10 or later https://www.dell.com/support/home/product-support/product/dell-edge-gateway-5200/drivers
 
CVE-2023-32471 Dell Edge Gateway 3200 DXE driver Versions prior to v1.03.10 Version v1.03.10 or later https://www.dell.com/support/home/product-support/product/dell-edge-gateway-3200/drivers
 
CVEs Addressed Product Software/Firmware
 		 Affected Versions Remediated Versions Link
CVE-2023-32467 Dell Edge Gateway 5200 DXE driver Versions prior to v1.05.10 Version v1.05.10 or later https://www.dell.com/support/home/product-support/product/dell-edge-gateway-5200/drivers
 
CVE-2023-32466 Dell Edge Gateway 3200 DXE driver Versions prior to v1.03.10 Version v1.03.10 or later https://www.dell.com/support/home/product-support/product/dell-edge-gateway-3200/drivers
 
CVE-2023-32472 Dell Edge Gateway 5200 SMM Versions prior to v1.05.10 Version v1.05.10 or later https://www.dell.com/support/home/product-support/product/dell-edge-gateway-5200/drivers
 
CVE-2023-32471 Dell Edge Gateway 5200 DXE driver Versions prior to v1.05.10 Version v1.05.10 or later https://www.dell.com/support/home/product-support/product/dell-edge-gateway-5200/drivers
 
CVE-2023-32471 Dell Edge Gateway 3200 DXE driver Versions prior to v1.03.10 Version v1.03.10 or later https://www.dell.com/support/home/product-support/product/dell-edge-gateway-3200/drivers
 

Revision History

RevisionDateDescription
1.02023-06-14Initial Release
2.02023-06-19Update
3.02023-07-21Corrected CVSS vector strings

Acknowledgements

All CVEs: Dell Technologies would like to thank the BINARLY efiXplorer team for reporting these issues.

CVE-2023-32467: Dell Technologies would also like to thank yngweijw (Jiawei Yin) for reporting this issue. 
 

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Disclaimer

Affected Products

Dell Edge Gateway 3200, Dell Edge Gateway 5200
Article Properties
Article Number: 000214917
Article Type: Dell Security Advisory
Last Modified: 21 Jul 2023
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.