Is CVE-2023-32467 actively exploited?

CVE-2023-32467 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2023-32467?

CVE-2023-32467 has a CVSS score of 5.7 (MEDIUM severity). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L.

How do I patch CVE-2023-32467?

Patch guidance is available from dell security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2023-32467.

CVE-2023-32467 - remediation guidance & executive summary

Q: Which products are affected by CVE-2023-32467?

6 products: dell edge gateway 5000 firmware, dell edge gateway 5100 firmware, dell edge gateway 5200 firmware, dell edge gateway 3200 firmware, dell xps 13 9350 firmware, and 1 more.

Description

Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some UEFI code, leading to arbitrary code execution or escalation of privilege.

CVSS Metrics

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
Attack Vector: local
Complexity: low
Privileges: high
User Action: none
Scope: changed
Confidentiality: low
Integrity: low
Availability: low
Weaknesses: CWE-665 CWE-665

Metadata

Primary Vendor: DELL
Published: 7/10/2024
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

dell : edge_gateway_5000_firmwaredell : edge_gateway_5100_firmwaredell : edge_gateway_5200_firmwaredell : edge_gateway_3200_firmwaredell : xps_13_9350_firmwaredell : chengming_3977_firmware

Remediation Guidance

Executive Summary

View on NIST NVD