Описание
Dell Edge Gateway 5200 (EGW) versions before 1.03.10 contain an operating system command injection vulnerability. A local malicious user may potentially exploit this vulnerability by using an SMI to bypass PMC mitigation and gain arbitrary code execution during SMM.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.03.10 (исключая)
Одновременно
cpe:2.3:o:dell:edge_gateway_5200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:edge_gateway_5200:-:*:*:*:*:*:*:*
EPSS
Процентиль: 64%
0.00475
Низкий
8.1 High
CVSS3
8.2 High
CVSS3
Дефекты
CWE-77
CWE-78
Связанные уязвимости
CVSS3: 8.2
github
больше 3 лет назад
Dell Edge Gateway 5200 (EGW) versions before 1.03.10 contain an operating system command injection vulnerability. A local malicious user may potentially exploit this vulnerability by using an SMI to bypass PMC mitigation and gain arbitrary code execution during SMM.
EPSS
Процентиль: 64%
0.00475
Низкий
8.1 High
CVSS3
8.2 High
CVSS3
Дефекты
CWE-77
CWE-78