CVE-2023-32472 – This vulnerability allows a local authenticated... (How to Fix)

Q: What is the severity of CVE-2023-32472?

CVE-2023-32472 has a CVSS score of 5.7 (MEDIUM). This vulnerability allows a local authenticated user with high privileges to perform an out-of-bounds write in Dell Edge Gateway BIOS, potentially leading to arbitrary code execution or privilege escalation in System Management Mode. It affects Dell Edge Gateway 3200 and 5200 devices with vulnerable BIOS versions.

📋 TL;DR

This vulnerability allows a local authenticated user with high privileges to perform an out-of-bounds write in Dell Edge Gateway BIOS, potentially leading to arbitrary code execution or privilege escalation in System Management Mode. It affects Dell Edge Gateway 3200 and 5200 devices with vulnerable BIOS versions.

💻 Affected Systems

Products:

Dell Edge Gateway 3200
Dell Edge Gateway 5200

Versions: Vulnerable BIOS versions for Edge Gateway 3200 and 5200

Operating Systems: Any OS running on affected hardware

Default Config Vulnerable: ⚠️ Yes

Notes: Requires local authenticated access with high privileges; affects BIOS firmware, not dependent on OS.

📦 What is this software?

Edge Gateway 3200 Firmware by Dell

View all CVEs affecting Edge Gateway 3200 Firmware →

Edge Gateway 5200 Firmware by Dell

View all CVEs affecting Edge Gateway 5200 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via arbitrary code execution in System Management Mode, allowing persistent malware installation or hardware-level attacks.

🟠

Likely Case

Privilege escalation from a high-privilege local account to full system control, potentially bypassing security controls.

🟢

If Mitigated

Limited impact if proper access controls restrict local administrative privileges and BIOS updates are applied.

🌐 Internet-Facing: LOW - Requires local authenticated access with high privileges, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Internal malicious actors with administrative access could exploit this for privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local authenticated access with high privileges; out-of-bounds write in BIOS code.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: BIOS updates provided by Dell (specific version numbers in vendor advisory)

Vendor Advisory: https://www.dell.com/support/kbdoc/en-in/000214917/dsa-2023-225-security-update-for-dell-bios-edge-gateway-5200-and-edge-gateway-3200

Restart Required: Yes

Instructions:

1. Download BIOS update from Dell Support site. 2. Run update utility. 3. Restart system to apply BIOS update.

🔧 Temporary Workarounds

Restrict local administrative access

all

Limit number of users with local administrative privileges to reduce attack surface.

🧯 If You Can't Patch

Implement strict access controls to limit local administrative privileges
Monitor for suspicious BIOS/UEFI-related activity and unauthorized privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check BIOS version in system setup (F2 during boot) or using Dell Command | Update utility.

Check Version:

On Windows: wmic bios get smbiosbiosversion; On Linux: dmidecode -s bios-version

Verify Fix Applied:

Verify BIOS version matches patched version listed in Dell advisory after update.

📡 Detection & Monitoring

Log Indicators:

Unexpected BIOS/UEFI update attempts
Privilege escalation from local admin accounts
System Management Mode (SMM) related anomalies

Network Indicators:

None - local exploitation only

SIEM Query:

Search for BIOS/UEFI firmware modification events or privilege escalation from local administrator accounts.

📊 Metadata

CVE ID: CVE-2023-32472

CVSS v3 Score: 5.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

CWE: CWE-787

Published: July 10, 2024

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-32472, you might also want to check these: