CVE-2024-38296

Published: Nov 22, 2024Modified: Feb 4, 2025

4.4

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitability: 0.8 / Impact: 3.6

Source: NVD

Description

Dell Edge Gateway 3200, versions prior to 15.40.30.2879, and Edge Gateway 5200, versions prior to 12.0.94.2380, contain an Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure.

Affected (2)

Products: Dell: Intel Management Engine Firmware Update Utility

Dell

1 product

Intel Management Engine Firmware Update Utility

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Intel Management Engine Firmware Update Utility	Before 15.40.30.2879

Running on/with	Platform Versions
Dell Edge Gateway 3200	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Intel Management Engine Firmware Update Utility	Before 12.0.94.2380

Running on/with	Platform Versions
Dell Edge Gateway 5200	All versions

References (1)

https://www.dell.com/support/kbdoc/en-us/000250949/dsa-2024-345-security-update-for-dell-networking-edge-gateway-5200-vulnerability

Source: security_alert@emc.com

Vendor Advisory

Timeline

No history available yet.