VAR-202208-2261
Vulnerability from variot - Updated: 2024-09-25 23:31Dell Edge Gateway 5200 (EGW) versions before 1.03.10 contain an operating system command injection vulnerability. A local malicious user may potentially exploit this vulnerability by using an SMI to bypass PMC mitigation and gain arbitrary code execution during SMM. (DoS) It may be in a state. Dell Edge Gateway is a series of intelligent gateway devices from Dell in the United States. It is designed to aggregate, protect, analyze and relay data from various sensors and devices at the edge of the network. The vulnerability is caused by improper input validation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202208-2261",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "edge gateway 5200",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.03.10"
},
{
"model": "edge gateway 5200",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": "edge gateway 5200 firmware 1.03.10"
},
{
"model": "edge gateway 5200",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "edge gateway 5200",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "edge gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "5200\u003c1.03.10"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38787"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016135"
},
{
"db": "NVD",
"id": "CVE-2022-34383"
}
]
},
"cve": "CVE-2022-34383",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 2.5,
"id": "CNVD-2024-38787",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:M/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.5,
"id": "CVE-2022-34383",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security_alert@emc.com",
"availabilityImpact": "LOW",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.5,
"id": "CVE-2022-34383",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-34383",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-34383",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2022-34383",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-34383",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2024-38787",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-4529",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38787"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016135"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4529"
},
{
"db": "NVD",
"id": "CVE-2022-34383"
},
{
"db": "NVD",
"id": "CVE-2022-34383"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell Edge Gateway 5200 (EGW) versions before 1.03.10 contain an operating system command injection vulnerability. A local malicious user may potentially exploit this vulnerability by using an SMI to bypass PMC mitigation and gain arbitrary code execution during SMM. (DoS) It may be in a state. Dell Edge Gateway is a series of intelligent gateway devices from Dell in the United States. It is designed to aggregate, protect, analyze and relay data from various sensors and devices at the edge of the network. The vulnerability is caused by improper input validation",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-34383"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016135"
},
{
"db": "CNVD",
"id": "CNVD-2024-38787"
},
{
"db": "VULMON",
"id": "CVE-2022-34383"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-34383",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016135",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-38787",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4529",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-34383",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38787"
},
{
"db": "VULMON",
"id": "CVE-2022-34383"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016135"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4529"
},
{
"db": "NVD",
"id": "CVE-2022-34383"
}
]
},
"id": "VAR-202208-2261",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38787"
}
],
"trust": 0.83333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38787"
}
]
},
"last_update_date": "2024-09-25T23:31:53.075000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Dell Edge Gateway Operating System Command Injection Vulnerability (CNVD-2024-38787)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/587601"
},
{
"title": "Dell Edge Gateway Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=206820"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38787"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4529"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.0
},
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016135"
},
{
"db": "NVD",
"id": "CVE-2022-34383"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.dell.com/support/kbdoc/en-us/000202711"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-34383"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-34383/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38787"
},
{
"db": "VULMON",
"id": "CVE-2022-34383"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016135"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4529"
},
{
"db": "NVD",
"id": "CVE-2022-34383"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-38787"
},
{
"db": "VULMON",
"id": "CVE-2022-34383"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016135"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4529"
},
{
"db": "NVD",
"id": "CVE-2022-34383"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-09-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-38787"
},
{
"date": "2022-08-31T00:00:00",
"db": "VULMON",
"id": "CVE-2022-34383"
},
{
"date": "2023-10-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-016135"
},
{
"date": "2022-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-4529"
},
{
"date": "2022-08-31T20:15:08.747000",
"db": "NVD",
"id": "CVE-2022-34383"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-38787"
},
{
"date": "2022-08-31T00:00:00",
"db": "VULMON",
"id": "CVE-2022-34383"
},
{
"date": "2023-10-02T08:10:00",
"db": "JVNDB",
"id": "JVNDB-2022-016135"
},
{
"date": "2022-09-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-4529"
},
{
"date": "2022-09-07T17:30:56.257000",
"db": "NVD",
"id": "CVE-2022-34383"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-4529"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell\u0027s \u00a0edge\u00a0gateway\u00a05200\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016135"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-4529"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…