SB2023022344 - Multiple vulnerabilities in Dell EGW-5200

Security Bulletin ID SB2023022344

Severity

High

Patch available

YES

Number of vulnerabilities 4

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Improper Authentication (CVE-ID: CVE-2021-33159)

The vulnerability allows a local user to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests in firmware. A local administrator can bypass authentication process and gain elevated privileges on the system.

2) Improper Authentication (CVE-ID: CVE-2022-26845)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests in firmware. A remote attacker can bypass authentication process and gain elevated privileges on the system.

3) NULL pointer dereference (CVE-ID: CVE-2022-27497)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in firmware. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

4) Improper Authentication (CVE-ID: CVE-2022-29893)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests in firmware. A remote user can bypass authentication process and gain elevated privileges on the system.

Remediation

Install update from vendor's website.

References

https://www.dell.com/support/kbdoc/nl-nl/000209731/dsa-2023-042-dell-networking-security-update-for-a-third-party-bios-vulnerability