Medium
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
CVE-2024-38296 |
Dell Edge Gateway 3200, versions prior to 15.40.30.2879, and Edge Gateway 5200, versions prior to 12.0.94.2380, contain an Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure. |
6.7 |
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
CVE-2024-38296 |
Dell Edge Gateway 3200, versions prior to 15.40.30.2879, and Edge Gateway 5200, versions prior to 12.0.94.2380, contain an Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure. |
6.7 |
Product |
Software/Firmware |
Affected Versions |
Remediated Versions |
Link |
Dell Edge Gateway 3200 |
Intel Management Engine Firmware Update Utility |
Versions prior to 15.40.30.2879 |
Version 15.40.30.2879 or later |
https://www.dell.com/support/home/product-support/product/dell-edge-gateway-3200/drivers |
Dell Edge Gateway 5200 |
Intel Management Engine Firmware Update Utility |
Versions prior to 12.0.94.2380 |
Version 12.0.94.2380 or later |
https://www.dell.com/support/home/product-support/product/dell-edge-gateway-5200/drivers |
Product |
Software/Firmware |
Affected Versions |
Remediated Versions |
Link |
Dell Edge Gateway 3200 |
Intel Management Engine Firmware Update Utility |
Versions prior to 15.40.30.2879 |
Version 15.40.30.2879 or later |
https://www.dell.com/support/home/product-support/product/dell-edge-gateway-3200/drivers |
Dell Edge Gateway 5200 |
Intel Management Engine Firmware Update Utility |
Versions prior to 12.0.94.2380 |
Version 12.0.94.2380 or later |
https://www.dell.com/support/home/product-support/product/dell-edge-gateway-5200/drivers |
The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
CVE ID | Workaround and Mitigation |
CVE-2024-38296 | In addition to upgrading your version of the ME Firmware Utility, please follow the mitigation steps as part of the KB article - https://www.dell.com/support/kbdoc/000250953 |
Revision |
Date |
Description |
1.0 |
2024-11-21 |
Initial Release |
2.0 |
2024-11-22 |
Formatting changes only. No changes to content. |
3.0 |
2024-12-09 |
Added Edge Gateway 3200 to the affected product list. |
Dell would like to thank the Eclypsium Research Team for reporting this issue.