Lucene search

[email protected]CVE-2022-24417

HistoryMay 26, 2022 - 4:15 p.m.

CVE-2022-24417

2022-05-2616:15:07

CWE-20

[email protected]

web.nvd.nist.gov

dell

bios

vulnerability

arbitrary code execution

smi

cve-2022-24417

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.5 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

Affected configurations

NVD

Node

delldell_g5_5505_firmwareRange<1.10.0

AND

delldell_g5_5505Match-

Node

dellinspiron_22-3275_firmwareRange<1.8.0

AND

dellinspiron_22-3275Match-

Node

dellinspiron_24-3475_firmwareRange<1.8.0

AND

dellinspiron_24-3475Match-

Node

dellinspiron_27_7775_firmwareRange<2.15.0

AND

dellinspiron_27_7775Match-

Node

dellinspiron_3180_firmwareRange<1.4.4

AND

dellinspiron_3180Match-

Node

dellinspiron_3185_firmwareRange<1.4.4

AND

dellinspiron_3185Match-

Node

dellinspiron_3195_firmwareRange<1.4.1

AND

dellinspiron_3195Match-

Node

dellinspiron_3505_firmwareRange<1.5.0

AND

dellinspiron_3505Match-

Node

dellinspiron_3515_firmwareRange<1.4.0

AND

dellinspiron_3515Match-

Node

dellinspiron_3585_firmwareRange<1.6.0

AND

dellinspiron_3585Match-

Node

dellinspiron_3595_firmwareRange<1.2.1

AND

dellinspiron_3595Match-

Node

dellinspiron_3785_firmwareRange<1.6.0

AND

dellinspiron_3785Match-

Node

dellinspiron_5405_firmwareRange<1.6.0

AND

dellinspiron_5405Match-

Node

dellinspiron_5415_firmwareRange<1.7.1

AND

dellinspiron_5415Match-

Node

dellinspiron_5485_firmwareRange<2.7.0

AND

dellinspiron_5485Match-

Node

dellinspiron_5505_firmwareRange<1.6.0

AND

dellinspiron_5505Match-

Node

dellinspiron_5515_firmwareRange<1.7.1

AND

dellinspiron_5515Match-

Node

dellinspiron_5575_firmwareRange<1.5.0

AND

dellinspiron_5575Match-

Node

dellinspiron_5585_firmwareRange<2.7.0

AND

dellinspiron_5585Match-

Node

dellinspiron_5675_firmwareRange<1.5.0

AND

dellinspiron_5675Match-

Node

dellinspiron_5775_firmwareRange<1.5.0

AND

dellinspiron_5775Match-

Node

dellinspiron_7375_firmwareRange<1.6.0

AND

dellinspiron_7375Match-

Node

dellinspiron_7405_firmwareRange<1.7.0

AND

dellinspiron_7405Match-

Node

dellinspiron_7415_firmwareRange<1.7.1

AND

dellinspiron_7415Match-

Node

dellvostro_3405_firmwareRange<1.5.0

AND

dellvostro_3405Match-

Node

dellvostro_3515_firmwareRange<1.4.0

AND

dellvostro_3515Match-

Node

dellvostro_5415_firmwareRange<1.7.1

AND

dellvostro_5415Match-

Node

dellvostro_5515_firmwareRange<1.7.1

AND

dellvostro_5515Match-

CPENameOperatorVersion
dell:dell_g5_5505_firmwaredell dell g5 5505 firmwarelt1.10.0

CPE	Name	Operator	Version
dell:dell_g5_5505_firmware	dell dell g5 5505 firmware	lt	1.10.0

CNA Affected

[
  {
    "product": "CPG BIOS",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "1.10.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000199285/dsa-2022-095

Social References

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.5 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2022-24417

prion1 nvd1 cnvd1 cvelist1