Lucene search

[email protected]CVE-2022-24418

HistoryMay 26, 2022 - 4:15 p.m.

CVE-2022-24418

2022-05-2616:15:08

CWE-20

[email protected]

web.nvd.nist.gov

cve-2022-24418

dell

bios

input validation

vulnerability

smi

arbitrary code execution

local authenticated

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.5 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

Affected configurations

NVD

Node

delldell_g5_5505_firmwareRange<1.10.0

AND

delldell_g5_5505Match-

Node

dellinspiron_22-3275_firmwareRange<1.8.0

AND

dellinspiron_22-3275Match-

Node

dellinspiron_24-3475_firmwareRange<1.8.0

AND

dellinspiron_24-3475Match-

Node

dellinspiron_27_7775_firmwareRange<2.15.0

AND

dellinspiron_27_7775Match-

Node

dellinspiron_3180_firmwareRange<1.4.4

AND

dellinspiron_3180Match-

Node

dellinspiron_3185_firmwareRange<1.4.4

AND

dellinspiron_3185Match-

Node

dellinspiron_3195_firmwareRange<1.4.1

AND

dellinspiron_3195Match-

Node

dellinspiron_3505_firmwareRange<1.5.0

AND

dellinspiron_3505Match-

Node

dellinspiron_3515_firmwareRange<1.4.0

AND

dellinspiron_3515Match-

Node

dellinspiron_3585_firmwareRange<1.6.0

AND

dellinspiron_3585Match-

Node

dellinspiron_3595_firmwareRange<1.2.1

AND

dellinspiron_3595Match-

Node

dellinspiron_3785_firmwareRange<1.6.0

AND

dellinspiron_3785Match-

Node

dellinspiron_5405_firmwareRange<1.6.0

AND

dellinspiron_5405Match-

Node

dellinspiron_5415_firmwareRange<1.7.1

AND

dellinspiron_5415Match-

Node

dellinspiron_5485_firmwareRange<2.7.0

AND

dellinspiron_5485Match-

Node

dellinspiron_5505_firmwareRange<1.6.0

AND

dellinspiron_5505Match-

Node

dellinspiron_5515_firmwareRange<1.7.1

AND

dellinspiron_5515Match-

Node

dellinspiron_5575_firmwareRange<1.5.0

AND

dellinspiron_5575Match-

Node

dellinspiron_5585_firmwareRange<2.7.0

AND

dellinspiron_5585Match-

Node

dellinspiron_5675_firmwareRange<1.5.0

AND

dellinspiron_5675Match-

Node

dellinspiron_5775_firmwareRange<1.5.0

AND

dellinspiron_5775Match-

Node

dellinspiron_7375_firmwareRange<1.6.0

AND

dellinspiron_7375Match-

Node

dellinspiron_7405_firmwareRange<1.7.0

AND

dellinspiron_7405Match-

Node

dellinspiron_7415_firmwareRange<1.7.1

AND

dellinspiron_7415Match-

Node

dellvostro_3405_firmwareRange<1.5.0

AND

dellvostro_3405Match-

Node

dellvostro_3515_firmwareRange<1.4.0

AND

dellvostro_3515Match-

Node

dellvostro_5415_firmwareRange<1.7.1

AND

dellvostro_5415Match-

Node

dellvostro_5515_firmwareRange<1.7.1

AND

dellvostro_5515Match-

CPENameOperatorVersion
dell:dell_g5_5505_firmwaredell dell g5 5505 firmwarelt1.10.0

CPE	Name	Operator	Version
dell:dell_g5_5505_firmware	dell dell g5 5505 firmware	lt	1.10.0

CNA Affected

[
  {
    "product": "CPG BIOS",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "1.10.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000199285/dsa-2022-095

Social References

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.5 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2022-24418

cvelist1 cnvd1 prion1 nvd1