Lucene search

[email protected]CVE-2022-26862

HistoryJun 23, 2022 - 6:15 p.m.

CVE-2022-26862

2022-06-2318:15:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2022-26862

dell bios

input validation

smi

security controls

nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

11.5%

JSON

Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM.

CPENameOperatorVersion
dell:alienware_m15_r5_firmwaredell alienware m15 r5 firmwarelt1.5.0
dell:g15_5515_firmwaredell g15 5515 firmwarelt1.6.0
dell:g5_se_5505_firmwaredell g5 se 5505 firmwarelt1.11.0
dell:inspiron_27_7775_firmwaredell inspiron 27 7775 firmwarelt2.16.1
dell:inspiron_14_5425_firmwaredell inspiron 14 5425 firmwarelt1.2.1
dell:inspiron_3275_firmwaredell inspiron 3275 firmwarelt1.9.0
dell:inspiron_3475_firmwaredell inspiron 3475 firmwarelt1.9.0
dell:inspiron_3180_firmwaredell inspiron 3180 firmwarelt1.4.4
dell:inspiron_3185_firmwaredell inspiron 3185 firmwarelt1.4.4
dell:inspiron_3195_firmwaredell inspiron 3195 firmwarelt1.4.1

CPE	Name	Operator	Version
dell:alienware_m15_r5_firmware	dell alienware m15 r5 firmware	lt	1.5.0
dell:g15_5515_firmware	dell g15 5515 firmware	lt	1.6.0
dell:g5_se_5505_firmware	dell g5 se 5505 firmware	lt	1.11.0
dell:inspiron_27_7775_firmware	dell inspiron 27 7775 firmware	lt	2.16.1
dell:inspiron_14_5425_firmware	dell inspiron 14 5425 firmware	lt	1.2.1
dell:inspiron_3275_firmware	dell inspiron 3275 firmware	lt	1.9.0
dell:inspiron_3475_firmware	dell inspiron 3475 firmware	lt	1.9.0
dell:inspiron_3180_firmware	dell inspiron 3180 firmware	lt	1.4.4
dell:inspiron_3185_firmware	dell inspiron 3185 firmware	lt	1.4.4
dell:inspiron_3195_firmware	dell inspiron 3195 firmware	lt	1.4.1

Rows per page:

1-10 of 341

References

www.dell.com/support/kbdoc/en-us/000200568/dsa-2022-096

Social References

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

11.5%

JSON

Related for CVE-2022-26862

prion1 cnvd1