Lucene search

DellCVELIST:CVE-2022-22558

HistoryApr 21, 2022 - 8:50 p.m.

CVE-2022-22558

2022-04-2120:50:13

CWE-119

dell

www.cve.org

dell

bios

vulnerability

communication buffer

exploitation

arbitrary writes

denial of service

CVSS3

5.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H

AI Score

6.4

Confidence

High

EPSS

Percentile

12.6%

JSON

Dell PowerEdge Server BIOS and Dell Precision Workstation 7910 and 7920 Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A Local High Privileged attacker could potentially exploit this vulnerability leading to arbitrary writes or denial of service.

CNA Affected

[
  {
    "product": "PowerEdge Platform",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "BIOS update for PowerEdge 13G Intel 1S/2S and 14G AMD",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/000197971

CVSS3

5.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H

AI Score

6.4

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVELIST:CVE-2022-22558