Lucene search

K
cvelistDellCVELIST:CVE-2022-22567
HistoryFeb 07, 2022 - 12:00 a.m.

CVE-2022-22567

2022-02-0700:00:00
CWE-345
dell
www.cve.org
dell
platforms
vulnerability
bios firmware
authenticity
verification
exploit

CVSS3

4.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:L

AI Score

5.4

Confidence

High

EPSS

0

Percentile

12.6%

Select Dell Client Commercial and Consumer platforms are vulnerable to an insufficient verification of data authenticity vulnerability. An authenticated malicious user may exploit this vulnerability in order to install modified BIOS firmware.

CNA Affected

[
  {
    "product": "CPG BIOS",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "1.15",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

CVSS3

4.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:L

AI Score

5.4

Confidence

High

EPSS

0

Percentile

12.6%

Related for CVELIST:CVE-2022-22567