Lucene search

DellCVELIST:CVE-2022-22567

HistoryFeb 07, 2022 - 12:00 a.m.

CVE-2022-22567

2022-02-0700:00:00

CWE-345

dell

www.cve.org

dell

platforms

vulnerability

bios firmware

authenticity

verification

exploit

CVSS3

4.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:L

AI Score

5.4

Confidence

High

EPSS

Percentile

12.6%

JSON

Select Dell Client Commercial and Consumer platforms are vulnerable to an insufficient verification of data authenticity vulnerability. An authenticated malicious user may exploit this vulnerability in order to install modified BIOS firmware.

CNA Affected

[
  {
    "product": "CPG BIOS",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "1.15",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000195905/dsa-2022-028

CVSS3

4.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:L

AI Score

5.4

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVELIST:CVE-2022-22567