Lucene search

DellCVELIST:CVE-2022-22567

HistoryFeb 07, 2022 - 12:00 a.m.

CVE-2022-22567

2022-02-0700:00:00

CWE-345

dell

www.cve.org

4.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:L

5.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Select Dell Client Commercial and Consumer platforms are vulnerable to an insufficient verification of data authenticity vulnerability. An authenticated malicious user may exploit this vulnerability in order to install modified BIOS firmware.

CNA Affected

[
  {
    "product": "CPG BIOS",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "1.15",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000195905/dsa-2022-028

4.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:L

5.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for CVELIST:CVE-2022-22567