Lucene search

DellCVELIST:CVE-2022-34414

HistoryMar 16, 2023 - 11:37 a.m.

CVE-2022-34414

2023-03-1611:37:21

CWE-119

dell

www.cve.org

dell

poweredge

bios

precision

smm

buffer

vulnerability

arbitrary code execution

denial of service

7.5 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "PowerEdge Platform",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": "14G,15G"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000206296/dsa-2022-204-dell-poweredge-improper-smm-communication-buffer-verification-vulnerability

7.5 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2022-34414