50 matches found
CVE-2024-52541
CVE-2024-52541 affects Dell Client Platform BIOS. The vulnerability is a weak authentication flaw that could allow a high-privilege attacker with local access to achieve Elevation of Privileges. The connected sources confirm the issue but do not provide public exploit details or concrete remediat...
CVE-2021-36343
CVE-2021-36343 affects Dell BIOS and is caused by improper input validation in the BIOS, enabling a locally authenticated attacker to use a System Management Interrupt (SMI) to gain arbitrary code execution in SMRAM. Public sources describe the vulnerability as a locally exploitable issue that ca...
CVE-2023-48674
CVE-2023-48674 affects Dell Platform BIOS. Described as an improper NULL termination vulnerability that could allow a high-privilege user with network access to send malicious data to the device, potentially causing some services to cease functioning (DoS). Documented impact includes availability...
CVE-2022-26858
Dell BIOS CVE-2022-26858 is an Improper Authentication vulnerability affecting Dell BIOS versions. A locally authenticated user can potentially bypass security controls by sending malicious input to an SMI. The issue is commonly discussed alongside related BIOS vulnerabilities (DSA-2022-224) and ...
CVE-2020-5362
CVE-2020-5362 affects Dell Client Client Consumer and Commercial platforms, where an improper authorization in the Dell Manageability interface allows an attacker with local OS administrator privileges to bypass BIOS Administrator authentication and restore BIOS Setup to default values. The NVD e...
CVE-2022-34398
Dell BIOS is affected by a Time-of-check Time-of-use (TOCTTOU) vulnerability. A local authenticated user could exploit a specifically timed DMA transaction during an SMI to gain arbitrary code execution. The documents do not provide a specific patched version or remediation details; monitor for u...
CVE-2023-28075
Dell BIOS TOCTOU vulnerability (CVE-2023-28075) allows a locally authenticated user with physical access to trigger a specifically timed DMA operation during an SMI to gain arbitrary code execution. Affected component is the Dell BIOS; root cause is a Time‑of‑check Time‑of‑use flaw enabling TOCTO...
CVE-2022-32483
CVE-2022-32483 : Dell BIOS contains an improper input validation vulnerability that allows a local, authenticated attacker with admin privileges to modify a UEFI variable. Several sources corroborate that exploitation requires access to the System Management Interface (SMI) to act within SMRAM, e...
CVE-2022-26859
CVE-2022-26859 describes a race condition in Dell BIOS that can be triggered by a local attacker sending malicious input via System Management Interrupt (SMI) to bypass security checks during System Management Mode (SMM). The vulnerability affects Dell BIOS and enables potential interception or c...
CVE-2023-28036
Dell BIOS contains an improper input validation vulnerability that can be exploited by a local authenticated attacker with administrator privileges to modify a UEFI variable. Affected: Dell BIOS on Dell systems. Root cause: improper input validation. Impact: potential modification of UEFI variabl...
CVE-2022-32485
The CVE-2022-32485 entry refers to a Dell BIOS vulnerability caused by improper input validation. A local authenticated attacker could use a System Management Interrupt (SMI) to execute arbitrary code in SMRAM. Documents consistently identify Dell BIOS as the affected component and SMRAM as the t...
CVE-2022-32487
Dell BIOS contains an input validation weakness that can be triggered by a local, authenticated attacker using an SMI to execute code in SMRAM. Public sources consistently describe the vulnerability as affecting Dell BIOS embedded firmware and enabling arbitrary code execution when an SMI is used...
CVE-2022-32489
CVE-2022-32489 affects Dell BIOS. The vulnerability arises from improper input validation, enabling a local authenticated attacker to use an SMI to execute arbitrary code in SMRAM. Impact is high (confidentiality, integrity, and availability) per multiple sources. Exploitation requires access to ...
CVE-2022-29083
The CVE-2022-29083 entry describes an Improper Authentication vulnerability in Dell BIOS. An unauthenticated attacker with physical access could bypass drive security mechanisms to gain system access. Documented impact indicates confidentiality, integrity, and availability could be High. Exploita...
CVE-2023-28050
The vulnerability CVE-2023-28050 affects Dell BIOS (embedded firmware) where improper input validation could allow a local authenticated attacker with administrator privileges to modify a UEFI variable. Root cause: faulty input validation in Dell BIOS code. Impact: potential integrity/availabilit...
CVE-2022-32493
CVE-2022-32493: Dell BIOS contains a stack-based buffer overflow that can be exploited by a local, authenticated attacker using an SMI to execute code in SMRAM. This affects Dell BIOS (embedded firmware on motherboard memory) and results in arbitrary code execution with high impact on confidentia...
CVE-2024-0158
CVE-2024-0158 relates to Dell BIOS, where an improper input validation flaw could let a locally authenticated administrator modify a UEFI variable, causing denial of service and privilege escalation. Affected software is the Dell BIOS (details on exact versions are not consistently specified acro...
CVE-2021-36342
CVE-2021-36342 affects Dell BIOS. A locally authenticated attacker can exploit an improper input validation via a System Management Interrupt (SMI) to achieve arbitrary code execution in SMRAM. Impact is local and persistent within the BIOS/SMRAM context; exploitation details are described as SMI...
CVE-2023-28034
Dell BIOS contains an improper input validation vulnerability that could allow a local authenticated attacker with administrator privileges to modify a UEFI variable. Affected component is the Dell BIOS/Uefi interface on Dell systems. Root cause: improper input validation in the BIOS that handles...
CVE-2023-28058
CVE-2023-28058 describes an improper input validation vulnerability in Dell BIOS. A local authenticated attacker with administrator privileges may exploit this to modify a UEFI variable. Affected component: Dell BIOS; root cause: input validation flaw in BIOS handling of UEFI variables. Impacts r...
CVE-2022-32488
Dell BIOS contains an improper input validation vulnerability (CVE-2022-32488). A local authenticated attacker could use an SMI to gain arbitrary code execution in SMRAM, with high impact on confidentiality/integrity/availability. Affected component is the BIOS firmware on Dell systems; exploitat...
CVE-2023-28060
Dell BIOS contains an improper input validation vulnerability (CVE-2023-28060). A local authenticated attacker with administrator privileges may exploit this to modify a UEFI variable. Affected component is BIOS firmware; root cause is input validation failure. Impact is elevation/modification of...
CVE-2022-26860
CVE-2022-26860 describes a stack-based buffer overflow in Dell BIOS. A local attacker can trigger it via System Management Interrupt (SMI), bypass security checks, and achieve arbitrary code execution in System Management Mode (SMM). Affected: Dell BIOS versions; vulnerability is local with low a...
CVE-2022-26861
Dell BIOS firmware contains an Insecure Automated Optimization vulnerability (CVE-2022-26861) that allows a locally authenticated attacker to trigger arbitrary code execution during System Management Mode (SMM) by sending malicious input via SMI. The issue is tied to the BIOS/SMM trust boundary, ...
CVE-2023-28031
Dell BIOS contains an improper input validation vulnerability that could allow a local authenticated administrator to modify a UEFI variable. Affected component is Dell BIOS (embedded firmware on Dell systems); root cause is input validation failure when handling UEFI variables. The vulnerability...
CVE-2023-25938
CVE-2023-25938 describes an improper input validation vulnerability in Dell BIOS that can allow a local, authenticated attacker with administrator privileges to modify a UEFI variable. The issue is tied to the BIOS/firmware handling of input and does not include explicit exploit details in the pr...
CVE-2022-32491
Dell Client BIOS contains a buffer overflow vulnerability that can be triggered by a locally authenticated user manipulating an SMI to cause an arbitrary write in SMRAM during SMM. Affected: Dell Client BIOS. Root cause: buffer overflow in BIOS. Impact: high confidentiality, integrity, and availa...
CVE-2023-28033
CVSS context and impact : CVE-2023-28033 affects Dell BIOS (UEFI support code) through an improper input validation vulnerability. A local authenticated user with administrator privileges can potentially exploit this to modify a UEFI variable (impact: confidentiality, integrity, availability rate...
CVE-2023-32471
Dell Edge Gateway BIOS versions 3200 and 5200 contain an out-of-bounds read vulnerability in the BIOS DXE driver. A local authenticated attacker with high privileges can read stack memory, enabling potential further exploits. Remediation per PT-2024-5327: update to a BIOS version that fixes the o...
CVE-2023-25937
Dell BIOS contains an improper input validation vulnerability that could allow a local, authenticated administrator to modify a UEFI variable. The CVE-2023-25937 entry is supported by multiple sources (NVD, CVE list, CNNVD, PRION, etc.). Reported impact includes potential changes to UEFI state wi...
CVE-2023-28026
CVE-2023-28026 affects Dell BIOS and stems from improper input validation. A local authenticated attacker with administrator privileges could potentially modify a UEFI variable via this vulnerability. Documents indicate Dell released a BIOS security update addressing multiple improper input valid...
CVE-2023-28027
Dell BIOS on Dell systems contains an improper input validation vulnerability that enables a local authenticated administrator to modify a UEFI variable. The root cause is insufficient validation in the BIOS input handling, allowing manipulation of UEFI state. The impact, as stated, includes pote...
CVE-2023-28039
Dell BIOS contains an improper input validation vulnerability that could allow a local authenticated user with administrator privileges to modify a UEFI variable. The issue affects Dell BIOS firmware and is described across multiple sources (e.g., Dell KB article DSA-2023-099). No exploitation de...
CVE-2023-28059
Dell BIOS contains an improper input validation vulnerability that can allow a local authenticated administrator to modify a UEFI variable. Affected component: Dell BIOS (embedded BIOS on Dell motherboards). Root cause: improper input validation. Impact: potential unauthorized modification of UEF...
CVE-2022-32484
Dell BIOS firmware contains an input validation error that can be exploited by a locally authenticated administrator to modify UEFI variables. The issue is documented as CVE-2022-32484 and is supported by multiple sources (Dell KB, NCSC advisory) noting local access via an admin user and the risk...
CVE-2023-43078
Dell Dock Firmware and Dell Client Platform are affected by CVE-2023-43078 due to an Improper Link Resolution vulnerability during installation, which can lead to arbitrary folder deletion and potential Privilege Escalation or Denial of Service. Affected components include the Dell Dock Firmware ...
CVE-2023-28028
Dell BIOS contains an improper input validation vulnerability (CVE-2023-28028). A local authenticated attacker with administrator privileges can potentially exploit this to modify a UEFI variable. Connected sources indicate affected firmware and that Dell issued a security update (DSA-2023-099) a...
CVE-2023-28044
Dell BIOS has an improper input-validation vulnerability. A local authenticated attacker with administrator privileges can potentially modify a UEFI variable due to the fault in input validation. Affected component is Dell BIOS firmware on Dell systems; the root cause is input validation failure....
CVE-2023-28052
CVE-2023-28052 describes an improper input validation vulnerability in Dell BIOS. A local authenticated attacker with administrator privileges can potentially modify a UEFI variable, impacting system integrity and availability. The affected component is Dell BIOS (UEFI/firmware) with root cause s...
CVE-2023-28029
CVE-2023-28029 is tied to Dell BIOS and is described as an improper input-validation vulnerability that permits a local authenticated attacker with administrator privileges to modify a UEFI variable. The affected component is Dell BIOS firmware on Dell systems; root cause centers on input validat...
CVE-2023-28035
Dell BIOS contains an improper input validation vulnerability that could allow a local authenticated administrator to modify a UEFI variable. Affected: Dell BIOS. Root cause: improper input validation. Impact: potential confidentiality, integrity, and limited availability effects per CVSS; local,...
CVE-2023-28042
Dell BIOS contains an improper input validation vulnerability that could allow a local authenticated administrator to modify a UEFI variable. Affected component is Dell BIOS firmware; root cause is input validation failure. Impact is potential compromise of UEFI variable integrity with high confi...
CVE-2023-28030
Dell BIOS (on affected systems) contains an improper input validation vulnerability that can be exploited by a local authenticated attacker with administrator privileges to modify a UEFI variable. The issue is driven by input validation problems in the BIOS code. Impact is described as high for i...
CVE-2023-28054
CVE-2023-28054 describes an improper input validation vulnerability in Dell BIOS. A local authenticated attacker with administrator privileges can potentially exploit this to modify a UEFI variable. The affected component is Dell BIOS firmware; root cause is input validation failure. Impact, as s...
CVE-2023-28056
Dell BIOS exposes an improper input validation vulnerability that can be exploited by a local authenticated administrator to modify a UEFI variable. The issue is documented across multiple sources (e.g., Dell security advisory for BIOS updates addressing improper input validation). Affected compo...
CVE-2023-28061
Dell BIOS is affected by an improper input validation vulnerability that allows a local authenticated administrator to modify a UEFI variable. Affected component: Dell BIOS (BIOS firmware on Dell systems). Root cause: improper input validation enabling unauthorized modification of UEFI variables....
CVE-2023-25936
Dell BIOS contains an improper input validation vulnerability. A local authenticated user with administrator privileges may exploit this to modify a UEFI variable. Affected component: Dell BIOS; impact includes potential integrity/availability impact through UEFI variable modification. Root cause...
CVE-2023-28041
CVE-2023-28041 concerns Dell BIOS, where an improper input validation weakness could be abused by a local authenticated administrator to modify a UEFI variable. The vulnerability affects the BIOS and could impact confidentiality, integrity, and availability. Exploitation status is not detailed in...
CVE-2023-28040
CVE-2023-28040 affects Dell BIOS and describes an improper input validation vulnerability in the BIOS firmware that could allow a local authenticated attacker with administrator privileges to modify a UEFI variable. The root cause is input validation failure when handling UEFI variable actions. I...
CVE-2023-28032
CVE-2023-28032 concerns Dell BIOS with an improper input validation vulnerability. The issue allows a local, authenticated attacker with administrator privileges to potentially modify a UEFI variable by abusing input handling in the BIOS firmware. Affected component is Dell BIOS; the root cause i...