CVE-2022-24419

EPSS 0.04%
Published 11.03.2022 22:15:13
Last modified 21.11.2024 06:50:23
Source security_alert@emc.com
Teams watchlist Login
Open Login

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Dell ≫ Alienware 13 R3 Firmware Version < 1.16.1

Dell ≫ Alienware 13 R3 Version-

Dell ≫ Alienware 15 R3 Firmware Version < 1.16.1

Dell ≫ Alienware 15 R3 Version-

Dell ≫ Alienware 15 R4 Firmware Version < 1.17.0

Dell ≫ Alienware 15 R4 Version-

Dell ≫ Alienware 17 R4 Firmware Version < 1.16.1

Dell ≫ Alienware 17 R4 Version-

Dell ≫ Alienware 17 R5 Firmware Version < 1.17.0

Dell ≫ Alienware 17 R5 Version-

Dell ≫ Alienware Area 51m R1 Firmware Version < 1.18.0

Dell ≫ Alienware Area 51m R1 Version-

Dell ≫ Alienware Area 51m R2 Firmware Version < 1.13.0

Dell ≫ Alienware Area 51m R2 Version-

Dell ≫ Alienware Aurora R8 Firmware Version < 1.0.20

Dell ≫ Alienware Aurora R8 Version-

Dell ≫ Alienware M15 R2 Firmware Version < 1.12.0

Dell ≫ Alienware M15 R2 Version-

Dell ≫ Alienware M15 R3 Firmware Version < 1.14.0

Dell ≫ Alienware M15 R3 Version-

Dell ≫ Alienware M15 R4 Firmware Version < 1.8.0

Dell ≫ Alienware M15 R4 Version-

Dell ≫ Alienware M17 R2 Firmware Version < 1.12.0

Dell ≫ Alienware M17 R2 Version-

Dell ≫ Alienware M17 R3 Firmware Version < 1.14.0

Dell ≫ Alienware M17 R3 Version-

Dell ≫ Alienware M17 R4 Firmware Version < 1.8.0

Dell ≫ Alienware M17 R4 Version-

Dell ≫ Alienware X15 R1 Firmware Version < 1.7.0

Dell ≫ Alienware X15 R1 Version-

Dell ≫ Alienware X17 R1 Firmware Version < 1.7.0

Dell ≫ Alienware X17 R1 Version-

Dell ≫ Edge Gateway 3000 Firmware Version < 1.7.0

Dell ≫ Edge Gateway 3000 Version-

Dell ≫ Edge Gateway 5000 Firmware Version < 1.17.0

Dell ≫ Edge Gateway 5000 Version-

Dell ≫ Edge Gateway 5100 Firmware Version < 1.17.0

Dell ≫ Edge Gateway 5100 Version-

Dell ≫ Embedded Box Pc 3000 Firmware Version < 1.13.0

Dell ≫ Embedded Box Pc 3000 Version-

Dell ≫ Embedded Box Pc 5000 Firmware Version < 1.14.0

Dell ≫ Embedded Box Pc 5000 Version-

Dell ≫ Inspiron 14 3473 Firmware Version < 1.14.0

Dell ≫ Inspiron 14 3473 Version-

Dell ≫ Inspiron 15 3573 Firmware Version < 1.14.0

Dell ≫ Inspiron 15 3573 Version-

Dell ≫ Inspiron 15 5566 Firmware Version < 1.18.0

Dell ≫ Inspiron 15 5566 Version-

Dell ≫ Inspiron 3277 Firmware Version < 1.19.0

Dell ≫ Inspiron 3277 Version-

Dell ≫ Inspiron 3465 Firmware Version < 1.12.0

Dell ≫ Inspiron 3465 Version-

Dell ≫ Inspiron 3477 Firmware Version < 1.19.0

Dell ≫ Inspiron 3477 Version-

Dell ≫ Inspiron 3482 Firmware Version < 1.13.0

Dell ≫ Inspiron 3482 Version-

Dell ≫ Inspiron 3502 Firmware Version < 1.7.0

Dell ≫ Inspiron 3502 Version-

Dell ≫ Inspiron 3510 Firmware Version < 1.6.0

Dell ≫ Inspiron 3510 Version-

Dell ≫ Inspiron 3565 Firmware Version < 1.12.0

Dell ≫ Inspiron 3565 Version-

Dell ≫ Inspiron 3582 Firmware Version < 1.13.0

Dell ≫ Inspiron 3582 Version-

Dell ≫ Inspiron 3782 Firmware Version < 1.13.0

Dell ≫ Inspiron 3782 Version-

Dell ≫ Latitude 3379 Firmware Version < 1.0.34

Dell ≫ Latitude 3379 Version-

Dell ≫ Vostro 14 5468 Firmware Version < 1.19.0

Dell ≫ Vostro 14 5468 Version-

Dell ≫ Vostro 15 5568 Firmware Version < 1.19.0

Dell ≫ Vostro 15 5568 Version-

Dell ≫ Vostro 3267 Firmware Version < 1.20.0

Dell ≫ Vostro 3267 Version-

Dell ≫ Vostro 3268 Firmware Version < 1.20.0

Dell ≫ Vostro 3268 Version-

Dell ≫ Vostro 3572 Firmware Version < 1.14.0

Dell ≫ Vostro 3572 Version-

Dell ≫ Vostro 3582 Firmware Version < 1.13.0

Dell ≫ Vostro 3582 Version-

Dell ≫ Vostro 3660 Firmware Version < 1.20.0

Dell ≫ Vostro 3660 Version-

Dell ≫ Vostro 3667 Firmware Version < 1.20.0

Dell ≫ Vostro 3667 Version-

Dell ≫ Vostro 3668 Firmware Version < 1.20.0

Dell ≫ Vostro 3668 Version-

Dell ≫ Vostro 3669 Firmware Version < 1.20.0

Dell ≫ Vostro 3669 Version-

Dell ≫ Wyse 7040 Thin Client Firmware Version < 1.15.0

Dell ≫ Wyse 7040 Thin Client Version-

Dell ≫ Xps 8930 Firmware Version < 1.1.21

Dell ≫ Xps 8930 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.113

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C
security_alert@emc.com	8.2	1.5	6	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

https://www.dell.com/support/kbdoc/en-us/000197057/dsa-2022-053

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-24419

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-24419

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-24419

EUVD