CVE-2022-26863

EPSS 0.04%
Published 23.06.2022 18:15:07
Last modified 21.11.2024 06:54:42
Source security_alert@emc.com
Teams watchlist Login
Open Login

Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Dell ≫ Alienware M15 R5 Firmware Version < 1.5.0

Dell ≫ Alienware M15 R5 Version-

Dell ≫ G15 5515 Firmware Version < 1.6.0

Dell ≫ G15 5515 Version-

Dell ≫ G5 Se 5505 Firmware Version < 1.11.0

Dell ≫ G5 Se 5505 Version-

Dell ≫ Inspiron 27 7775 Firmware Version < 2.16.1

Dell ≫ Inspiron 27 7775 Version-

Dell ≫ Inspiron 14 5425 Firmware Version < 1.2.1

Dell ≫ Inspiron 14 5425 Version-

Dell ≫ Inspiron 3275 Firmware Version < 1.9.0

Dell ≫ Inspiron 3275 Version-

Dell ≫ Inspiron 3475 Firmware Version < 1.9.0

Dell ≫ Inspiron 3475 Version-

Dell ≫ Inspiron 3180 Firmware Version < 1.4.4

Dell ≫ Inspiron 3180 Version-

Dell ≫ Inspiron 3185 Firmware Version < 1.4.4

Dell ≫ Inspiron 3185 Version-

Dell ≫ Inspiron 3195 Firmware Version < 1.4.1

Dell ≫ Inspiron 3195 Version-

Dell ≫ Inspiron 3505 Firmware Version < 1.6.0

Dell ≫ Inspiron 3505 Version-

Dell ≫ Inspiron 3515 Firmware Version < 1.5.0

Dell ≫ Inspiron 3515 Version-

Dell ≫ Inspiron 3525 Firmware Version < 1.3.0

Dell ≫ Inspiron 3525 Version-

Dell ≫ Inspiron 3585 Firmware Version < 1.7.0

Dell ≫ Inspiron 3585 Version-

Dell ≫ Inspiron 3595 Firmware Version < 1.3.0

Dell ≫ Inspiron 3595 Version-

Dell ≫ Inspiron 3785 Firmware Version < 1.7.0

Dell ≫ Inspiron 3785 Version-

Dell ≫ Inspiron 5405 Firmware Version < 1.7.0

Dell ≫ Inspiron 5405 Version-

Dell ≫ Inspiron 5415 Firmware Version < 1.9.0

Dell ≫ Inspiron 5415 Version-

Dell ≫ Inspiron 5415 All-in-one Firmware Version < 1.5.0

Dell ≫ Inspiron 5415 All-in-one Version-

Dell ≫ Inspiron 5485 Firmware Version < 2.8.0

Dell ≫ Inspiron 5485 Version-

Dell ≫ Inspiron 5505 Firmware Version < 1.7.0

Dell ≫ Inspiron 5505 Version-

Dell ≫ Inspiron 5515 Firmware Version < 1.9.0

Dell ≫ Inspiron 5515 Version-

Dell ≫ Inspiron 5575 Firmware Version < 1.6.0

Dell ≫ Inspiron 5575 Version-

Dell ≫ Inspiron 5585 Firmware Version < 2.8.0

Dell ≫ Inspiron 5585 Version-

Dell ≫ Inspiron 7375 Firmware Version < 1.7.0

Dell ≫ Inspiron 7375 Version-

Dell ≫ Inspiron 7405 Firmware Version < 1.8.0

Dell ≫ Inspiron 7405 Version-

Dell ≫ Inspiron 7415 Firmware Version < 1.9.0

Dell ≫ Inspiron 7415 Version-

Dell ≫ Inspiron 7425 Firmware Version < 1.2.1

Dell ≫ Inspiron 7425 Version-

Dell ≫ Vostro 3405 Firmware Version < 1.6.0

Dell ≫ Vostro 3405 Version-

Dell ≫ Vostro 3515 Firmware Version < 1.5.0

Dell ≫ Vostro 3515 Version-

Dell ≫ Vostro 3525 Firmware Version < 1.3.0

Dell ≫ Vostro 3525 Version-

Dell ≫ Vostro 5415 Firmware Version < 1.9.0

Dell ≫ Vostro 5415 Version-

Dell ≫ Vostro 5515 Firmware Version < 1.9.0

Dell ≫ Vostro 5515 Version-

Dell ≫ Vostro 5625 Firmware Version < 1.2.1

Dell ≫ Vostro 5625 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.094

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C
security_alert@emc.com	6.3	0.8	5.5	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://www.dell.com/support/kbdoc/en-us/000200568/dsa-2022-096

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-26863

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-26863

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-26863

EUVD