CVE-2022-31223

EPSS 0.05%
Published 12.09.2022 19:15:09
Last modified 21.11.2024 07:04:10
Source security_alert@emc.com
Teams watchlist Login
Open Login

Dell BIOS versions contain an Improper Neutralization of Null Byte vulnerability. A local authenticated administrator user could potentially exploit this vulnerability by sending unexpected null bytes in order to read memory on the system.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Dell ≫ Chengming 3900 Firmware Version < 1.1.66

Dell ≫ Chengming 3900 Version-

Dell ≫ Inspiron 14 Plus 7420 Firmware Version < 1.2.0

Dell ≫ Inspiron 14 Plus 7420 Version-

Dell ≫ Inspiron 16 Plus 7620 Firmware Version < 1.2.0

Dell ≫ Inspiron 16 Plus 7620 Version-

Dell ≫ Inspiron 3910 Firmware Version < 1.1.66

Dell ≫ Inspiron 3910 Version-

Dell ≫ Inspiron 5320 Firmware Version < 1.1.0

Dell ≫ Inspiron 5320 Version-

Dell ≫ Inspiron 5420 Firmware Version < 1.4.1

Dell ≫ Inspiron 5420 Version-

Dell ≫ Inspiron 5620 Firmware Version < 1.4.1

Dell ≫ Inspiron 5620 Version-

Dell ≫ Inspiron 7420 Firmware Version < 1.3.0

Dell ≫ Inspiron 7420 Version-

Dell ≫ Inspiron 7620 Firmware Version < 1.3.0

Dell ≫ Inspiron 7620 Version-

Dell ≫ Optiplex 3000 Firmware Version < 1.1.66

Dell ≫ Optiplex 3000 Version-

Dell ≫ Optiplex 3000 Thin Client Firmware Version < 1.0.7

Dell ≫ Optiplex 3000 Thin Client Version-

Dell ≫ Optiplex 5000 Firmware Version < 1.3.62

Dell ≫ Optiplex 5000 Version-

Dell ≫ Optiplex 5400 Firmware Version < 1.0.13

Dell ≫ Optiplex 5400 Version-

Dell ≫ Optiplex 7000 Firmware Version < 1.3.62

Dell ≫ Optiplex 7000 Version-

Dell ≫ Optiplex 7000 Oem Firmware Version < 1.3.62

Dell ≫ Optiplex 7000 Oem Version-

Dell ≫ Optiplex 7400 Firmware Version < 1.0.13

Dell ≫ Optiplex 7400 Version-

Dell ≫ Precision 3460 Small Form Factor Firmware Version < 1.3.62

Dell ≫ Precision 3460 Small Form Factor Version-

Dell ≫ Precision 3660 Tower Firmware Version < 1.3.71

Dell ≫ Precision 3660 Tower Version-

Dell ≫ Precision 5770 Firmware Version < 1.6.0

Dell ≫ Precision 5770 Version-

Dell ≫ Vostro 3710 Firmware Version < 1.1.66

Dell ≫ Vostro 3710 Version-

Dell ≫ Vostro 3910 Firmware Version < 1.1.66

Dell ≫ Vostro 3910 Version-

Dell ≫ Vostro 5320 Firmware Version < 1.1.0

Dell ≫ Vostro 5320 Version-

Dell ≫ Vostro 5620 Firmware Version < 1.4.1

Dell ≫ Vostro 5620 Version-

Dell ≫ Vostro 7620 Firmware Version < 1.2.0

Dell ≫ Vostro 7620 Version-

Dell ≫ Xps 17 9720 Firmware Version < 1.6.0

Dell ≫ Xps 17 9720 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.138

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	2.3	0.8	1.4	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
security_alert@emc.com	2.3	0.8	1.4	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CWE-158 Improper Neutralization of Null Byte or NUL Character

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes NUL characters or null bytes when they are sent to a downstream component.

https://www.dell.com/support/kbdoc/000202196

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-31223

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-31223

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-31223

EUVD