CVE-2022-31223

EPSS 0.05%
Veröffentlicht 12.09.2022 19:15:09
Zuletzt bearbeitet 21.11.2024 07:04:10
Quelle security_alert@emc.com
Teams Watchlist Login
Unerledigt Login

Dell BIOS versions contain an Improper Neutralization of Null Byte vulnerability. A local authenticated administrator user could potentially exploit this vulnerability by sending unexpected null bytes in order to read memory on the system.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dell ≫ Chengming 3900 Firmware Version < 1.1.66

Dell ≫ Chengming 3900 Version-

Dell ≫ Inspiron 14 Plus 7420 Firmware Version < 1.2.0

Dell ≫ Inspiron 14 Plus 7420 Version-

Dell ≫ Inspiron 16 Plus 7620 Firmware Version < 1.2.0

Dell ≫ Inspiron 16 Plus 7620 Version-

Dell ≫ Inspiron 3910 Firmware Version < 1.1.66

Dell ≫ Inspiron 3910 Version-

Dell ≫ Inspiron 5320 Firmware Version < 1.1.0

Dell ≫ Inspiron 5320 Version-

Dell ≫ Inspiron 5420 Firmware Version < 1.4.1

Dell ≫ Inspiron 5420 Version-

Dell ≫ Inspiron 5620 Firmware Version < 1.4.1

Dell ≫ Inspiron 5620 Version-

Dell ≫ Inspiron 7420 Firmware Version < 1.3.0

Dell ≫ Inspiron 7420 Version-

Dell ≫ Inspiron 7620 Firmware Version < 1.3.0

Dell ≫ Inspiron 7620 Version-

Dell ≫ Optiplex 3000 Firmware Version < 1.1.66

Dell ≫ Optiplex 3000 Version-

Dell ≫ Optiplex 3000 Thin Client Firmware Version < 1.0.7

Dell ≫ Optiplex 3000 Thin Client Version-

Dell ≫ Optiplex 5000 Firmware Version < 1.3.62

Dell ≫ Optiplex 5000 Version-

Dell ≫ Optiplex 5400 Firmware Version < 1.0.13

Dell ≫ Optiplex 5400 Version-

Dell ≫ Optiplex 7000 Firmware Version < 1.3.62

Dell ≫ Optiplex 7000 Version-

Dell ≫ Optiplex 7000 Oem Firmware Version < 1.3.62

Dell ≫ Optiplex 7000 Oem Version-

Dell ≫ Optiplex 7400 Firmware Version < 1.0.13

Dell ≫ Optiplex 7400 Version-

Dell ≫ Precision 3460 Small Form Factor Firmware Version < 1.3.62

Dell ≫ Precision 3460 Small Form Factor Version-

Dell ≫ Precision 3660 Tower Firmware Version < 1.3.71

Dell ≫ Precision 3660 Tower Version-

Dell ≫ Precision 5770 Firmware Version < 1.6.0

Dell ≫ Precision 5770 Version-

Dell ≫ Vostro 3710 Firmware Version < 1.1.66

Dell ≫ Vostro 3710 Version-

Dell ≫ Vostro 3910 Firmware Version < 1.1.66

Dell ≫ Vostro 3910 Version-

Dell ≫ Vostro 5320 Firmware Version < 1.1.0

Dell ≫ Vostro 5320 Version-

Dell ≫ Vostro 5620 Firmware Version < 1.4.1

Dell ≫ Vostro 5620 Version-

Dell ≫ Vostro 7620 Firmware Version < 1.2.0

Dell ≫ Vostro 7620 Version-

Dell ≫ Xps 17 9720 Firmware Version < 1.6.0

Dell ≫ Xps 17 9720 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.138

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	2.3	0.8	1.4	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
security_alert@emc.com	2.3	0.8	1.4	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CWE-158 Improper Neutralization of Null Byte or NUL Character

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes NUL characters or null bytes when they are sent to a downstream component.

https://www.dell.com/support/kbdoc/000202196

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-31223

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-31223

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-31223

EUVD