CVE-2022-34393

EPSS 0.02%
Published 18.01.2023 06:15:11
Last modified 21.11.2024 07:09:25
Source security_alert@emc.com
Teams watchlist Login
Open Login

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Dell ≫ G5 Se 5505 Firmware Version < 1.12.1

Dell ≫ G5 Se 5505 Version-

Dell ≫ Inspiron 27 7775 Firmware Version < 2.17.0

Dell ≫ Inspiron 27 7775 Version-

Dell ≫ Inspiron 3180 Firmware Version < 1.5.0

Dell ≫ Inspiron 3180 Version-

Dell ≫ Inspiron 3185 Firmware Version < 1.5.0

Dell ≫ Inspiron 3185 Version-

Dell ≫ Inspiron 3195 2-in-1 Firmware Version < 1.5.0

Dell ≫ Inspiron 3195 2-in-1 Version-

Dell ≫ Inspiron 3275 Firmware Version < 1.9.1

Dell ≫ Inspiron 3275 Version-

Dell ≫ Inspiron 3475 Firmware Version < 1.9.1

Dell ≫ Inspiron 3475 Version-

Dell ≫ Inspiron 3505 Firmware Version < 1.8.0

Dell ≫ Inspiron 3505 Version-

Dell ≫ Inspiron 3515 Firmware Version < 1.7.0

Dell ≫ Inspiron 3515 Version-

Dell ≫ Inspiron 3585 Firmware Version < 1.9.0

Dell ≫ Inspiron 3585 Version-

Dell ≫ Inspiron 3595 Firmware Version < 1.4.0

Dell ≫ Inspiron 3595 Version-

Dell ≫ Inspiron 3785 Firmware Version < 1.9.0

Dell ≫ Inspiron 3785 Version-

Dell ≫ Inspiron 5405 Firmware Version < 1.8.1

Dell ≫ Inspiron 5405 Version-

Dell ≫ Inspiron 5415 Firmware Version < 1.12.0

Dell ≫ Inspiron 5415 Version-

Dell ≫ Inspiron 5485 Firmware Version < 2.10.1

Dell ≫ Inspiron 5485 Version-

Dell ≫ Inspiron 5485 2-in-1 Firmware Version < 2.10.1

Dell ≫ Inspiron 5485 2-in-1 Version-

Dell ≫ Inspiron 5505 Firmware Version < 1.8.1

Dell ≫ Inspiron 5505 Version-

Dell ≫ Inspiron 5515 Firmware Version < 1.12.0

Dell ≫ Inspiron 5515 Version-

Dell ≫ Inspiron 5585 Firmware Version < 2.10.1

Dell ≫ Inspiron 5585 Version-

Dell ≫ Inspiron 7375 Firmware Version < 1.9.0

Dell ≫ Inspiron 7375 Version-

Dell ≫ Inspiron 7405 2-in-1 Firmware Version < 1.9.1

Dell ≫ Inspiron 7405 2-in-1 Version-

Dell ≫ Inspiron 7415 Firmware Version < 1.12.0

Dell ≫ Inspiron 7415 Version-

Dell ≫ Vostro 3405 Firmware Version < 1.8.0

Dell ≫ Vostro 3405 Version-

Dell ≫ Vostro 3515 Firmware Version < 1.7.0

Dell ≫ Vostro 3515 Version-

Dell ≫ Vostro 5415 Firmware Version < 1.12.0

Dell ≫ Vostro 5415 Version-

Dell ≫ Vostro 5515 Firmware Version < 1.12.0

Dell ≫ Vostro 5515 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.045

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	0.8	6	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
security_alert@emc.com	7.5	0.8	6	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://www.dell.com/support/kbdoc/000204686

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-34393

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-34393

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-34393

EUVD