CVE-2022-34405

EPSS 0.07%
Published 26.01.2023 21:15:42
Last modified 21.11.2024 07:09:27
Source security_alert@emc.com
Teams watchlist Login
Open Login

An improper access control vulnerability was identified in the Realtek audio driver. A local authenticated malicious user may potentially exploit this vulnerability by waiting for an administrator to launch the application and attach to the process to elevate privileges on the system.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Dell ≫ Realtek High Definition Audio Driver Version < 6.0.9433.1

Dell ≫ Alienware M15 Ryzen Edition R5 Version-
Dell ≫ G15 5515 Version-

Dell ≫ Realtek High Definition Audio Driver Version < 6.0.9400.1

   Dell ≫ Alienware M15 R6 Version-
   Dell ≫ G15 5510 Version-
   Dell ≫ G15 5511 Version-

Dell ≫ Realtek High Definition Audio Driver Version < 6.0.9394.1

   Dell ≫ Alienware Area 51m R1 Version-
   Dell ≫ Alienware Area 51m R2 Version-
   Dell ≫ Alienware Aurora R10 Version-
   Dell ≫ Alienware Aurora R11 Version-
   Dell ≫ Alienware Aurora R12 Version-
   Dell ≫ Alienware Aurora R8 Version-
   Dell ≫ Alienware Aurora R9 Version-
   Dell ≫ Alienware M15 R1 Version-
   Dell ≫ Alienware M15 R2 Version-
   Dell ≫ Alienware M15 R3 Version-
   Dell ≫ Alienware M15 R4 Version-
   Dell ≫ Alienware M17 R1 Version-
   Dell ≫ Alienware M17 R2 Version-
   Dell ≫ Alienware M17 R3 Version-
   Dell ≫ Alienware M17 R4 Version-
   Dell ≫ G5 5000 Version-
   Dell ≫ G5 5090 Version-
   Dell ≫ G5 5590 Version-
   Dell ≫ G7 7590 Version-
   Dell ≫ G7 7790 Version-

Dell ≫ Realtek High Definition Audio Driver Version < 6.0.9407.1

Dell ≫ G7 7500 Version-
Dell ≫ G7 7700 Version-

Dell ≫ Realtek High Definition Audio Driver Version < 6.0.9388.1

   Dell ≫ Alienware Aurora R13 Version-
   Dell ≫ Alienware X15 R1 Version-
   Dell ≫ Alienware X17 R1 Version-

Dell ≫ Realtek High Definition Audio Driver Version < 6.0.9254.1

Dell ≫ G3 3590 Version-

Dell ≫ Realtek High Definition Audio Driver Version < 6.0.9422.1

Dell ≫ G3 3500 Version-
Dell ≫ G5 5500 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.07%	0.179

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.3	1.3	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
security_alert@emc.com	7.3	1.3	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

https://www.dell.com/support/kbdoc/en-us/000205721/dsa-2022-316-dell-client-security-update-for-a-realtek-high-definition-audio-driver-vulnerability

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-34405

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-34405

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-34405

EUVD