Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2022-22558
HistoryAug 04, 2022 - 12:00 a.m.

CVE-2022-22558

2022-08-0400:00:00
CWE-119
[email protected]
web.nvd.nist.gov
135
dell
bios
smm
communication
buffer
verification
vulnerability
nvd
cve-2022-22558

3.6 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

6.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Dell PowerEdge Server BIOS and Dell Precision Workstation 7910 and 7920 Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A Local High Privileged attacker could potentially exploit this vulnerability leading to arbitrary writes or denial of service.

Affected configurations

NVD
Node
dellr6415_firmwareRange<1.18.0
AND
dellr6415Match-
Node
dellr7415_firmwareRange<1.18.0
AND
dellr7415Match-
Node
dellr7425_firmwareRange<1.18.0
AND
dellr7425Match-
Node
dellr730_firmwareRange<2.14.0
AND
dellr730Match-
Node
dellr730xd_firmwareRange<2.14.0
AND
dellr730xdMatch-
Node
dellr630_firmwareRange<2.14.0
AND
dellr630Match-
Node
dellc4130_firmwareRange<2.14.0
AND
dellc4130Match-
Node
dellm630_firmwareRange<2.14.0
AND
dellm630Match-
Node
dellm630p_firmwareRange<2.14.0
AND
dellm630pMatch-
Node
dellfc630_firmwareRange<2.14.0
AND
dellfc630Match-
Node
dellfc430_firmwareRange<2.14.0
AND
dellfc430Match-
Node
dellm830_firmwareRange<2.14.0
AND
dellm830Match-
Node
dellm830p_firmwareRange<2.14.0
AND
dellm830pMatch-
Node
dellfc830_firmwareRange<2.14.0
AND
dellfc830Match-
Node
dellt630_firmwareRange<2.14.0
AND
dellt630Match-
Node
dellr530_firmwareRange<2.14.0
AND
dellr530Match-
Node
dellr430_firmwareRange<2.14.0
AND
dellr430Match-
Node
dellt430_firmwareRange<2.14.0
AND
dellt430Match-
Node
dellr830_firmwareRange<1.14.0
AND
dellr830Match-
Node
dellc6320_firmwareRange<2.14.1
AND
dellc6320Match-

CNA Affected

[
  {
    "product": "PowerEdge Platform",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "BIOS update for PowerEdge 13G Intel 1S/2S and 14G AMD",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Related

cvelist 1
prion 1
nvd 1
cvelist
cvelist
CVE-2022-22558
2022-08-04 00:00:00
prion
prion
Design/Logic Flaw
2022-04-21 21:15:00
nvd
nvd
CVE-2022-22558
2022-04-21 21:15:07

3.6 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

6.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON
Related for CVE-2022-22558
cvelist1prion1nvd1