Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveDellCVE-2022-34401
HistoryJan 18, 2023 - 6:15 a.m.

CVE-2022-34401

2023-01-1806:15:11
CWE-787
CWE-121
dell
web.nvd.nist.gov
22
cve-2022-34401
dell
bios
buffer overflow
vulnerability
smi
arbitrary code execution
smram

CVSS3

7.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS

0

Percentile

15.7%

JSON

Dell BIOS contains a stack based buffer overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter in order to gain arbitrary code execution in SMRAM.

Affected configurations

Nvd
Vulners
Node
dellalienware_m15_a6_firmwareRange<1.4.3
AND
dellalienware_m15_a6Match-
Node
dellalienware_m17_r5_firmwareRange<1.4.3
AND
dellalienware_m17_r5Match-
Node
dellg15_5525_firmwareRange<1.4.3
AND
dellg15_5525Match-
VendorProductVersionCPE
dellalienware_m15_a6_firmware*cpe:2.3:o:dell:alienware_m15_a6_firmware:*:*:*:*:*:*:*:*
dellalienware_m15_a6-cpe:2.3:h:dell:alienware_m15_a6:-:*:*:*:*:*:*:*
dellalienware_m17_r5_firmware*cpe:2.3:o:dell:alienware_m17_r5_firmware:*:*:*:*:*:*:*:*
dellalienware_m17_r5-cpe:2.3:h:dell:alienware_m17_r5:-:*:*:*:*:*:*:*
dellg15_5525_firmware*cpe:2.3:o:dell:g15_5525_firmware:*:*:*:*:*:*:*:*
dellg15_5525-cpe:2.3:h:dell:g15_5525:-:*:*:*:*:*:*:*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "CPG BIOS",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": "1.4.3"
      }
    ]
  }
]

Related

nvd 1
cvelist 1
prion 1
cnvd 1
nvd
nvd
CVE-2022-34401
2023-01-18 06:15:11
cvelist
cvelist
CVE-2022-34401
2023-01-18 05:51:09
prion
prion
Stack overflow
2023-01-18 06:15:00
cnvd
cnvd
Dell BIOS Buffer Overflow Vulnerability (CNVD-2023-05408)
2023-01-30 00:00:00

CVSS3

7.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS

0

Percentile

15.7%

JSON
Related for CVE-2022-34401
nvd1cvelist1prion1cnvd1