Lucene search
HistoryJan 18, 2023 - 6:15 a.m.
CVE-2022-34460
dell
bios
input validation
vulnerability
cve-2022-34460
smi
arbitrary code execution
smram
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
5.1%
Prior Dell BIOS versions contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
Affected configurations
Node
dellg5_se_5505_firmwareRange<1.12.1
dellg5_se_5505Match-
Node
dellinspiron_27_7775_firmwareRange<2.17.0
dellinspiron_27_7775Match-
Node
dellinspiron_3180_firmwareRange<1.5.0
dellinspiron_3180Match-
Node
dellinspiron_3185_firmwareRange<1.5.0
dellinspiron_3185Match-
Node
dellinspiron_3195_2-in-1_firmwareRange<1.5.0
dellinspiron_3195_2-in-1Match-
Node
dellinspiron_3275_firmwareRange<1.9.1
dellinspiron_3275Match-
Node
dellinspiron_3475_firmwareRange<1.9.1
dellinspiron_3475Match-
Node
dellinspiron_3505_firmwareRange<1.8.0
dellinspiron_3505Match-
Node
dellinspiron_3515_firmwareRange<1.7.0
dellinspiron_3515Match-
Node
dellinspiron_3585_firmwareRange<1.9.0
dellinspiron_3585Match-
Node
dellinspiron_3595_firmwareRange<1.4.0
dellinspiron_3595Match-
Node
dellinspiron_3785_firmwareRange<1.9.0
dellinspiron_3785Match-
Node
dellinspiron_5405_firmwareRange<1.8.1
dellinspiron_5405Match-
Node
dellinspiron_5415_firmwareRange<1.12.0
dellinspiron_5415Match-
Node
dellinspiron_5485_firmwareRange<2.10.1
dellinspiron_5485Match-
Node
dellinspiron_5485_2-in-1_firmwareRange<2.10.1
dellinspiron_5485_2-in-1Match-
Node
dellinspiron_5505_firmwareRange<1.8.1
dellinspiron_5505Match-
Node
dellinspiron_5515_firmwareRange<1.12.0
dellinspiron_5515Match-
Node
dellinspiron_5585_firmwareRange<2.10.1
dellinspiron_5585Match-
Node
dellinspiron_7375_firmwareRange<1.9.0
dellinspiron_7375Match-
Node
dellinspiron_7405_2-in-1_firmwareRange<1.9.1
dellinspiron_7405_2-in-1Match-
Node
dellinspiron_7415_firmwareRange<1.12.0
dellinspiron_7415Match-
Node
dellvostro_3405_firmwareRange<1.8.0
dellvostro_3405Match-
Node
dellvostro_3515_firmwareRange<1.7.0
dellvostro_3515Match-
Node
dellvostro_5415_firmwareRange<1.12.0
dellvostro_5415Match-
Node
dellvostro_5515_firmwareRange<1.12.0
dellvostro_5515Match-
| CPE | Name | Operator | Version |
|---|---|---|---|
| dell:g5_se_5505_firmware | dell g5 se 5505 firmware | lt | 1.12.1 |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "BIOS",
"vendor": "Dell",
"versions": [
{
"lessThanOrEqual": "2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]References
Related
prion
prion
Input validation
2023-01-18 06:15:00
cnvd
cnvd
Dell BIOS Input Validation Error Vulnerability (CNVD-2023-14507)
2023-02-21 00:00:00
cvelist
cvelist
CVE-2022-34460
2023-01-18 05:25:10
nvd
nvd
CVE-2022-34460
2023-01-18 06:15:11
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
5.1%
Related for CVE-2022-34460