Lucene search

DellCVELIST:CVE-2022-32484

HistoryOct 12, 2022 - 7:25 p.m.

CVE-2022-32484

2022-10-1219:25:35

CWE-20

dell

www.cve.org

dell bios

input validation

uefi variable

local authenticated user

CVSS3

5.6

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L

AI Score

5.6

Confidence

High

EPSS

Percentile

5.1%

JSON

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

CNA Affected

[
  {
    "vendor": "Dell",
    "product": "CPG BIOS",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "2.3",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/000203758

CVSS3

5.6

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L

AI Score

5.6

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2022-32484