Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistDellCVELIST:CVE-2022-34405
HistoryJan 25, 2023 - 4:15 p.m.

CVE-2022-34405

2023-01-2516:15:43
CWE-285
dell
www.cve.org
realtek audio driver
access control vulnerability
local user
privilege escalation

7.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

An improper access control vulnerability was identified in the Realtek audio driver. A local authenticated malicious user may potentially exploit this vulnerability by waiting for an administrator to launch the application and attach to the process to elevate privileges on the system.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Alienware m15 Ryzen Edition R5",
      "Alienware m15 R6",
      "Dell G5 5090",
      "Dell G5 5000",
      "Alienware Area 51m R2",
      "Dell G7 7500",
      "Dell G7 7700",
      "Alienware x15 R1",
      "Alienware x17 R1",
      "Alienware m15 R1",
      "Alienware m17 R1",
      "Dell Gaming G3 3590",
      "Dell G3 3500",
      "Dell G5 5500",
      "Alienware Area 51m R1",
      "Alienware Aurora R8",
      "Dell G15 5515",
      "Dell G15 5510",
      "Dell G15 5511",
      "Alienware Aurora R10",
      "Alienware Aurora R9",
      "Alienware Aurora R11",
      "Alienware Aurora R12",
      "Alienware m15 R3",
      "Alienware m15 R4",
      "Alienware m17 R3",
      "Alienware m17 R4",
      "Dell G5 5590",
      "Dell G7 7590",
      "Dell G7 7790",
      "Alienware Aurora R13",
      "Alienware m15 R2",
      "Alienware m17 R2"
    ],
    "product": "CPG Drivers",
    "vendor": "Dell",
    "versions": [
      {
        "status": "unaffected",
        "version": "6.0.9433.1"
      },
      {
        "status": "unaffected",
        "version": "6.0.9400.1"
      },
      {
        "status": "unaffected",
        "version": "6.0.9394.1"
      },
      {
        "status": "unaffected",
        "version": "1.37.275.0"
      },
      {
        "status": "unaffected",
        "version": "6.0.9407.1"
      },
      {
        "status": "unaffected",
        "version": "6.0.9388.1"
      },
      {
        "status": "unaffected",
        "version": "6.0.9254.1"
      },
      {
        "status": "unaffected",
        "version": "6.0.9422.1"
      }
    ]
  }
]

Related

cve 1
nvd 1
prion 1
cve
cve
CVE-2022-34405
2023-01-26 21:15:42
nvd
nvd
CVE-2022-34405
2023-01-26 21:15:42
prion
prion
Improper access control
2023-01-26 21:15:00

7.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for CVELIST:CVE-2022-34405
cve1nvd1prion1