Lucene search

DellCVELIST:CVE-2022-34409

HistoryMar 16, 2023 - 11:26 a.m.

CVE-2022-34409

2023-03-1611:26:00

CWE-119

dell

www.cve.org

dell

poweredge

precision

bios

smm

communication

vulnerability

local user

high privileges

arbitrary code execution

denial of service

CVSS3

7.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "PowerEdge Platform",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": "14G,15G"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000206296/dsa-2022-204-dell-poweredge-improper-smm-communication-buffer-verification-vulnerability

CVSS3

7.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2022-34409