CVE-2022-34391

2022-10-1220:15:11

CWE-119

[email protected]

web.nvd.nist.gov

dell

bios

vulnerability

arbitrary code execution

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

Dell Client BIOS Versions prior to the remediated version contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Affected configurations

Nvd

Node

dellalienware_area-51_r5_firmwareRange<2.0.6

AND

dellalienware_area-51_r5Match-

Node

dellalienware_area-51_r4_firmwareRange<2.0.6

AND

dellalienware_area-51_r4Match-

VendorProductVersionCPE
dellalienware_area-51_r5_firmware*cpe:2.3:o:dell:alienware_area-51_r5_firmware:*:*:*:*:*:*:*:*
dellalienware_area-51_r5-cpe:2.3:h:dell:alienware_area-51_r5:-:*:*:*:*:*:*:*
dellalienware_area-51_r4_firmware*cpe:2.3:o:dell:alienware_area-51_r4_firmware:*:*:*:*:*:*:*:*
dellalienware_area-51_r4-cpe:2.3:h:dell:alienware_area-51_r4:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	alienware_area-51_r5_firmware	*	cpe:2.3:o:dell:alienware_area-51_r5_firmware::::::::
dell	alienware_area-51_r5	-	cpe:2.3:h:dell:alienware_area-51_r5:-:::::::*
dell	alienware_area-51_r4_firmware	*	cpe:2.3:o:dell:alienware_area-51_r4_firmware::::::::
dell	alienware_area-51_r4	-	cpe:2.3:h:dell:alienware_area-51_r4:-:::::::*