Lucene search

[email protected]NVD:CVE-2022-34405

HistoryJan 26, 2023 - 9:15 p.m.

CVE-2022-34405

2023-01-2621:15:42

CWE-285

[email protected]

web.nvd.nist.gov

access control

realtek audio

local authenticated user

privilege escalation

7.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

An improper access control vulnerability was identified in the Realtek audio driver. A local authenticated malicious user may potentially exploit this vulnerability by waiting for an administrator to launch the application and attach to the process to elevate privileges on the system.

Affected configurations

NVD

Node

dellrealtek_high_definition_audio_driverRange<6.0.9433.1

AND

dellalienware_m15_ryzen_edition_r5Match-

dellg15_5515Match-

Node

dellrealtek_high_definition_audio_driverRange<6.0.9400.1

AND

dellalienware_m15_r6Match-

dellg15_5510Match-

dellg15_5511Match-

Node

dellrealtek_high_definition_audio_driverRange<6.0.9394.1

AND

dellalienware_area_51m_r1Match-

dellalienware_area_51m_r2Match-

dellalienware_aurora_r10Match-

dellalienware_aurora_r11Match-

dellalienware_aurora_r12Match-

dellalienware_aurora_r8Match-

dellalienware_aurora_r9Match-

dellalienware_m15_r1Match-

dellalienware_m15_r2Match-

dellalienware_m15_r3Match-

dellalienware_m15_r4Match-

dellalienware_m17_r1Match-

dellalienware_m17_r2Match-

dellalienware_m17_r3Match-

dellalienware_m17_r4Match-

dellg5_5000Match-

dellg5_5090Match-

dellg5_5590Match-

dellg7_7590Match-

dellg7_7790Match-

Node

dellrealtek_high_definition_audio_driverRange<6.0.9407.1

AND

dellg7_7500Match-

dellg7_7700Match-

Node

dellrealtek_high_definition_audio_driverRange<6.0.9388.1

AND

dellalienware_aurora_r13Match-

dellalienware_x15_r1Match-

dellalienware_x17_r1Match-

Node

dellrealtek_high_definition_audio_driverRange<6.0.9254.1

AND

dellg3_3590Match-

Node

dellrealtek_high_definition_audio_driverRange<6.0.9422.1

AND

dellg3_3500Match-

dellg5_5500Match-

References

www.dell.com/support/kbdoc/en-us/000205721/dsa-2022-316-dell-client-security-update-for-a-realtek-high-definition-audio-driver-vulnerability

7.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2022-34405

cve1 prion1 cvelist1