Vulnerabilites related to Dell - BIOS
Vulnerability from fkie_nvd
Published
2022-10-11 17:15
Modified
2024-11-21 07:06
Severity ?
7.5 (High) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | https://www.dell.com/support/kbdoc/000202772 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dell.com/support/kbdoc/000202772 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bios | * | |
| dell | precision_5820_tower | - | |
| dell | bios | * | |
| dell | precision_7820_tower | - | |
| dell | bios | * | |
| dell | precision_7920_tower | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:bios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D5DDA4D-B0AB-427E-9480-579F7622A450",
"versionEndExcluding": "2.21.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:precision_5820_tower:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C2EC78F-36B6-4B73-96C9-EDC94F4CF4B2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:bios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0216887B-5849-4E22-96D7-5D6963F56AE9",
"versionEndExcluding": "2.25.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:precision_7820_tower:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E0C0F26-863C-4704-BA18-D484817010F7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:bios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0216887B-5849-4E22-96D7-5D6963F56AE9",
"versionEndExcluding": "2.25.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:precision_7920_tower:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8DD977B9-8060-479B-9406-3B66D49C539E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM."
},
{
"lang": "es",
"value": "Dell BIOS contiene una vulnerabilidad de comprobaci\u00f3n de entrada inapropiada. Un usuario local malicioso y autenticado puede explotar esta vulnerabilidad usando una SMI para conseguir una ejecuci\u00f3n de c\u00f3digo arbitrario en la SMRAM"
}
],
"id": "CVE-2022-32486",
"lastModified": "2024-11-21T07:06:26.657",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 6.0,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-11T17:15:10.697",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/000202772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/000202772"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-08-01 01:59
Modified
2024-11-21 02:28
Severity ?
Summary
The BIOS implementation on Dell Latitude, OptiPlex, Precision Mobile Workstation, and Precision Workstation Client Solutions (CS) devices with model-dependent firmware before A21 does not enforce a BIOS_CNTL locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging console access, a similar issue to CVE-2015-3692.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://www.kb.cert.org/vuls/id/577140 | Third Party Advisory, US Government Resource | |
| cret@cert.org | http://www.kb.cert.org/vuls/id/BLUU-9XXQ9L | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/577140 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/BLUU-9XXQ9L | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bios | * | |
| dell | latitude_e6420_atg | * | |
| dell | latitude_e6420_xfr | * | |
| dell | bios | * | |
| dell | latitude_e6220 | * | |
| dell | latitude_xt3 | * | |
| dell | bios | * | |
| dell | latitude_e4310 | * | |
| dell | latitude_e5410 | * | |
| dell | latitude_e5510 | * | |
| dell | latitude_e6410_atg | * | |
| dell | latitude_e6510 | * | |
| dell | precision_mobile_m4600 | * | |
| dell | precision_t1600 | * | |
| dell | bios | * | |
| dell | latitude_e6320 | * | |
| dell | latitude_e6520 | * | |
| dell | bios | * | |
| dell | precision_mobile_m4500 | * | |
| dell | precision_mobile_m6600 | * | |
| dell | bios | a13 | |
| dell | latitude_e4310 | * | |
| dell | latitude_e5420 | * | |
| dell | latitude_e5520 | * | |
| dell | bios | * | |
| dell | precision_t3600 | * | |
| dell | precision_t5600 | * | |
| dell | precision_t5600_xl | * | |
| dell | bios | * | |
| dell | optiplex_390 | * | |
| dell | bios | * | |
| dell | optiplex_790 | * | |
| dell | optiplex_990 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:bios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F96D27AD-EB5B-487E-8235-F05956F183BA",
"versionEndIncluding": "a20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:latitude_e6420_atg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC5428F-8648-430F-8CE8-08C772D5BDED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:latitude_e6420_xfr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C74F0B2-05AF-49EE-B076-D6DEFDBE41CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:bios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8392EFC5-B9AB-452E-9AD6-8B32A635481C",
"versionEndIncluding": "a12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:latitude_e6220:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B3FE1C2-B072-436E-96CB-22D23BDCE8C0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:latitude_xt3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39513230-B59E-49F7-88A3-F445D03EA27B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:bios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "502A1AD4-229B-4FE7-931D-10742D113F5A",
"versionEndIncluding": "a15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:latitude_e4310:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E89E008-BD0E-437D-9B9B-CF7DD9203AE3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:latitude_e5410:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78DF7412-FAD0-4E61-B30F-85E2A566795A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:latitude_e5510:*:*:*:*:*:*:*:*",
"matchCriteriaId": "953DF818-61F0-4ED4-9666-722C798205D3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:latitude_e6410_atg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77B33C69-A368-454F-A052-2B46F3CECF7F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:latitude_e6510:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF3067E4-E9F1-46A8-A9B3-E0A8F488A9EC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:precision_mobile_m4600:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A11853A7-601B-4E8F-8582-8958A59D8AB9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:precision_t1600:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AFC18C0F-E3EC-48F3-B990-DB4ACEABB6A4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:bios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C66608F6-FA56-453C-BBCD-DFF64BB8C95E",
"versionEndIncluding": "a18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:latitude_e6320:*:*:*:*:*:*:*:*",
"matchCriteriaId": "810B5BA9-8DB3-4A62-8CD5-AC1FBA4298FC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:latitude_e6520:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3107B874-0B9D-4243-9194-2F2E7DEFBFD0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:bios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7904EB-673A-4DD1-A73E-CED4A1B13CDF",
"versionEndIncluding": "a14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:precision_mobile_m4500:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D124B8F0-156B-46C2-933B-2E1CF3F15871",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:precision_mobile_m6600:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C03D4B2E-FB0E-45E8-8DBE-A3B578C8B3D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:bios:a13:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA431FC-1121-4246-A4BD-1347F6D2C293",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:latitude_e4310:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E89E008-BD0E-437D-9B9B-CF7DD9203AE3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:latitude_e5420:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B7A9D4F-814C-4D09-95FF-C35D5B9DD2C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:latitude_e5520:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D8FA4C7-80B6-49EA-9FCF-504ACFAB0EBB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:bios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A69BD5BB-CEE8-4DB4-B7CE-20B6373FBB3B",
"versionEndIncluding": "a11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:precision_t3600:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E605E0D0-2320-44FE-97A7-39FD8D9D88C0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:precision_t5600:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22E90D88-3C7D-4C6A-BBA0-1F7AE623EB85",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:precision_t5600_xl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23652CE5-3B58-4067-94E0-334D987A87A1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:bios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B0C2091-2FB9-49CD-8B38-840BEAD78109",
"versionEndIncluding": "a10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:optiplex_390:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E08E38-3D9D-4E1E-8CEB-0160D768BF41",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:bios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE8947B0-DA10-4A54-B03D-C2AE3D917732",
"versionEndIncluding": "a17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:optiplex_790:*:*:*:*:*:*:*:*",
"matchCriteriaId": "935B84EB-4EE8-4A44-83CE-FFEA1A480ACA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:optiplex_990:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C30A4609-2EE6-4AB5-BE64-1D03029EC547",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The BIOS implementation on Dell Latitude, OptiPlex, Precision Mobile Workstation, and Precision Workstation Client Solutions (CS) devices with model-dependent firmware before A21 does not enforce a BIOS_CNTL locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging console access, a similar issue to CVE-2015-3692."
},
{
"lang": "es",
"value": "Vulnerabilidad en la implementaci\u00f3n de la BIOS en dispositivos Dell Latitude, OptiPlex, Precisision Mobile Workstation y Precision Workstation Client Solutions (CS) con modelo dependiente del firmware anterior a A21, no impone un mecanismo de protecci\u00f3n de bloqueo BIOS_CNTL al ser despertado de la suspensi\u00f3n, lo que permite a usuarios locales conducir ataques de flash EFI mediante el aprovechamiento de acceso a la consola, un problema similar a CVE-2015-3692."
}
],
"id": "CVE-2015-2890",
"lastModified": "2024-11-21T02:28:16.517",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2015-08-01T01:59:13.943",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/577140"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/BLUU-9XXQ9L"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/577140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/BLUU-9XXQ9L"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-11 17:15
Modified
2024-11-21 07:06
Severity ?
7.5 (High) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | https://www.dell.com/support/kbdoc/000202772 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dell.com/support/kbdoc/000202772 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bios | * | |
| dell | precision_5820_tower | - | |
| dell | bios | * | |
| dell | precision_7820_tower | - | |
| dell | bios | * | |
| dell | precision_7920_tower | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:bios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D5DDA4D-B0AB-427E-9480-579F7622A450",
"versionEndExcluding": "2.21.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:precision_5820_tower:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C2EC78F-36B6-4B73-96C9-EDC94F4CF4B2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:bios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0216887B-5849-4E22-96D7-5D6963F56AE9",
"versionEndExcluding": "2.25.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:precision_7820_tower:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E0C0F26-863C-4704-BA18-D484817010F7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:bios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0216887B-5849-4E22-96D7-5D6963F56AE9",
"versionEndExcluding": "2.25.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:precision_7920_tower:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8DD977B9-8060-479B-9406-3B66D49C539E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM."
},
{
"lang": "es",
"value": "Dell BIOS contiene una vulnerabilidad de comprobaci\u00f3n de entrada inapropiada. Un usuario local malicioso y autenticado podr\u00eda explotar esta vulnerabilidad usando un SMI para conseguir una ejecuci\u00f3n de c\u00f3digo arbitrario en la SMRAM"
}
],
"id": "CVE-2022-32492",
"lastModified": "2024-11-21T07:06:28.847",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 6.0,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-11T17:15:10.790",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/000202772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/000202772"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-202203-0823
Vulnerability from variot
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. Alienware 13 R3 firmware, Alienware 15 R3 firmware, Alienware 15 R4 Multiple Dell products, such as firmware, contain a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dell is a company that manufactures, designs, and sells home and office computers, as well as servers, data storage devices, networking equipment, and more
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-0823",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vostro 3267",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.20.0"
},
{
"model": "alienware m17 r3",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.14.0"
},
{
"model": "vostro 3660",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.20.0"
},
{
"model": "alienware 15 r4",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.17.0"
},
{
"model": "inspiron 3477",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.19.0"
},
{
"model": "alienware m15 r4",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.8.0"
},
{
"model": "vostro 3582",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.13.0"
},
{
"model": "alienware m15 r2",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.12.0"
},
{
"model": "alienware x15 r1",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.7.0"
},
{
"model": "embedded box pc 3000",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.13.0"
},
{
"model": "alienware x17 r1",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.7.0"
},
{
"model": "edge gateway 3000",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.7.0"
},
{
"model": "inspiron 3565",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.12.0"
},
{
"model": "vostro 14 5468",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.19.0"
},
{
"model": "edge gateway 5000",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.17.0"
},
{
"model": "inspiron 14 3473",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.14.0"
},
{
"model": "alienware 17 r4",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.16.1"
},
{
"model": "alienware area 51m r1",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.18.0"
},
{
"model": "embedded box pc 5000",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.14.0"
},
{
"model": "alienware m15 r3",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.14.0"
},
{
"model": "inspiron 3582",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.13.0"
},
{
"model": "alienware m17 r4",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.8.0"
},
{
"model": "inspiron 3482",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.13.0"
},
{
"model": "inspiron 15 3573",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.14.0"
},
{
"model": "wyse 7040 thin client",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.15.0"
},
{
"model": "alienware 15 r3",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.16.1"
},
{
"model": "latitude 3379",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.0.34"
},
{
"model": "vostro 3668",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.20.0"
},
{
"model": "inspiron 3465",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.12.0"
},
{
"model": "alienware area 51m r2",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.13.0"
},
{
"model": "xps 8930",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.1.21"
},
{
"model": "alienware 17 r5",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.17.0"
},
{
"model": "vostro 3667",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.20.0"
},
{
"model": "inspiron 3502",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.7.0"
},
{
"model": "vostro 15 5568",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.19.0"
},
{
"model": "alienware 13 r3",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.16.1"
},
{
"model": "alienware aurora r8",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.0.20"
},
{
"model": "vostro 3572",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.14.0"
},
{
"model": "vostro 3669",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.20.0"
},
{
"model": "inspiron 3782",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.13.0"
},
{
"model": "inspiron 3277",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.19.0"
},
{
"model": "alienware m17 r2",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.12.0"
},
{
"model": "vostro 3268",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.20.0"
},
{
"model": "inspiron 15 5566",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.18.0"
},
{
"model": "inspiron 3510",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.6.0"
},
{
"model": "edge gateway 5100",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.17.0"
},
{
"model": "alienware area 51m r1",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "alienware m15 r3",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "alienware 17 r4",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "alienware 17 r5",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "alienware aurora r8",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "alienware 15 r3",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "alienware 13 r3",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "alienware area 51m r2",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "alienware m15 r2",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "alienware 15 r4",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "bios",
"scope": null,
"trust": 0.6,
"vendor": "dell",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-20687"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006719"
},
{
"db": "NVD",
"id": "CVE-2022-24421"
}
]
},
"cve": "CVE-2022-24421",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-24421",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 2.5,
"id": "CNVD-2022-20687",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:M/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-24421",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security_alert@emc.com",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.5,
"id": "CVE-2022-24421",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-24421",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-24421",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2022-24421",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-24421",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2022-20687",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-1202",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-20687"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006719"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1202"
},
{
"db": "NVD",
"id": "CVE-2022-24421"
},
{
"db": "NVD",
"id": "CVE-2022-24421"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. Alienware 13 R3 firmware, Alienware 15 R3 firmware, Alienware 15 R4 Multiple Dell products, such as firmware, contain a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dell is a company that manufactures, designs, and sells home and office computers, as well as servers, data storage devices, networking equipment, and more",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-24421"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006719"
},
{
"db": "CNVD",
"id": "CNVD-2022-20687"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-24421",
"trust": 3.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006719",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-20687",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1202",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-20687"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006719"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1202"
},
{
"db": "NVD",
"id": "CVE-2022-24421"
}
]
},
"id": "VAR-202203-0823",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-20687"
}
],
"trust": 0.9840067366666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-20687"
}
]
},
"last_update_date": "2024-11-23T22:15:51.497000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Dell BIOS Arbitrary Code Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/326606"
},
{
"title": "Dell BIOS Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=244001"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-20687"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1202"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.0
},
{
"problemtype": "Buffer error (CWE-119) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-006719"
},
{
"db": "NVD",
"id": "CVE-2022-24421"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.dell.com/support/kbdoc/en-us/000197057/dsa-2022-053"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24421"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-24421/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-20687"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006719"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1202"
},
{
"db": "NVD",
"id": "CVE-2022-24421"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-20687"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006719"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1202"
},
{
"db": "NVD",
"id": "CVE-2022-24421"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-20687"
},
{
"date": "2023-07-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-006719"
},
{
"date": "2022-03-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1202"
},
{
"date": "2022-03-11T22:15:13.923000",
"db": "NVD",
"id": "CVE-2022-24421"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-20687"
},
{
"date": "2023-07-07T08:27:00",
"db": "JVNDB",
"id": "JVNDB-2022-006719"
},
{
"date": "2023-07-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1202"
},
{
"date": "2024-11-21T06:50:23.510000",
"db": "NVD",
"id": "CVE-2022-24421"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1202"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer Error Vulnerability in Multiple Dell Products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-006719"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1202"
}
],
"trust": 0.6
}
}
var-202203-0927
Vulnerability from variot
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. Alienware 13 R3 firmware, Alienware 15 R3 firmware, Alienware 15 R4 Multiple Dell products, such as firmware, contain a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dell is a company that manufactures, designs, and sells home and office computers, as well as servers, data storage devices, networking equipment, and more
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-0927",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vostro 3267",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.20.0"
},
{
"model": "alienware m17 r3",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.14.0"
},
{
"model": "vostro 3660",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.20.0"
},
{
"model": "alienware 15 r4",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.17.0"
},
{
"model": "inspiron 3477",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.19.0"
},
{
"model": "alienware m15 r4",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.8.0"
},
{
"model": "vostro 3582",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.13.0"
},
{
"model": "alienware m15 r2",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.12.0"
},
{
"model": "alienware x15 r1",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.7.0"
},
{
"model": "embedded box pc 3000",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.13.0"
},
{
"model": "alienware x17 r1",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.7.0"
},
{
"model": "edge gateway 3000",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.7.0"
},
{
"model": "inspiron 3565",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.12.0"
},
{
"model": "vostro 14 5468",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.19.0"
},
{
"model": "edge gateway 5000",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.17.0"
},
{
"model": "inspiron 14 3473",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.14.0"
},
{
"model": "alienware 17 r4",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.16.1"
},
{
"model": "alienware area 51m r1",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.18.0"
},
{
"model": "embedded box pc 5000",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.14.0"
},
{
"model": "alienware m15 r3",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.14.0"
},
{
"model": "inspiron 3582",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.13.0"
},
{
"model": "alienware m17 r4",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.8.0"
},
{
"model": "inspiron 3482",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.13.0"
},
{
"model": "inspiron 15 3573",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.14.0"
},
{
"model": "wyse 7040 thin client",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.15.0"
},
{
"model": "alienware 15 r3",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.16.1"
},
{
"model": "latitude 3379",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.0.34"
},
{
"model": "vostro 3668",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.20.0"
},
{
"model": "inspiron 3465",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.12.0"
},
{
"model": "alienware area 51m r2",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.13.0"
},
{
"model": "xps 8930",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.1.21"
},
{
"model": "alienware 17 r5",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.17.0"
},
{
"model": "vostro 3667",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.20.0"
},
{
"model": "inspiron 3502",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.7.0"
},
{
"model": "vostro 15 5568",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.19.0"
},
{
"model": "alienware 13 r3",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.16.1"
},
{
"model": "alienware aurora r8",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.0.20"
},
{
"model": "vostro 3572",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.14.0"
},
{
"model": "vostro 3669",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.20.0"
},
{
"model": "inspiron 3782",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.13.0"
},
{
"model": "inspiron 3277",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.19.0"
},
{
"model": "alienware m17 r2",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.12.0"
},
{
"model": "vostro 3268",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.20.0"
},
{
"model": "inspiron 15 5566",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.18.0"
},
{
"model": "inspiron 3510",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.6.0"
},
{
"model": "edge gateway 5100",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.17.0"
},
{
"model": "alienware area 51m r1",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "alienware m15 r3",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "alienware 17 r4",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "alienware 17 r5",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "alienware aurora r8",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "alienware 15 r3",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "alienware 13 r3",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "alienware area 51m r2",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "alienware m15 r2",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "alienware 15 r4",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "bios",
"scope": null,
"trust": 0.6,
"vendor": "dell",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-20686"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006721"
},
{
"db": "NVD",
"id": "CVE-2022-24419"
}
]
},
"cve": "CVE-2022-24419",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-24419",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 2.5,
"id": "CNVD-2022-20686",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:M/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-24419",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security_alert@emc.com",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.5,
"id": "CVE-2022-24419",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-24419",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-24419",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2022-24419",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-24419",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2022-20686",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-1204",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-20686"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006721"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1204"
},
{
"db": "NVD",
"id": "CVE-2022-24419"
},
{
"db": "NVD",
"id": "CVE-2022-24419"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. Alienware 13 R3 firmware, Alienware 15 R3 firmware, Alienware 15 R4 Multiple Dell products, such as firmware, contain a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dell is a company that manufactures, designs, and sells home and office computers, as well as servers, data storage devices, networking equipment, and more",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-24419"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006721"
},
{
"db": "CNVD",
"id": "CNVD-2022-20686"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-24419",
"trust": 3.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006721",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-20686",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1204",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-20686"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006721"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1204"
},
{
"db": "NVD",
"id": "CVE-2022-24419"
}
]
},
"id": "VAR-202203-0927",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-20686"
}
],
"trust": 0.9840067366666666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-20686"
}
]
},
"last_update_date": "2024-11-23T23:10:56.556000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Dell BIOS Input Validation Vulnerability (CNVD-2022-20686)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/326601"
},
{
"title": "Dell BIOS Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=244003"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-20686"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1204"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.0
},
{
"problemtype": "Buffer error (CWE-119) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-006721"
},
{
"db": "NVD",
"id": "CVE-2022-24419"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.dell.com/support/kbdoc/en-us/000197057/dsa-2022-053"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24419"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-24419/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-20686"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006721"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1204"
},
{
"db": "NVD",
"id": "CVE-2022-24419"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-20686"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006721"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1204"
},
{
"db": "NVD",
"id": "CVE-2022-24419"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-20686"
},
{
"date": "2023-07-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-006721"
},
{
"date": "2022-03-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1204"
},
{
"date": "2022-03-11T22:15:13.137000",
"db": "NVD",
"id": "CVE-2022-24419"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-20686"
},
{
"date": "2023-07-07T08:27:00",
"db": "JVNDB",
"id": "JVNDB-2022-006721"
},
{
"date": "2023-07-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1204"
},
{
"date": "2024-11-21T06:50:23.180000",
"db": "NVD",
"id": "CVE-2022-24419"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1204"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer Error Vulnerability in Multiple Dell Products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-006721"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1204"
}
],
"trust": 0.6
}
}
var-201508-0601
Vulnerability from variot
The BIOS implementation on Dell Latitude, OptiPlex, Precision Mobile Workstation, and Precision Workstation Client Solutions (CS) devices with model-dependent firmware before A21 does not enforce a BIOS_CNTL locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging console access, a similar issue to CVE-2015-3692. Multiple BIOS implementations fail to properly set write protections after waking from sleep, leading to the possibility of an arbitrary BIOS image reflash. plural Dell Device firmware BIOS Implementation locks protection mechanism to wake from sleep BIOS_CNTL Is not processed, EFI There is a vulnerability that allows a flash attack to be executed. This vulnerability CVE-2015-3692 It is a similar problem. Supplementary information : CWE Vulnerability type by CWE-17: Code ( code ) Has been identified. http://cwe.mitre.org/data/definitions/17.htmlBy using the access right to the console by a local user, EFI A flash attack may be performed. Dell Latitude and others are products of Dell. There are security vulnerabilities in the BIOS implementation of several Dell devices. The BIOS_CNTL lock protection mechanism was not enforced when the program resumed from sleep mode
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0601",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bios",
"scope": "eq",
"trust": 1.6,
"vendor": "dell",
"version": "a13"
},
{
"model": "bios",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "a15"
},
{
"model": "bios",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "a11"
},
{
"model": "bios",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "a12"
},
{
"model": "bios",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "a20"
},
{
"model": "bios",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "a17"
},
{
"model": "bios",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "a14"
},
{
"model": "bios",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "a18"
},
{
"model": "bios",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "a10"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "american megatrends incorporated ami",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "dell computer",
"version": null
},
{
"model": "bios",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "a21"
},
{
"model": "latitude e4310",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "(bios a14 )"
},
{
"model": "latitude e5410",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "(bios a16 )"
},
{
"model": "latitude e5420",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "(bios a14 )"
},
{
"model": "latitude e5510",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "(bios a16 )"
},
{
"model": "latitude e5520",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "(bios a14 )"
},
{
"model": "latitude e6220",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "(bios a13 )"
},
{
"model": "latitude e6320",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "(bios a19 )"
},
{
"model": "latitude e6410 atg",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "(bios a16 )"
},
{
"model": "latitude e6420 atg",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "(bios a21 )"
},
{
"model": "latitude e6420 xfr",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "(bios a21 )"
},
{
"model": "latitude e6510",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "(bios a16 )"
},
{
"model": "latitude e6520",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "(bios a19 )"
},
{
"model": "latitude xt3",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "(bios a13 )"
},
{
"model": "optiplex 390",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "(bios a11 )"
},
{
"model": "optiplex 790",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "(bios a18 )"
},
{
"model": "optiplex 990",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "(bios a18 )"
},
{
"model": "precision mobile workstation m4500",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "(bios a15 )"
},
{
"model": "precision mobile workstation m4600",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "(bios a16 )"
},
{
"model": "precision mobile workstation m6600",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "(bios a15 )"
},
{
"model": "precision workstation t1600",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "(bios a16 )"
},
{
"model": "precision workstation t3600",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "(bios a12 )"
},
{
"model": "precision workstation t5600",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "(bios a12 )"
},
{
"model": "precision workstation t5600 xl",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "(bios a12 )"
},
{
"model": "precision workstation t7600",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "(bios a10 )"
},
{
"model": "latitude",
"scope": null,
"trust": 0.6,
"vendor": "dell",
"version": null
},
{
"model": "optiplex",
"scope": null,
"trust": 0.6,
"vendor": "dell",
"version": null
},
{
"model": "precision mobile workstation",
"scope": null,
"trust": 0.6,
"vendor": "dell",
"version": null
},
{
"model": "precision workstation cs",
"scope": null,
"trust": 0.6,
"vendor": "dell",
"version": null
},
{
"model": "bios",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "a11"
},
{
"model": "bios",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "a18"
},
{
"model": "bios",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "a15"
},
{
"model": "bios",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "a10"
},
{
"model": "bios",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "a17"
},
{
"model": "bios",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "a20"
},
{
"model": "bios",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "a14"
},
{
"model": "bios",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "a12"
},
{
"model": "precision workstation t7600 a10",
"scope": null,
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "precision workstation t5600 xl a12",
"scope": null,
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "precision workstation t5600 a12",
"scope": null,
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "precision workstation t3600 a12",
"scope": null,
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "precision workstation t1600 a16",
"scope": null,
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "precision mobile workstation m6600 a15",
"scope": null,
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "precision mobile workstation m4600 a16",
"scope": null,
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "precision mobile workstation m4500 a15",
"scope": null,
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "optiplex a18",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "990"
},
{
"model": "optiplex a18",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "790"
},
{
"model": "optiplex a11",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "390"
},
{
"model": "latitude xt3 a13",
"scope": null,
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "latitude e6520 a19",
"scope": null,
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "latitude e6510 a16",
"scope": null,
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "latitude e6420 xfr a21",
"scope": null,
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "latitude e6420 a21",
"scope": null,
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "latitude e6410 a16",
"scope": null,
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "latitude e6320 a19",
"scope": null,
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "latitude e6220 a13",
"scope": null,
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "latitude e5520 a14",
"scope": null,
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "latitude e5510 a16",
"scope": null,
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "latitude e5420 a14",
"scope": null,
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "latitude e5410 a16",
"scope": null,
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "latitude e4310 a14",
"scope": null,
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "latitude atg a21",
"scope": null,
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "latitude atg a16",
"scope": null,
"trust": 0.3,
"vendor": "dell",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#577140"
},
{
"db": "CNVD",
"id": "CNVD-2015-05153"
},
{
"db": "BID",
"id": "76128"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003973"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-844"
},
{
"db": "NVD",
"id": "CVE-2015-2890"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:dell:bios",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:latitude_e4310",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:latitude_e5410",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:latitude_e5420",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:latitude_e5510",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:latitude_e5520",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:latitude_e6220",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:latitude_e6320",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:latitude_e6410_atg",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:latitude_e6420_atg",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:latitude_e6420_xfr",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:latitude_e6510",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:latitude_e6520",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:latitude_xt3",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:optiplex_390",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:optiplex_790",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:optiplex_990",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:precision_mobile_workstation_m4500",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:precision_mobile_workstation_m4600",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:precision_mobile_workstation_m6600",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:precision_workstation_t1600",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:precision_workstation_t3600",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:precision_workstation_t5600",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:precision_workstation_t5600_xl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:precision_workstation_t7600",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003973"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sam Cornwell, John Butterworth, Xeno Kovah, and Corey Kallenberg",
"sources": [
{
"db": "BID",
"id": "76128"
}
],
"trust": 0.3
},
"cve": "CVE-2015-2890",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2015-2890",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.1,
"id": "CNVD-2015-05153",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-80851",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 0.8,
"id": "CVE-2015-2890",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-2890",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-2890",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05153",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201507-844",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-80851",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05153"
},
{
"db": "VULHUB",
"id": "VHN-80851"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003973"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-844"
},
{
"db": "NVD",
"id": "CVE-2015-2890"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The BIOS implementation on Dell Latitude, OptiPlex, Precision Mobile Workstation, and Precision Workstation Client Solutions (CS) devices with model-dependent firmware before A21 does not enforce a BIOS_CNTL locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging console access, a similar issue to CVE-2015-3692. Multiple BIOS implementations fail to properly set write protections after waking from sleep, leading to the possibility of an arbitrary BIOS image reflash. plural Dell Device firmware BIOS Implementation locks protection mechanism to wake from sleep BIOS_CNTL Is not processed, EFI There is a vulnerability that allows a flash attack to be executed. This vulnerability CVE-2015-3692 It is a similar problem. Supplementary information : CWE Vulnerability type by CWE-17: Code ( code ) Has been identified. http://cwe.mitre.org/data/definitions/17.htmlBy using the access right to the console by a local user, EFI A flash attack may be performed. Dell Latitude and others are products of Dell. There are security vulnerabilities in the BIOS implementation of several Dell devices. The BIOS_CNTL lock protection mechanism was not enforced when the program resumed from sleep mode",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2890"
},
{
"db": "CERT/CC",
"id": "VU#577140"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003973"
},
{
"db": "CNVD",
"id": "CNVD-2015-05153"
},
{
"db": "BID",
"id": "76128"
},
{
"db": "VULHUB",
"id": "VHN-80851"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#577140",
"trust": 4.2
},
{
"db": "NVD",
"id": "CVE-2015-2890",
"trust": 3.4
},
{
"db": "BID",
"id": "76128",
"trust": 1.0
},
{
"db": "JVN",
"id": "JVNVU99464019",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003973",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201507-844",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-05153",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-80851",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#577140"
},
{
"db": "CNVD",
"id": "CNVD-2015-05153"
},
{
"db": "VULHUB",
"id": "VHN-80851"
},
{
"db": "BID",
"id": "76128"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003973"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-844"
},
{
"db": "NVD",
"id": "CVE-2015-2890"
}
]
},
"id": "VAR-201508-0601",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05153"
},
{
"db": "VULHUB",
"id": "VHN-80851"
}
],
"trust": 1.589610392
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05153"
}
]
},
"last_update_date": "2024-11-23T21:59:29.541000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.dell.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003973"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
},
{
"problemtype": "CWE-17",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80851"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003973"
},
{
"db": "NVD",
"id": "CVE-2015-2890"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.kb.cert.org/vuls/id/577140"
},
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/bluu-9xxq9l"
},
{
"trust": 0.8,
"url": "https://reverse.put.as/2015/05/29/the-empire-strikes-back-apple-how-your-mac-firmware-security-is-completely-broken/"
},
{
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht204934"
},
{
"trust": 0.8,
"url": "http://support.dell.com/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2890"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99464019"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2890"
},
{
"trust": 0.3,
"url": "http://dell.com"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#577140"
},
{
"db": "CNVD",
"id": "CNVD-2015-05153"
},
{
"db": "VULHUB",
"id": "VHN-80851"
},
{
"db": "BID",
"id": "76128"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003973"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-844"
},
{
"db": "NVD",
"id": "CVE-2015-2890"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#577140"
},
{
"db": "CNVD",
"id": "CNVD-2015-05153"
},
{
"db": "VULHUB",
"id": "VHN-80851"
},
{
"db": "BID",
"id": "76128"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003973"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-844"
},
{
"db": "NVD",
"id": "CVE-2015-2890"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-30T00:00:00",
"db": "CERT/CC",
"id": "VU#577140"
},
{
"date": "2015-08-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05153"
},
{
"date": "2015-08-01T00:00:00",
"db": "VULHUB",
"id": "VHN-80851"
},
{
"date": "2015-07-30T00:00:00",
"db": "BID",
"id": "76128"
},
{
"date": "2015-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003973"
},
{
"date": "2015-07-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-844"
},
{
"date": "2015-08-01T01:59:13.943000",
"db": "NVD",
"id": "CVE-2015-2890"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-12T00:00:00",
"db": "CERT/CC",
"id": "VU#577140"
},
{
"date": "2015-08-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05153"
},
{
"date": "2019-09-27T00:00:00",
"db": "VULHUB",
"id": "VHN-80851"
},
{
"date": "2015-07-30T00:00:00",
"db": "BID",
"id": "76128"
},
{
"date": "2015-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003973"
},
{
"date": "2019-09-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-844"
},
{
"date": "2024-11-21T02:28:16.517000",
"db": "NVD",
"id": "CVE-2015-2890"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "76128"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-844"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "BIOS implementations fail to properly set UEFI write protections after waking from sleep mode",
"sources": [
{
"db": "CERT/CC",
"id": "VU#577140"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "76128"
}
],
"trust": 0.3
}
}
var-201308-0205
Vulnerability from variot
Buffer overflow in Dell BIOS on Dell Latitude D###, E####, XT2, and Z600 devices, and Dell Precision M#### devices, allows local users to bypass intended BIOS signing requirements and install arbitrary BIOS images by leveraging administrative privileges and providing a crafted rbu_packet.pktNum value in conjunction with a crafted rbu_packet.pktSize value. Dell Multiple offers Latitude Laptop and Precision Mobile Workstation of BIOS A buffer overflow vulnerability exists in the update process. Dell Multiple offers Latitude Laptop and Precision Mobile Workstation Then BIOS In the update process, the update is performed after verifying the signature of the update image. This update process includes rbu_packet.pktNum and rbu_packet.pktSize A buffer overflow vulnerability exists due to the value of. By using this vulnerability, signature verification was avoided and crafted BIOS It becomes possible to update to.By having a specially crafted updater run, rootkit Or malicious code BIOS May be written. Attackers may leverage these issues to execute arbitrary code in the context of the affected application. Failed attacks will cause denial-of-service conditions. Dell Latitude and Precision are a series of notebook computer products released by Dell in the United States. BIOS (Basic Input-Output System) is a set of programs solidified on the ROM chip on the computer motherboard. It stores the most important basic input and output programs of the computer, system setting information, and self-test programs after startup. and system self-starter
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201308-0205",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "latitude d631",
"scope": "eq",
"trust": 1.6,
"vendor": "dell",
"version": null
},
{
"model": "latitude e5400",
"scope": "eq",
"trust": 1.6,
"vendor": "dell",
"version": null
},
{
"model": "latitude xt2",
"scope": "eq",
"trust": 1.6,
"vendor": "dell",
"version": null
},
{
"model": "precision m2300",
"scope": "eq",
"trust": 1.6,
"vendor": "dell",
"version": null
},
{
"model": "latitude d530",
"scope": "eq",
"trust": 1.6,
"vendor": "dell",
"version": null
},
{
"model": "precision m6500",
"scope": "eq",
"trust": 1.6,
"vendor": "dell",
"version": null
},
{
"model": "latitude z600",
"scope": "eq",
"trust": 1.6,
"vendor": "dell",
"version": null
},
{
"model": "latitude d531",
"scope": "eq",
"trust": 1.6,
"vendor": "dell",
"version": null
},
{
"model": "precision m6400",
"scope": "eq",
"trust": 1.6,
"vendor": "dell",
"version": null
},
{
"model": "latitude d630",
"scope": "eq",
"trust": 1.6,
"vendor": "dell",
"version": null
},
{
"model": "precision m6500",
"scope": null,
"trust": 1.1,
"vendor": "dell",
"version": null
},
{
"model": "precision m6400",
"scope": null,
"trust": 1.1,
"vendor": "dell",
"version": null
},
{
"model": "precision m6300",
"scope": null,
"trust": 1.1,
"vendor": "dell",
"version": null
},
{
"model": "precision m4400",
"scope": null,
"trust": 1.1,
"vendor": "dell",
"version": null
},
{
"model": "precision m4300",
"scope": null,
"trust": 1.1,
"vendor": "dell",
"version": null
},
{
"model": "precision m2400",
"scope": null,
"trust": 1.1,
"vendor": "dell",
"version": null
},
{
"model": "precision m2300",
"scope": null,
"trust": 1.1,
"vendor": "dell",
"version": null
},
{
"model": "latitude z600",
"scope": null,
"trust": 1.1,
"vendor": "dell",
"version": null
},
{
"model": "latitude e6500",
"scope": null,
"trust": 1.1,
"vendor": "dell",
"version": null
},
{
"model": "latitude e6400 atg",
"scope": null,
"trust": 1.1,
"vendor": "dell",
"version": null
},
{
"model": "latitude e6400",
"scope": null,
"trust": 1.1,
"vendor": "dell",
"version": null
},
{
"model": "latitude e5500",
"scope": null,
"trust": 1.1,
"vendor": "dell",
"version": null
},
{
"model": "latitude e5400",
"scope": null,
"trust": 1.1,
"vendor": "dell",
"version": null
},
{
"model": "latitude e4300",
"scope": null,
"trust": 1.1,
"vendor": "dell",
"version": null
},
{
"model": "latitude e4200",
"scope": null,
"trust": 1.1,
"vendor": "dell",
"version": null
},
{
"model": "latitude d830",
"scope": null,
"trust": 1.1,
"vendor": "dell",
"version": null
},
{
"model": "latitude d631",
"scope": null,
"trust": 1.1,
"vendor": "dell",
"version": null
},
{
"model": "latitude d630",
"scope": null,
"trust": 1.1,
"vendor": "dell",
"version": null
},
{
"model": "latitude d531",
"scope": null,
"trust": 1.1,
"vendor": "dell",
"version": null
},
{
"model": "latitude d530",
"scope": null,
"trust": 1.1,
"vendor": "dell",
"version": null
},
{
"model": "latitude d830",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": null
},
{
"model": "precision m6300",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": null
},
{
"model": "latitude e6400",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": null
},
{
"model": "precision m4300",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": null
},
{
"model": "latitude e6500",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": null
},
{
"model": "latitude e5500",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": null
},
{
"model": "precision m2400",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": null
},
{
"model": "latitude e4300",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": null
},
{
"model": "latitude e6400 atg xfr",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": null
},
{
"model": "latitude e4200",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": null
},
{
"model": "latitude e6400 atg",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": null
},
{
"model": "precision m4400",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "dell computer",
"version": null
},
{
"model": "latitude e6400 / atg / xfr",
"scope": null,
"trust": 0.8,
"vendor": "dell",
"version": null
},
{
"model": "latitude xt2",
"scope": null,
"trust": 0.8,
"vendor": "dell",
"version": null
},
{
"model": "latitude e6400 xfr",
"scope": null,
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "bios",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#912156"
},
{
"db": "BID",
"id": "61792"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003762"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-267"
},
{
"db": "NVD",
"id": "CVE-2013-3582"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:dell:latitude_d530",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:latitude_d531",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:latitude_d630",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:latitude_d631",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:latitude_d830",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:latitude_e4200",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:latitude_e4300",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:latitude_e5400",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:latitude_e5500",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:latitude_e6400",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:latitude_e6400_atg_xfr",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:latitude_e6400_atg",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:latitude_e6500",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:latitude_xt2",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:latitude_z600",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:precision_m2300",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:precision_m2400",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:precision_m4300",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:precision_m4400",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:precision_m6300",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:precision_m6400",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dell:precision_m6500",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003762"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Corey Kallenberg, John Butterworth, Xeno Kovah of the MITRE Corporation and Rick Martinez from Dell.",
"sources": [
{
"db": "BID",
"id": "61792"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-267"
}
],
"trust": 0.9
},
"cve": "CVE-2013-3582",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CVE-2013-3582",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 6.2,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 3.7,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 1.9,
"id": "CVE-2013-3582",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "OFFICIAL FIX",
"reportConfidence": "CONFIRMED",
"severity": "MEDIUM",
"targetDistribution": "MEDIUM",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "VHN-63584",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-3582",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-3582",
"trust": 0.8,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-3582",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201308-267",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-63584",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#912156"
},
{
"db": "VULHUB",
"id": "VHN-63584"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003762"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-267"
},
{
"db": "NVD",
"id": "CVE-2013-3582"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in Dell BIOS on Dell Latitude D###, E####, XT2, and Z600 devices, and Dell Precision M#### devices, allows local users to bypass intended BIOS signing requirements and install arbitrary BIOS images by leveraging administrative privileges and providing a crafted rbu_packet.pktNum value in conjunction with a crafted rbu_packet.pktSize value. Dell Multiple offers Latitude Laptop and Precision Mobile Workstation of BIOS A buffer overflow vulnerability exists in the update process. Dell Multiple offers Latitude Laptop and Precision Mobile Workstation Then BIOS In the update process, the update is performed after verifying the signature of the update image. This update process includes rbu_packet.pktNum and rbu_packet.pktSize A buffer overflow vulnerability exists due to the value of. By using this vulnerability, signature verification was avoided and crafted BIOS It becomes possible to update to.By having a specially crafted updater run, rootkit Or malicious code BIOS May be written. \nAttackers may leverage these issues to execute arbitrary code in the context of the affected application. Failed attacks will cause denial-of-service conditions. Dell Latitude and Precision are a series of notebook computer products released by Dell in the United States. BIOS (Basic Input-Output System) is a set of programs solidified on the ROM chip on the computer motherboard. It stores the most important basic input and output programs of the computer, system setting information, and self-test programs after startup. and system self-starter",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3582"
},
{
"db": "CERT/CC",
"id": "VU#912156"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003762"
},
{
"db": "BID",
"id": "61792"
},
{
"db": "VULHUB",
"id": "VHN-63584"
}
],
"trust": 2.7
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.kb.cert.org/vuls/id/912156",
"trust": 0.8,
"type": "poc"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#912156"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#912156",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2013-3582",
"trust": 2.8
},
{
"db": "BID",
"id": "61792",
"trust": 1.0
},
{
"db": "JVN",
"id": "JVNVU95005184",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003762",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201308-267",
"trust": 0.7
},
{
"db": "CERT/CC",
"id": "HTTP://WWW.KB.CERT.ORG/VULS/ID/BLUU-99HSLA",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-63584",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#912156"
},
{
"db": "VULHUB",
"id": "VHN-63584"
},
{
"db": "BID",
"id": "61792"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003762"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-267"
},
{
"db": "NVD",
"id": "CVE-2013-3582"
}
]
},
"id": "VAR-201308-0205",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-63584"
}
],
"trust": 0.54805196
},
"last_update_date": "2024-11-23T22:59:47.044000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dell Support - Official Site:",
"trust": 0.8,
"url": "http://www.dell.com/support/home/us/en/19?c=us\u0026l=en\u0026s=dhs"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003762"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 2.7
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#912156"
},
{
"db": "VULHUB",
"id": "VHN-63584"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003762"
},
{
"db": "NVD",
"id": "CVE-2013-3582"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://www.blackhat.com/us-13/archives.html#butterworth"
},
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/912156"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/bluu-99hsla"
},
{
"trust": 1.9,
"url": "http://www.mitre.org/work/cybersecurity/blog/cyber_tools_butterworth.html"
},
{
"trust": 1.7,
"url": "https://media.blackhat.com/us-13/us-13-butterworth-bios-security-slides.pdf"
},
{
"trust": 1.7,
"url": "https://media.blackhat.com/us-13/us-13-butterworth-bios-security-wp.pdf"
},
{
"trust": 1.6,
"url": "http://support.dell.com/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3582"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu95005184/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3582"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/61792"
},
{
"trust": 0.3,
"url": "http://dell.com"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#912156"
},
{
"db": "VULHUB",
"id": "VHN-63584"
},
{
"db": "BID",
"id": "61792"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003762"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-267"
},
{
"db": "NVD",
"id": "CVE-2013-3582"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#912156"
},
{
"db": "VULHUB",
"id": "VHN-63584"
},
{
"db": "BID",
"id": "61792"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003762"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-267"
},
{
"db": "NVD",
"id": "CVE-2013-3582"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-08-15T00:00:00",
"db": "CERT/CC",
"id": "VU#912156"
},
{
"date": "2013-08-28T00:00:00",
"db": "VULHUB",
"id": "VHN-63584"
},
{
"date": "2013-08-15T00:00:00",
"db": "BID",
"id": "61792"
},
{
"date": "2013-08-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003762"
},
{
"date": "2013-08-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-267"
},
{
"date": "2013-08-28T13:13:58.223000",
"db": "NVD",
"id": "CVE-2013-3582"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-08-22T00:00:00",
"db": "CERT/CC",
"id": "VU#912156"
},
{
"date": "2013-10-07T00:00:00",
"db": "VULHUB",
"id": "VHN-63584"
},
{
"date": "2013-08-15T00:00:00",
"db": "BID",
"id": "61792"
},
{
"date": "2013-08-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003762"
},
{
"date": "2013-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-267"
},
{
"date": "2024-11-21T01:53:55.670000",
"db": "NVD",
"id": "CVE-2013-3582"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201308-267"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell BIOS in some Latitude laptops and Precision Mobile Workstations vulnerable to buffer overflow",
"sources": [
{
"db": "CERT/CC",
"id": "VU#912156"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201308-267"
}
],
"trust": 0.6
}
}
var-202210-0667
Vulnerability from variot
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-0667",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bios",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "2.25.0"
},
{
"model": "bios",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "2.21.0"
},
{
"model": "bios",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": "2.21.0"
},
{
"model": "bios",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "bios",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": "2.25.0"
},
{
"model": "bios",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018707"
},
{
"db": "NVD",
"id": "CVE-2022-32486"
}
]
},
"cve": "CVE-2022-32486",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.0,
"id": "CVE-2022-32486",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "security_alert@emc.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"id": "CVE-2022-32486",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-32486",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-32486",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2022-32486",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-32486",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-533",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018707"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-533"
},
{
"db": "NVD",
"id": "CVE-2022-32486"
},
{
"db": "NVD",
"id": "CVE-2022-32486"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-32486"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018707"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-32486",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018707",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-533",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018707"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-533"
},
{
"db": "NVD",
"id": "CVE-2022-32486"
}
]
},
"id": "VAR-202210-0667",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.44805196
},
"last_update_date": "2024-08-14T14:24:29.510000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dell BIOS Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=210805"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-533"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "Inappropriate input confirmation (CWE-20) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018707"
},
{
"db": "NVD",
"id": "CVE-2022-32486"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.dell.com/support/kbdoc/000202772"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32486"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-32486/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018707"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-533"
},
{
"db": "NVD",
"id": "CVE-2022-32486"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018707"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-533"
},
{
"db": "NVD",
"id": "CVE-2022-32486"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-018707"
},
{
"date": "2022-10-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-533"
},
{
"date": "2022-10-11T17:15:10.697000",
"db": "NVD",
"id": "CVE-2022-32486"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-23T02:30:00",
"db": "JVNDB",
"id": "JVNDB-2022-018707"
},
{
"date": "2022-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-533"
},
{
"date": "2022-10-14T03:25:19.490000",
"db": "NVD",
"id": "CVE-2022-32486"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-533"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell\u0027s \u00a0BIOS\u00a0 Input verification vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018707"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-533"
}
],
"trust": 0.6
}
}
var-202210-0502
Vulnerability from variot
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-0502",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bios",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "2.25.0"
},
{
"model": "bios",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "2.21.0"
},
{
"model": "bios",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": "2.21.0"
},
{
"model": "bios",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "bios",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": "2.25.0"
},
{
"model": "bios",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018706"
},
{
"db": "NVD",
"id": "CVE-2022-32492"
}
]
},
"cve": "CVE-2022-32492",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.0,
"id": "CVE-2022-32492",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "security_alert@emc.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"id": "CVE-2022-32492",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-32492",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-32492",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2022-32492",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-32492",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-535",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018706"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-535"
},
{
"db": "NVD",
"id": "CVE-2022-32492"
},
{
"db": "NVD",
"id": "CVE-2022-32492"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-32492"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018706"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-32492",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018706",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202210-535",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018706"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-535"
},
{
"db": "NVD",
"id": "CVE-2022-32492"
}
]
},
"id": "VAR-202210-0502",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.44805196
},
"last_update_date": "2024-08-14T14:37:16.831000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dell BIOS Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=210806"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-535"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "Inappropriate input confirmation (CWE-20) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018706"
},
{
"db": "NVD",
"id": "CVE-2022-32492"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.dell.com/support/kbdoc/000202772"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32492"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-32492/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018706"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-535"
},
{
"db": "NVD",
"id": "CVE-2022-32492"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018706"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-535"
},
{
"db": "NVD",
"id": "CVE-2022-32492"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-018706"
},
{
"date": "2022-10-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-535"
},
{
"date": "2022-10-11T17:15:10.790000",
"db": "NVD",
"id": "CVE-2022-32492"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-23T02:29:00",
"db": "JVNDB",
"id": "JVNDB-2022-018706"
},
{
"date": "2022-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-535"
},
{
"date": "2022-10-14T03:25:33.837000",
"db": "NVD",
"id": "CVE-2022-32492"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-535"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell\u0027s \u00a0BIOS\u00a0 Input verification vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018706"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-535"
}
],
"trust": 0.6
}
}
cve-2015-2890
Vulnerability from cvelistv5
Published
2015-08-01 01:00
Modified
2024-08-06 05:32
Severity ?
EPSS score ?
Summary
The BIOS implementation on Dell Latitude, OptiPlex, Precision Mobile Workstation, and Precision Workstation Client Solutions (CS) devices with model-dependent firmware before A21 does not enforce a BIOS_CNTL locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging console access, a similar issue to CVE-2015-3692.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/577140 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.kb.cert.org/vuls/id/BLUU-9XXQ9L | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:32:20.350Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#577140",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/577140"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/BLUU-9XXQ9L"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The BIOS implementation on Dell Latitude, OptiPlex, Precision Mobile Workstation, and Precision Workstation Client Solutions (CS) devices with model-dependent firmware before A21 does not enforce a BIOS_CNTL locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging console access, a similar issue to CVE-2015-3692."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-08-01T01:57:02",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#577140",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/577140"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kb.cert.org/vuls/id/BLUU-9XXQ9L"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-2890",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The BIOS implementation on Dell Latitude, OptiPlex, Precision Mobile Workstation, and Precision Workstation Client Solutions (CS) devices with model-dependent firmware before A21 does not enforce a BIOS_CNTL locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging console access, a similar issue to CVE-2015-3692."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#577140",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/577140"
},
{
"name": "http://www.kb.cert.org/vuls/id/BLUU-9XXQ9L",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/BLUU-9XXQ9L"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-2890",
"datePublished": "2015-08-01T01:00:00",
"dateReserved": "2015-04-03T00:00:00",
"dateUpdated": "2024-08-06T05:32:20.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-32486
Vulnerability from cvelistv5
Published
2022-10-11 16:40
Modified
2024-09-16 20:16
Severity ?
EPSS score ?
Summary
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:39:51.065Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/000202772"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.25.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-11T00:00:00",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"url": "https://www.dell.com/support/kbdoc/000202772"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2022-32486",
"datePublished": "2022-10-11T16:40:16.340439Z",
"dateReserved": "2022-06-06T00:00:00",
"dateUpdated": "2024-09-16T20:16:41.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-34393
Vulnerability from cvelistv5
Published
2023-01-18 05:19
Modified
2024-08-03 09:07
Severity ?
EPSS score ?
Summary
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.dell.com/support/kbdoc/000204686 | vendor-advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:07:16.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/000204686"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIOS",
"vendor": "Dell",
"versions": [
{
"lessThanOrEqual": "2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-10-27T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.\u003c/div\u003e\u003c/div\u003e\n\n"
}
],
"value": "\nDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.\n\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-18T05:20:55.782Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/000204686"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2022-34393",
"datePublished": "2023-01-18T05:19:24.647Z",
"dateReserved": "2022-06-23T18:55:17.093Z",
"dateUpdated": "2024-08-03T09:07:16.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-32492
Vulnerability from cvelistv5
Published
2022-10-11 16:40
Modified
2024-09-16 19:24
Severity ?
EPSS score ?
Summary
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:46:43.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/000202772"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.21.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-09-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-11T00:00:00",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"url": "https://www.dell.com/support/kbdoc/000202772"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2022-32492",
"datePublished": "2022-10-11T16:40:17.390587Z",
"dateReserved": "2022-06-06T00:00:00",
"dateUpdated": "2024-09-16T19:24:50.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-34460
Vulnerability from cvelistv5
Published
2023-01-18 05:25
Modified
2024-08-03 09:15
Severity ?
EPSS score ?
Summary
Prior Dell BIOS versions contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.dell.com/support/kbdoc/000204686 | vendor-advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:15:15.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/000204686"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIOS",
"vendor": "Dell",
"versions": [
{
"lessThanOrEqual": "2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-10-27T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003ePrior Dell BIOS versions contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.\u003c/div\u003e\u003c/div\u003e\n\n"
}
],
"value": "\nPrior Dell BIOS versions contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.\n\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-18T05:25:10.657Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/000204686"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2022-34460",
"datePublished": "2023-01-18T05:25:10.657Z",
"dateReserved": "2022-06-23T18:55:17.137Z",
"dateUpdated": "2024-08-03T09:15:15.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-32490
Vulnerability from cvelistv5
Published
2023-01-18 05:59
Modified
2024-08-03 07:39
Severity ?
EPSS score ?
Summary
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:39:51.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/000204685"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIOS",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "1.8"
}
]
}
],
"datePublic": "2022-11-02T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cdiv\u003e\u003cdiv\u003eDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.\u003c/div\u003e\u003c/div\u003e\n\n"
}
],
"value": "\nDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.\n\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-18T05:59:52.888Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"url": "https://www.dell.com/support/kbdoc/000204685"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2022-32490",
"datePublished": "2023-01-18T05:59:52.888Z",
"dateReserved": "2022-06-06T17:44:58.338Z",
"dateUpdated": "2024-08-03T07:39:51.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}