All the vulnerabilites related to dell - inspiron_5675_firmware
Vulnerability from fkie_nvd
Published
2021-01-08 19:15
Modified
2024-11-21 05:19
Severity ?
6.8 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Dell Inspiron 5675 BIOS versions prior to 1.4.1 contain a UEFI BIOS RuntimeServices overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the RuntimeServices structure to execute arbitrary code in System Management Mode (SMM).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | inspiron_5675_firmware | * | |
| dell | inspiron_5675 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:inspiron_5675_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94F0E368-ED94-4604-90D9-A7723D935EE9",
"versionEndExcluding": "1.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:inspiron_5675:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD70CCA8-6267-4C6D-94FC-03CBE34B2508",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell Inspiron 5675 BIOS versions prior to 1.4.1 contain a UEFI BIOS RuntimeServices overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the RuntimeServices structure to execute arbitrary code in System Management Mode (SMM)."
},
{
"lang": "es",
"value": "Dell Inspiron 5675 BIOS versiones anteriores a 1.4.1, contienen una vulnerabilidad de sobrescritura de UEFI BIOS RuntimeServices.\u0026#xa0;Un atacante local con acceso a una memoria del sistema puede explotar esta vulnerabilidad al sobrescribir la estructura de RuntimeServices para ejecutar c\u00f3digo arbitrario en System Management Mode (SMM)"
}
],
"id": "CVE-2020-26186",
"lastModified": "2024-11-21T05:19:29.030",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-08T19:15:14.320",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000180645/dsa-2020-247-dell-client-platform-security-update-for-uefi-bios-runtimeservices-overwrite-vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000180645/dsa-2020-247-dell-client-platform-security-update-for-uefi-bios-runtimeservices-overwrite-vulnerability"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-642"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-26 16:15
Modified
2024-11-21 06:50
Severity ?
7.5 (High) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:dell_g5_5505_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD50BEC6-2116-48A4-B058-F3DF4370828E",
"versionEndExcluding": "1.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:dell_g5_5505:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B45D2E5A-2977-461A-B6A5-72FA4B7213C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:inspiron_22-3275_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B07E995-E47B-4A4D-91CC-AEF14887DC2E",
"versionEndExcluding": "1.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:inspiron_22-3275:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7338D5C2-45BA-4BC7-9742-3452FF58379E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:inspiron_24-3475_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2A9062-94CC-4B3A-8A0E-D7E8346966E8",
"versionEndExcluding": "1.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:inspiron_24-3475:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D868D5-1125-4F3C-A60E-5F2A6744FE08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:inspiron_27_7775_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB93B59A-403C-44DD-9102-984E4FE10E44",
"versionEndExcluding": "2.15.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:inspiron_27_7775:-:*:*:*:*:*:*:*",
"matchCriteriaId": "773EB218-753B-44D8-92F2-F902E2BF7933",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:inspiron_3180_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86A5FD1A-B537-4FEF-B0D6-BC6A658A8B8D",
"versionEndExcluding": "1.4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:inspiron_3180:-:*:*:*:*:*:*:*",
"matchCriteriaId": "033EB741-AC21-472C-AE91-D58CAD9B7354",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:inspiron_3185_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51586736-F6E0-4BF5-948C-252CBA506A0D",
"versionEndExcluding": "1.4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:inspiron_3185:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B547563E-6AB1-40DD-AA96-9B4D12CAED05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:inspiron_3195_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9AD04459-B6A3-4C8C-99FD-90C92839C4A8",
"versionEndExcluding": "1.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:inspiron_3195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F60A87A1-BF28-4426-92C8-F16B5B311496",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:inspiron_3505_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D86E59E6-E309-4811-B0F8-7DDD3E39ED93",
"versionEndExcluding": "1.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:inspiron_3505:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3137C79A-EE16-4B4E-95D8-6CF1E1E9A4CD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:inspiron_3515_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "937ABBDA-4951-40D6-A954-16684C92AC03",
"versionEndExcluding": "1.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:inspiron_3515:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC360757-EECE-40F5-8BA9-098F8F121C3B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:inspiron_3585_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5959EF8-8489-4359-B6ED-2BD70872DC3B",
"versionEndExcluding": "1.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:inspiron_3585:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52CE5DAC-381B-4B20-AD92-C427B0ECB4BD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:inspiron_3595_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03080BE4-33E3-46E8-9E41-98BCCBBEC71D",
"versionEndExcluding": "1.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:inspiron_3595:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3F07F9-AAC0-4537-87A3-549595DF9669",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:inspiron_3785_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D639C63E-A4AF-4DC9-AF87-919CF14EC504",
"versionEndExcluding": "1.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:inspiron_3785:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0609B2B8-704B-4804-BE0B-FDE177FDBA83",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:inspiron_5405_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "322292AB-8578-4CF8-8429-F0E38C003942",
"versionEndExcluding": "1.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:inspiron_5405:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2ED5439F-1A3C-4F5F-98C7-B2C471919477",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:inspiron_5415_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79168AE1-1C4B-4FF4-BAD3-B52F6A21F4AE",
"versionEndExcluding": "1.7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:inspiron_5415:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1563D5D8-CD81-4EE5-AE6F-6939C353377B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:inspiron_5485_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FAA98052-FA8D-41A7-A3EA-2A5C78AB4911",
"versionEndExcluding": "2.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:inspiron_5485:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D51C6DC-9838-411B-8D68-3AFE3C816CAC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:inspiron_5505_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66FBF0BA-8393-40A0-AB64-92BD5A628F4E",
"versionEndExcluding": "1.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:inspiron_5505:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84379684-0B62-44BB-A53E-04C95CA09ED5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:inspiron_5515_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9039DEC8-BEB3-4422-8FE5-E27F23721144",
"versionEndExcluding": "1.7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:inspiron_5515:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F05114EB-E200-4F8B-8D18-41AC80540F29",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:inspiron_5575_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FCEB5A0-0B36-43E6-AF4D-013DE8C5BF9D",
"versionEndExcluding": "1.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:inspiron_5575:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14F80F87-DDE1-456E-A35E-1408F0E8309B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:inspiron_5585_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DBD72E0-FDDC-4105-980E-E8190A26B190",
"versionEndExcluding": "2.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:inspiron_5585:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF54DE0B-E8CA-41B8-9610-800BE70DBC5D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:inspiron_5675_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "801FC8A5-459D-4822-8D89-6A6A0E9D9014",
"versionEndExcluding": "1.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:inspiron_5675:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD70CCA8-6267-4C6D-94FC-03CBE34B2508",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:inspiron_5775_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3C4D901-084C-49FB-B69F-1B3C2960B19A",
"versionEndExcluding": "1.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:inspiron_5775:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89A4EE5A-7E8E-4D18-A873-F8486F31A515",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:inspiron_7375_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E73D8A58-F885-4A20-AD00-18BE96D61D46",
"versionEndExcluding": "1.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:inspiron_7375:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F95AF04F-A204-4341-9765-A8B5000A1D35",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:inspiron_7405_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84558A0E-CD55-4315-83C4-C9A90A9DC702",
"versionEndExcluding": "1.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:inspiron_7405:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FC3DAAF-5B9E-4EFC-A809-4BCB12D810A8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:inspiron_7415_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB850B0-DE74-4AAA-BC61-317355264DFF",
"versionEndExcluding": "1.7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:inspiron_7415:-:*:*:*:*:*:*:*",
"matchCriteriaId": "327A491D-EEEE-466E-98A8-1895C5A24996",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:vostro_3405_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B56B87D2-E528-4704-BE72-7B20620BB997",
"versionEndExcluding": "1.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:vostro_3405:-:*:*:*:*:*:*:*",
"matchCriteriaId": "79142A75-EA84-4C9A-861B-0FF10E21450B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:vostro_3515_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34B9B3E7-1F14-4671-A40F-DE09FB115CD4",
"versionEndExcluding": "1.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:vostro_3515:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C2699C29-2162-4F2C-83AE-94BBB865885A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:vostro_5415_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "325C8C31-1BCC-4036-94CA-1986687182D6",
"versionEndExcluding": "1.7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:vostro_5415:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DC7AFBA-3492-44A7-9D78-51FD20C985F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:vostro_5515_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "536E4991-87A0-4AA7-9668-FC3B81EBE2DC",
"versionEndExcluding": "1.7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:vostro_5515:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EB96F99-DE8C-4344-BBB2-12AD92CE98A0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM."
},
{
"lang": "es",
"value": "Dell BIOS contiene una vulnerabilidad de comprobaci\u00f3n de entrada inapropiada. Un usuario malicioso autenticado localmente puede explotar potencialmente esta vulnerabilidad usando una SMI para conseguir una ejecuci\u00f3n de c\u00f3digo arbitrario durante la SMM"
}
],
"id": "CVE-2022-24417",
"lastModified": "2024-11-21T06:50:22.880",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 6.0,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-26T16:15:07.987",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000199285/dsa-2022-095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000199285/dsa-2022-095"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-26 16:15
Modified
2024-11-21 06:50
Severity ?
7.5 (High) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:dell_g5_5505_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD50BEC6-2116-48A4-B058-F3DF4370828E",
"versionEndExcluding": "1.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:dell_g5_5505:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B45D2E5A-2977-461A-B6A5-72FA4B7213C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:inspiron_22-3275_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B07E995-E47B-4A4D-91CC-AEF14887DC2E",
"versionEndExcluding": "1.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:inspiron_22-3275:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7338D5C2-45BA-4BC7-9742-3452FF58379E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:inspiron_24-3475_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2A9062-94CC-4B3A-8A0E-D7E8346966E8",
"versionEndExcluding": "1.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:inspiron_24-3475:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D868D5-1125-4F3C-A60E-5F2A6744FE08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:inspiron_27_7775_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB93B59A-403C-44DD-9102-984E4FE10E44",
"versionEndExcluding": "2.15.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:inspiron_27_7775:-:*:*:*:*:*:*:*",
"matchCriteriaId": "773EB218-753B-44D8-92F2-F902E2BF7933",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:inspiron_3180_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86A5FD1A-B537-4FEF-B0D6-BC6A658A8B8D",
"versionEndExcluding": "1.4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:inspiron_3180:-:*:*:*:*:*:*:*",
"matchCriteriaId": "033EB741-AC21-472C-AE91-D58CAD9B7354",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:inspiron_3185_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51586736-F6E0-4BF5-948C-252CBA506A0D",
"versionEndExcluding": "1.4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:inspiron_3185:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B547563E-6AB1-40DD-AA96-9B4D12CAED05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:inspiron_3195_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9AD04459-B6A3-4C8C-99FD-90C92839C4A8",
"versionEndExcluding": "1.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:inspiron_3195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F60A87A1-BF28-4426-92C8-F16B5B311496",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:inspiron_3505_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D86E59E6-E309-4811-B0F8-7DDD3E39ED93",
"versionEndExcluding": "1.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:inspiron_3505:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3137C79A-EE16-4B4E-95D8-6CF1E1E9A4CD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:inspiron_3515_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "937ABBDA-4951-40D6-A954-16684C92AC03",
"versionEndExcluding": "1.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:inspiron_3515:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC360757-EECE-40F5-8BA9-098F8F121C3B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:inspiron_3585_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5959EF8-8489-4359-B6ED-2BD70872DC3B",
"versionEndExcluding": "1.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:inspiron_3585:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52CE5DAC-381B-4B20-AD92-C427B0ECB4BD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:inspiron_3595_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03080BE4-33E3-46E8-9E41-98BCCBBEC71D",
"versionEndExcluding": "1.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:inspiron_3595:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3F07F9-AAC0-4537-87A3-549595DF9669",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:inspiron_3785_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D639C63E-A4AF-4DC9-AF87-919CF14EC504",
"versionEndExcluding": "1.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:inspiron_3785:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0609B2B8-704B-4804-BE0B-FDE177FDBA83",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:inspiron_5405_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "322292AB-8578-4CF8-8429-F0E38C003942",
"versionEndExcluding": "1.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:inspiron_5405:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2ED5439F-1A3C-4F5F-98C7-B2C471919477",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:inspiron_5415_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79168AE1-1C4B-4FF4-BAD3-B52F6A21F4AE",
"versionEndExcluding": "1.7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:inspiron_5415:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1563D5D8-CD81-4EE5-AE6F-6939C353377B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:inspiron_5485_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FAA98052-FA8D-41A7-A3EA-2A5C78AB4911",
"versionEndExcluding": "2.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:inspiron_5485:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D51C6DC-9838-411B-8D68-3AFE3C816CAC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:inspiron_5505_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66FBF0BA-8393-40A0-AB64-92BD5A628F4E",
"versionEndExcluding": "1.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:inspiron_5505:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84379684-0B62-44BB-A53E-04C95CA09ED5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:inspiron_5515_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9039DEC8-BEB3-4422-8FE5-E27F23721144",
"versionEndExcluding": "1.7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:inspiron_5515:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F05114EB-E200-4F8B-8D18-41AC80540F29",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:inspiron_5575_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FCEB5A0-0B36-43E6-AF4D-013DE8C5BF9D",
"versionEndExcluding": "1.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:inspiron_5575:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14F80F87-DDE1-456E-A35E-1408F0E8309B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:inspiron_5585_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DBD72E0-FDDC-4105-980E-E8190A26B190",
"versionEndExcluding": "2.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:inspiron_5585:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF54DE0B-E8CA-41B8-9610-800BE70DBC5D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:inspiron_5675_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "801FC8A5-459D-4822-8D89-6A6A0E9D9014",
"versionEndExcluding": "1.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:inspiron_5675:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD70CCA8-6267-4C6D-94FC-03CBE34B2508",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:inspiron_5775_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3C4D901-084C-49FB-B69F-1B3C2960B19A",
"versionEndExcluding": "1.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:inspiron_5775:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89A4EE5A-7E8E-4D18-A873-F8486F31A515",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:inspiron_7375_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E73D8A58-F885-4A20-AD00-18BE96D61D46",
"versionEndExcluding": "1.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:inspiron_7375:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F95AF04F-A204-4341-9765-A8B5000A1D35",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:inspiron_7405_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84558A0E-CD55-4315-83C4-C9A90A9DC702",
"versionEndExcluding": "1.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:inspiron_7405:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FC3DAAF-5B9E-4EFC-A809-4BCB12D810A8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:inspiron_7415_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB850B0-DE74-4AAA-BC61-317355264DFF",
"versionEndExcluding": "1.7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:inspiron_7415:-:*:*:*:*:*:*:*",
"matchCriteriaId": "327A491D-EEEE-466E-98A8-1895C5A24996",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:vostro_3405_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B56B87D2-E528-4704-BE72-7B20620BB997",
"versionEndExcluding": "1.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:vostro_3405:-:*:*:*:*:*:*:*",
"matchCriteriaId": "79142A75-EA84-4C9A-861B-0FF10E21450B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:vostro_3515_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34B9B3E7-1F14-4671-A40F-DE09FB115CD4",
"versionEndExcluding": "1.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:vostro_3515:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C2699C29-2162-4F2C-83AE-94BBB865885A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:vostro_5415_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "325C8C31-1BCC-4036-94CA-1986687182D6",
"versionEndExcluding": "1.7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:vostro_5415:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DC7AFBA-3492-44A7-9D78-51FD20C985F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:vostro_5515_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "536E4991-87A0-4AA7-9668-FC3B81EBE2DC",
"versionEndExcluding": "1.7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:vostro_5515:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EB96F99-DE8C-4344-BBB2-12AD92CE98A0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM."
},
{
"lang": "es",
"value": "Dell BIOS contiene una vulnerabilidad de comprobaci\u00f3n de entrada inapropiada. Un usuario local malicioso y autenticado puede explotar esta vulnerabilidad usando un SMI para conseguir la ejecuci\u00f3n de c\u00f3digo arbitrario durante el SMM"
}
],
"id": "CVE-2022-24418",
"lastModified": "2024-11-21T06:50:23.033",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 6.0,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-26T16:15:08.057",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000199285/dsa-2022-095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000199285/dsa-2022-095"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2022-24417
Vulnerability from cvelistv5
Published
2022-05-26 15:20
Modified
2024-09-16 20:27
Severity ?
EPSS score ?
Summary
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.dell.com/support/kbdoc/en-us/000199285/dsa-2022-095 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:13:55.811Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000199285/dsa-2022-095"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.10.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-26T15:20:19",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000199285/dsa-2022-095"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2022-05-12",
"ID": "CVE-2022-24417",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CPG BIOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.10.0"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.5,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/en-us/000199285/dsa-2022-095",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/en-us/000199285/dsa-2022-095"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2022-24417",
"datePublished": "2022-05-26T15:20:19.382956Z",
"dateReserved": "2022-02-04T00:00:00",
"dateUpdated": "2024-09-16T20:27:17.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-24418
Vulnerability from cvelistv5
Published
2022-05-26 15:20
Modified
2024-09-17 02:27
Severity ?
EPSS score ?
Summary
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.dell.com/support/kbdoc/en-us/000199285/dsa-2022-095 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:13:55.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000199285/dsa-2022-095"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.10.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-26T15:20:20",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000199285/dsa-2022-095"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2022-05-12",
"ID": "CVE-2022-24418",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CPG BIOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.10.0"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.5,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/en-us/000199285/dsa-2022-095",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/en-us/000199285/dsa-2022-095"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2022-24418",
"datePublished": "2022-05-26T15:20:20.811864Z",
"dateReserved": "2022-02-04T00:00:00",
"dateUpdated": "2024-09-17T02:27:23.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-26186
Vulnerability from cvelistv5
Published
2021-01-08 18:55
Modified
2024-09-17 02:26
Severity ?
EPSS score ?
Summary
Dell Inspiron 5675 BIOS versions prior to 1.4.1 contain a UEFI BIOS RuntimeServices overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the RuntimeServices structure to execute arbitrary code in System Management Mode (SMM).
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:49:07.191Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000180645/dsa-2020-247-dell-client-platform-security-update-for-uefi-bios-runtimeservices-overwrite-vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.4.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell Inspiron 5675 BIOS versions prior to 1.4.1 contain a UEFI BIOS RuntimeServices overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the RuntimeServices structure to execute arbitrary code in System Management Mode (SMM)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-642",
"description": "CWE-642: External Control of Critical State Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-08T18:55:13",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000180645/dsa-2020-247-dell-client-platform-security-update-for-uefi-bios-runtimeservices-overwrite-vulnerability"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2020-12-16",
"ID": "CVE-2020-26186",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CPG BIOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.4.1"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell Inspiron 5675 BIOS versions prior to 1.4.1 contain a UEFI BIOS RuntimeServices overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the RuntimeServices structure to execute arbitrary code in System Management Mode (SMM)."
}
]
},
"impact": {
"cvss": {
"baseScore": 6.8,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-642: External Control of Critical State Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/en-us/000180645/dsa-2020-247-dell-client-platform-security-update-for-uefi-bios-runtimeservices-overwrite-vulnerability",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/en-us/000180645/dsa-2020-247-dell-client-platform-security-update-for-uefi-bios-runtimeservices-overwrite-vulnerability"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-26186",
"datePublished": "2021-01-08T18:55:13.689319Z",
"dateReserved": "2020-09-30T00:00:00",
"dateUpdated": "2024-09-17T02:26:57.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}