CVE-2022-24417

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-24417

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

7.2 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

D

ell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

References
Link Resource
https://www.dell.com/support/kbdoc/en-us/000199285/dsa-2022-095 Vendor Advisory
https://www.dell.com/support/kbdoc/en-us/000199285/dsa-2022-095 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dell:dell_g5_5505_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:dell_g5_5505:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:dell:inspiron_22-3275_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_22-3275:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:dell:inspiron_24-3475_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_24-3475:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:dell:inspiron_27_7775_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_27_7775:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:dell:inspiron_3180_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_3180:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:dell:inspiron_3185_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_3185:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:dell:inspiron_3195_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_3195:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:dell:inspiron_3505_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_3505:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:dell:inspiron_3515_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_3515:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:dell:inspiron_3585_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_3585:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:dell:inspiron_3595_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_3595:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:dell:inspiron_3785_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_3785:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:dell:inspiron_5405_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_5405:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:dell:inspiron_5415_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_5415:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:dell:inspiron_5485_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_5485:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:dell:inspiron_5505_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_5505:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:dell:inspiron_5515_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_5515:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:dell:inspiron_5575_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_5575:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:dell:inspiron_5585_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_5585:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:dell:inspiron_5675_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_5675:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:dell:inspiron_5775_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_5775:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:dell:inspiron_7375_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_7375:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:dell:inspiron_7405_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_7405:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:dell:inspiron_7415_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_7415:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
cpe:2.3:o:dell:vostro_3405_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_3405:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND
cpe:2.3:o:dell:vostro_3515_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_3515:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND
cpe:2.3:o:dell:vostro_5415_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_5415:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND
cpe:2.3:o:dell:vostro_5515_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_5515:-:*:*:*:*:*:*:*
History

21 Nov 2024, 06:50

Type Values Removed Values Added
CVSS v2 : 7.2
v3 : 6.7 		v2 : 7.2
v3 : 7.5
References () https://www.dell.com/support/kbdoc/en-us/000199285/dsa-2022-095 - Vendor Advisory () https://www.dell.com/support/kbdoc/en-us/000199285/dsa-2022-095 - Vendor Advisory
Information

Published : 2022-05-26 16:15

Updated : 2024-11-21 06:50

NVD link : CVE-2022-24417

Mitre link : CVE-2022-24417

CVE.ORG link : CVE-2022-24417

JSON object : View

Products Affected

dell

CWE
CWE-20

Improper Input Validation