CVE-2022-34393

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/000204686	Vendor Advisory
https://www.dell.com/support/kbdoc/000204686	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dell:g5_se_5505_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:g5_se_5505:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:dell:inspiron_27_7775_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_27_7775:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:dell:inspiron_3180_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_3180:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:dell:inspiron_3185_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_3185:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:dell:inspiron_3195_2-in-1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_3195_2-in-1:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:dell:inspiron_3275_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_3275:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:dell:inspiron_3475_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_3475:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:dell:inspiron_3505_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_3505:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:dell:inspiron_3515_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_3515:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:dell:inspiron_3585_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_3585:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:dell:inspiron_3595_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_3595:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:dell:inspiron_3785_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_3785:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:dell:inspiron_5405_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_5405:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:dell:inspiron_5415_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_5415:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:dell:inspiron_5485_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_5485:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:dell:inspiron_5485_2-in-1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_5485_2-in-1:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:dell:inspiron_5505_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_5505:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:dell:inspiron_5515_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_5515:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:dell:inspiron_5585_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_5585:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:dell:inspiron_7375_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_7375:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:dell:inspiron_7405_2-in-1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_7405_2-in-1:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:dell:inspiron_7415_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:inspiron_7415:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:dell:vostro_3405_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vostro_3405:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:dell:vostro_3515_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vostro_3515:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:dell:vostro_5415_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vostro_5415:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:dell:vostro_5515_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:vostro_5515:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:09

Type	Values Removed	Values Added
References	~~() https://www.dell.com/support/kbdoc/000204686 - Vendor Advisory~~	() https://www.dell.com/support/kbdoc/000204686 - Vendor Advisory
Summary		(es) Dell BIOS contiene una vulnerabilidad de validación de entrada incorrecta. Un usuario malicioso autenticado local podría explotar esta vulnerabilidad utilizando un SMI para obtener la ejecución de código arbitrario en SMRAM.

07 Nov 2023, 03:48

Type	Values Removed	Values Added
Summary	Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.	Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Information

Published : 2023-01-18 06:15

Updated : 2024-11-21 07:09

NVD link : CVE-2022-34393

Mitre link : CVE-2022-34393

CVE.ORG link : CVE-2022-34393

JSON object : View

Products Affected

dell

inspiron_3475_firmware
inspiron_3475
inspiron_5505
inspiron_5515
inspiron_3585
inspiron_3185
inspiron_3195_2-in-1_firmware
inspiron_5485_2-in-1
inspiron_27_7775
inspiron_5485_2-in-1_firmware
inspiron_7405_2-in-1_firmware
vostro_5415
inspiron_3515
inspiron_3195_2-in-1
inspiron_5415_firmware
inspiron_5405_firmware
inspiron_3515_firmware
inspiron_27_7775_firmware
inspiron_3185_firmware
inspiron_5485_firmware
vostro_3405_firmware
inspiron_3275
inspiron_5405
inspiron_5415
inspiron_7375
inspiron_5505_firmware
inspiron_5485
inspiron_3180
inspiron_3505
inspiron_7375_firmware
vostro_5515
inspiron_3785_firmware
inspiron_5585_firmware
g5_se_5505_firmware
vostro_3515_firmware
inspiron_3180_firmware
inspiron_7415_firmware
vostro_5415_firmware
vostro_3515
inspiron_3785
g5_se_5505
vostro_3405
inspiron_5585
inspiron_7405_2-in-1
vostro_5515_firmware
inspiron_3505_firmware
inspiron_3595_firmware
inspiron_5515_firmware
inspiron_3595
inspiron_3275_firmware
inspiron_3585_firmware
inspiron_7415

CWE

CWE-20

Improper Input Validation

7.5 /10