Vulnerability-Lookup

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

Apply ordering (override relevance)

CVE-2024-52541 (GCVE-0-2024-52541)

Vulnerability from nvd – Published: 2025-02-19 16:46 – Updated: 2025-02-19 17:08

Summary

Dell Client Platform BIOS contains a Weak Authentication vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

Severity

8.2 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-1390 - Weak Authentication

Assigner

dell

References

1 reference

URL	Tags
https://www.dell.com/support/kbdoc/en-us/00025842…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Dell	Dell Client Platform BIOS	Affected: N/A , < 1.34.0 (semver) Affected: N/A , < 1.28.0 (semver) Affected: N/A , < 1.21.0 (semver) Affected: N/A , < 1.8.0 (semver) Affected: N/A , < 1.9.0 (semver) Affected: N/A , < 1.17.0 (semver) Affected: N/A , < 1.7.0 (semver) Affected: N/A , < 1.26.0 (semver) Affected: N/A , < 1.20.0 (semver) Affected: N/A , < 1.31.1 (semver) Affected: N/A , < 1.30.0 (semver) Affected: N/A , < 1.29.0 (semver) Affected: N/A , < 1.32.0 (semver) Affected: N/A , < 1.21.1 (semver) Affected: N/A , < 1.25.1 (semver) Affected: N/A , < 1.33.0 (semver) Affected: N/A , < 1.31.0 (semver) Affected: N/A , < 2.31.0 (semver) Affected: N/A , < 2.39.0 (semver) Affected: N/A , < 2.43.0 (semver) Affected: N/A , < 1.27.0 (semver) Affected: N/A , < 1.22.0 (semver) Affected: N/A , < 1.18.0 (semver) Affected: N/A , < 2.30.0 (semver) Affected: N/A , < 1.24.0 (semver) Affected: N/A , < 1.25.0 (semver) Affected: N/A , < 1.10.0 (semver) Affected: N/A , < 1.14.0 (semver) Affected: N/A , < 1.6.1 (semver) Affected: N/A , < 1.15.1 (semver) Affected: N/A , < 1.36.1 (semver) Affected: N/A , < 1.33.1 (semver) Affected: N/A , < 1.48.0 (semver) Affected: N/A , < 1.37.0 (semver) Affected: N/A , < 1.27.1 (semver) Affected: N/A , < 1.26.1 (semver) Affected: N/A , < 1.16.0 (semver) Affected: N/A , < 1.35.1 (semver) Affected: N/A , < 1.32.1 (semver) Affected: N/A , < 1.38.0 (semver) Affected: N/A , < 1.40.0 (semver) Affected: N/A , < 1.35.0 (semver) Affected: N/A , < 1.36.0 (semver) Affected: N/A , < 1.41.0 (semver) Affected: N/A , < 1.31.2 (semver) Affected: N/A , < 1.18.1 (semver) Affected: N/A , < 1.39.0 (semver) Affected: N/A , < 1.53.0 (semver) Affected: N/A , < 1.19.1 (semver) Affected: N/A , < 1.38.1 (semver) Affected: N/A , < 1.7.1 (semver) Affected: N/A , < 1.8.1 (semver) Affected: N/A , < 1.23.0 (semver) Affected: N/A , < 1.34.1 (semver) Affected: N/A , < 1.23.2 (semver) Affected: N/A , < 1.30.1 (semver) Affected: N/A , < 2.28.1 (semver) Affected: N/A , < 2.22.1 (semver) Affected: N/A , < 1.28.1 (semver) Affected: N/A , < 1.1.44 (semver) Affected: N/A , < 3.10.0 (semver) Affected: N/A , < 1.6.0 (semver) Affected: N/A , < 2.33.0 (semver) Affected: N/A , < 2.20.0 (semver) Affected: N/A , < 2.34.0 (semver) Affected: N/A , < 1.15.0 (semver) Affected: N/A , < 1.34.8 (semver) Affected: N/A , < 1.9.1 (semver) Affected: N/A , < 2.6.1 (semver) Affected: N/A , < 01.11.02 (semver) Affected: N/A , < 2.31.1 (semver) Affected: N/A , < 3.27.1 (semver) Affected: N/A , < 2.29.1 (semver) Affected: N/A , < 2.18.1 (semver) Affected: N/A , < 1.13.0 (semver) Affected: N/A , < 1.11.0 (semver) Affected: N/A , < 1.11.1 (semver) Affected: N/A , < 2.24.1 (semver)

Date Public

2025-02-17 06:30

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-52541",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-19T17:07:39.827843Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-19T17:08:48.094Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Alienware m15 R6",
            "Alienware m15 R7",
            "Alienware m16 R1",
            "Alienware m16 R2",
            "Alienware M18 R2",
            "Alienware x14 R2",
            "Alienware X16 R2",
            "ChengMing 3900",
            "ChengMing 3910/3911",
            "ChengMing 3990",
            "Dell Edge Gateway 5000",
            "Dell G15 5510",
            "Dell G15 5511",
            "Dell G15 5530",
            "Dell G5 5000",
            "Dell Precision 3430 Tower",
            "Dell Precision 3431 Tower",
            "Dell Precision 3630 Tower",
            "Dell Precision 5820 Tower",
            "Dell Precision 7820 Tower",
            "Embedded Box PC 5000",
            "Inspiron 13 5320",
            "Inspiron 13 5330",
            "Inspiron 14\u00a0 5410/5418",
            "Inspiron 14 5420",
            "Inspiron 14 Plus 7420",
            "Inspiron 14 Plus 7440",
            "Inspiron 15 3530",
            "Inspiron 16 5640",
            "Inspiron 24 5420 All-in-One",
            "Inspiron 5301",
            "Inspiron 5400/5401",
            "Latitude 12 Rugged Extreme 7214",
            "Latitude 3190",
            "Latitude 3310",
            "Latitude 3310 2-In-1",
            "Latitude 3340",
            "Latitude 3400",
            "Latitude 3410",
            "Latitude 3420",
            "Latitude 5320",
            "Latitude 5400",
            "Latitude 5401",
            "Latitude 5420",
            "Latitude 5430 Rugged Laptop",
            "Latitude 5440",
            "Latitude 5480",
            "Latitude 7212 Rugged Extreme Tablet",
            "Latitude 7230 Rugged Extreme",
            "Latitude 7320",
            "Latitude 7350 Detachable",
            "Latitude 7450",
            "Latitude 9330",
            "Latitude 9420",
            "OptiPlex 3000 Thin Client",
            "OptiPlex 3070",
            "OptiPlex 3080",
            "OptiPlex 3090",
            "OptiPlex 5080",
            "OptiPlex 5400 All-In-One",
            "Precision 3260 XE Compact / Precision 3260 Compact",
            "Precision 3280 CFF",
            "Precision 3420 Tower",
            "Precision 3660",
            "Precision 3930 Rack",
            "Precision 5480",
            "Precision 5530 2-In-1",
            "Precision 5690",
            "Precision 5860 Tower",
            "Precision 7875 Tower",
            "Vostro 3681",
            "XPS 13 9310",
            "XPS 13 9310 2-in-1",
            "XPS 13 Plus 9320",
            "XPS 13 9340",
            "XPS 14 9440",
            "XPS 16 9640",
            "XPS 8940"
          ],
          "product": "Dell Client Platform BIOS",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.34.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.28.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.21.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.8.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.9.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.17.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.7.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.26.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.20.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.31.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.30.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.29.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.32.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.21.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.25.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.33.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.31.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.31.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.39.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.43.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.27.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.22.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.18.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.30.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.24.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.25.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.10.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.14.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.6.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.15.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.36.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.33.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.48.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.37.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.27.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.26.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.16.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.35.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.32.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.38.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.40.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.35.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.36.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.41.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.31.2",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.18.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.39.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.53.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.19.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.38.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.7.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.8.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.23.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.34.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.23.2",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.30.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.28.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.22.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.28.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.1.44",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "3.10.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.6.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.33.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.20.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.34.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.15.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.34.8",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.9.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.6.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "01.11.02",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.31.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "3.27.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.29.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.18.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.13.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.11.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.11.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.24.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-02-17T06:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Dell Client Platform BIOS contains a Weak Authentication vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.\u003cbr\u003e"
            }
          ],
          "value": "Dell Client Platform BIOS contains a Weak Authentication vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1390",
              "description": "CWE-1390: Weak Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-19T16:46:22.803Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000258429/dsa-2025-021"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2024-52541",
    "datePublished": "2025-02-19T16:46:22.803Z",
    "dateReserved": "2024-11-12T06:04:07.776Z",
    "dateUpdated": "2025-02-19T17:08:48.094Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-47238 (GCVE-0-2024-47238)

Vulnerability from nvd – Published: 2024-12-12 17:38 – Updated: 2024-12-12 19:00

Summary

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-20 - Improper Input Validation

Assigner

dell

References

1 reference

URL	Tags
https://www.dell.com/support/kbdoc/en-us/00022759…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Dell	Dell Client Platform BIOS	Affected: N/A , < 1.29.0 (semver) Affected: N/A , < 1.19.0 (semver) Affected: N/A , < 1.25.0 (semver)

Date Public

2024-12-11 18:30

Credits

Dell Technologies would like to thank Eclypsium for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-47238",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-12T19:00:41.886434Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-12T19:00:54.508Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Dell Client Platform BIOS",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.29.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.19.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.25.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Dell Technologies would like to thank Eclypsium for reporting this issue."
        }
      ],
      "datePublic": "2024-12-11T18:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution."
            }
          ],
          "value": "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-12T17:38:19.407Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000227595/dsa-2024-355"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2024-47238",
    "datePublished": "2024-12-12T17:38:19.407Z",
    "dateReserved": "2024-09-23T05:36:07.682Z",
    "dateUpdated": "2024-12-12T19:00:54.508Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-0158 (GCVE-0-2024-0158)

Vulnerability from nvd – Published: 2024-07-02 06:20 – Updated: 2024-08-01 17:41

Summary

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability to modify a UEFI variable, leading to denial of service and escalation of privileges

Severity

5.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-20 - Improper Input Validation

Assigner

dell

References

1 reference

URL	Tags
https://www.dell.com/support/kbdoc/en-in/00022014…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Dell	CPG BIOS	Affected: N/A , < 1.28.0 (semver) Affected: N/A , < 1.23.0 (semver) Affected: N/A , < 1.15.0 (semver) Affected: N/A , < 1.2.1 (semver) Affected: N/A , < 1.12.1 (semver) Affected: N/A , < 1.2.0 (semver) Affected: N/A , < 1.20.0 (semver) Affected: N/A , < 1.12.0 (semver) Affected: N/A , < 1.26.0 (semver) Affected: N/A , < 1.27.0 (semver) Affected: N/A , < 1.13.0 (semver) Affected: N/A , < 1.29.0 (semver) Affected: N/A , < 1.19.0 (semver) Affected: N/A , < 1.25.0 (semver) Affected: N/A , < 1.31.0 (semver) Affected: N/A , < 2.27.0 (semver) Affected: N/A , < 2.35.0 (semver) Affected: N/A , < 2.39.0 (semver) Affected: N/A , < 1.17.0 (semver) Affected: N/A , < 1.24.0 (semver) Affected: N/A , < 2.26.0 (semver) Affected: N/A , < 1.13.1 (semver) Affected: N/A , < 2.25.0 (semver) Affected: N/A , < 1.3.1 (semver) Affected: N/A , < 1.18.0 (semver) Affected: N/A , < 1.21.0 (semver) Affected: N/A , < 1.22.0 (semver) Affected: N/A , < 1.9.0 (semver) Affected: N/A , < 1.3.0 (semver) Affected: N/A , < 1.30.0 (semver) Affected: N/A , < 1.32.0 (semver) Affected: N/A , < 1.29..0 (semver) Affected: N/A , < 1.45.0 (semver) Affected: N/A , < 1.33.0 (semver) Affected: N/A , < 1.11.0 (semver) Affected: N/A , < 1.35.0 (semver) Affected: N/A , < 1.34.0 (semver) Affected: N/A , < 1.36.0 (semver) Affected: N/A , < 1.36.2 (semver) Affected: N/A , < 1.25.1 (semver) Affected: N/A , < 1.21.1 (semver) Affected: N/A , < 1.4.1 (semver) Affected: N/A , < 1.49.0 (semver) Affected: N/A , < 1.37.0 (semver) Affected: N/A , < 1.34.2 (semver) Affected: N/A , < 1.30.1 (semver) Affected: N/A , < 1.16.1 (semver) Affected: N/A , < 2.24.0 (semver) Affected: N/A , < 2.18.0 (semver) Affected: N/A , < 1.1.38 (semver) Affected: N/A , < 3.3.2 (semver) Affected: N/A , < 2.29.0 (semver) Affected: N/A , < 2.12.0 (semver) Affected: N/A , < 2.30.0 (semver) Affected: N/A , < 1.30.8 (semver) Affected: N/A , < 1.10.0 (semver) Affected: N/A , < 1.26.1 (semver) Affected: N/A , < 1.1.17 (semver) Affected: N/A , < 1.20.1 (semver) Affected: N/A , < 1.7.0 (semver) Affected: N/A , < 01.03.00 (semver) Affected: N/A , < 1.1.16 (semver) Affected: N/A , < 3.21.0 (semver) Affected: N/A , < 2.23.0 (semver) Affected: N/A , < 1.19.1 (semver) Affected: N/A , < 2.10.0 (semver) Affected: N/A , < 2.18.1 (semver) Affected: N/A , < 1.14.0 (semver)

Date Public

2024-03-12 06:30

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-0158",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-02T14:21:02.955425Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-02T14:21:13.009Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T17:41:16.039Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/kbdoc/en-in/000220141/dsa-2024-030-security-update-for-dell-client-bios-for-an-improper-input-validation-vulnerability"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CPG BIOS",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.28.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.23.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.15.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.2.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.12.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.2.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.20.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.12.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.26.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.27.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.13.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.29.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.19.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.25.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.31.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.27.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.35.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.39.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.17.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.24.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.26.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.13.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.25.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.3.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.18.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.21.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.22.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.9.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.3.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.30.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.32.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.29..0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.45.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.33.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.11.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.35.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.34.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.36.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.36.2",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.25.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.21.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.4.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.49.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.37.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.34.2",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.30.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.16.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.24.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.18.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.1.38",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "3.3.2",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.29.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.12.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.30.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.30.8",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.10.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.26.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.1.17",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.20.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.7.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "01.03.00",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.1.16",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "3.21.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.23.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.19.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.10.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.18.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.14.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-03-12T06:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability to modify a UEFI variable, leading to denial of service and escalation of privileges"
            }
          ],
          "value": "Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability to modify a UEFI variable, leading to denial of service and escalation of privileges"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-02T06:20:44.735Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-in/000220141/dsa-2024-030-security-update-for-dell-client-bios-for-an-improper-input-validation-vulnerability"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2024-0158",
    "datePublished": "2024-07-02T06:20:44.735Z",
    "dateReserved": "2023-12-14T05:30:35.591Z",
    "dateUpdated": "2024-08-01T17:41:16.039Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-22429 (GCVE-0-2024-22429)

Vulnerability from nvd – Published: 2024-05-17 15:20 – Updated: 2024-08-01 22:43

Summary

Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-20 - Improper Input Validation

Assigner

dell

References

1 reference

URL	Tags
https://www.dell.com/support/kbdoc/en-us/00022110…	vendor-advisory

Impacted products

16 products

Vendor	Product	Version
Dell	CPG BIOS	Affected: N/A , < 2.36.0 (semver) Affected: N/A , < 1.18.0 (semver) Affected: N/A , < 1.46.0 (semver) Affected: N/A , < 1.27.0 (semver) Affected: N/A , < 1.29.0 (semver) Affected: N/A , < 1.28.0 (semver) Affected: N/A , < 1.31.0 (semver) Affected: N/A , < 1.32.0 (semver) Affected: N/A , < 1.50.0 (semver) Affected: N/A , < 2.30.0 (semver)
dell	edge_gateway_3000_firmware	Affected: 0 , < 1.18.0 (semver) cpe:2.3:o:dell:edge_gateway_3000_firmware:-:::::::*
dell	latitude_13_3380	Affected: 0 , < 1.27.0 (semver) cpe:2.3:h:dell:latitude_13_3380:-:::::::*
dell	latitude_3180_firmware	Affected: 0 , < 1.29.0 (semver) cpe:2.3:o:dell:latitude_3180_firmware:-:::::::*
dell	latitude_3189_firmware	Affected: 0 , < 1.29.0 (semver) cpe:2.3:o:dell:latitude_3189_firmware:-:::::::*
dell	latitude_3390_2-in-1	Affected: 0 , < 1.31.0 (semver) cpe:2.3:h:dell:latitude_3390_2-in-1:-:::::::*
dell	latitude_5414_firmware	Affected: 0 , < 1.46.0 (semver) cpe:2.3:o:dell:latitude_5414_firmware:-:::::::*
dell	latitude_5424_firmware	Affected: 0 , < 1.32.0 (semver) cpe:2.3:a:dell:latitude_5424_firmware::::::::
dell	latitude_7414_rugged_extreme_firmware	Affected: 0 , < 1.46.0 (semver) cpe:2.3:o:dell:latitude_7414_rugged_extreme_firmware:-:::::::*
dell	precision_3420_tower	Affected: 0 , < 2.30.0 (semver) cpe:2.3:h:dell:precision_3420_tower:-:::::::*
dell	precision_3620_tower	Affected: 0 , < 2.30.0 (semver) cpe:2.3:h:dell:precision_3620_tower:-:::::::*
dell	latitude_5280_firmware	Affected: 0 , < 2.36.0 (semver) cpe:2.3:o:dell:latitude_5280_firmware:-:::::::*
dell	latitude_12_rugged_extreme_7214_firmware	Affected: 0 , < 1.46.0 (semver) cpe:2.3:o:dell:latitude_12_rugged_extreme_7214_firmware:-:::::::*
dell	latitude_3300_firmware	Affected: 0 , < 1.28.0 (semver) cpe:2.3:o:dell:latitude_3300_firmware:-:::::::*
dell	latitude_7212_rugged_extreme_tablet_firmware	Affected: 0 , < 1.50.0 (semver) cpe:2.3:a:dell:latitude_7212_rugged_extreme_tablet_firmware::::::::
dell	wyse_5070	Affected: 0 , < 1.31.0 (semver) cpe:2.3:h:dell:wyse_5070:-:::::::*

Date Public

2024-05-14 06:30

Credits

Dell would like to thank schur of BUPT, Dubhe Lab for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:dell:edge_gateway_3000_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "edge_gateway_3000_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.18.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:dell:latitude_13_3380:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "latitude_13_3380",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.27.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:latitude_3180_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "latitude_3180_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.29.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:latitude_3189_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "latitude_3189_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.29.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:dell:latitude_3390_2-in-1:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "latitude_3390_2-in-1",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.31.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:latitude_5414_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "latitude_5414_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.46.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:dell:latitude_5424_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "latitude_5424_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.32.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:latitude_7414_rugged_extreme_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "latitude_7414_rugged_extreme_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.46.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:dell:precision_3420_tower:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "precision_3420_tower",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "2.30.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:dell:precision_3620_tower:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "precision_3620_tower",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "2.30.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:latitude_5280_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "latitude_5280_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "2.36.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:latitude_12_rugged_extreme_7214_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "latitude_12_rugged_extreme_7214_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.46.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:latitude_3300_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "latitude_3300_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.28.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:dell:latitude_7212_rugged_extreme_tablet_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "latitude_7212_rugged_extreme_tablet_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.50.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:dell:wyse_5070:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "wyse_5070",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.31.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-22429",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-21T13:54:51.026876Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-06T14:03:23.200Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:43:35.008Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/kbdoc/en-us/000221102/dsa-2024-020"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CPG BIOS",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "2.36.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.18.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.46.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.27.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.29.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.28.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.31.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.32.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.50.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.30.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Dell would like to thank schur of BUPT, Dubhe Lab for reporting this issue."
        }
      ],
      "datePublic": "2024-05-14T06:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution."
            }
          ],
          "value": "Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-17T15:20:16.147Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000221102/dsa-2024-020"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2024-22429",
    "datePublished": "2024-05-17T15:20:16.147Z",
    "dateReserved": "2024-01-10T15:23:01.337Z",
    "dateUpdated": "2024-08-01T22:43:35.008Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-28075 (GCVE-0-2023-28075)

Vulnerability from nvd – Published: 2023-08-16 19:15 – Updated: 2024-10-08 19:02

Summary

Dell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS. A local authenticated malicious user with physical access to the system could potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI in order to gain arbitrary code execution on the system.

Severity

6.9 (Medium)


                        
                          CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

Assigner

dell

References

1 reference

URL	Tags
https://www.dell.com/support/kbdoc/en-us/00021281…	vendor-advisory

Impacted products

2 products

Vendor	Product	Version
Dell	CPG BIOS	Affected: All Versions
dell	cpg_bios	Affected: 0 , < * (custom) cpe:2.3:o:dell:cpg_bios::::::::

Date Public

2023-08-08 06:30

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:30:23.618Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/kbdoc/en-us/000212817/dsa-2023-152-security-update-for-a-dell-client-bios-vulnerability"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:dell:cpg_bios:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "cpg_bios",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-28075",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-08T19:01:58.435016Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-08T19:02:39.400Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CPG BIOS",
          "vendor": "Dell",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions"
            }
          ]
        }
      ],
      "datePublic": "2023-08-08T06:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS. A local authenticated malicious user with physical access to the system could potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI in order to gain arbitrary code execution on the system.\u003c/span\u003e\n\n"
            }
          ],
          "value": "\nDell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS. A local authenticated malicious user with physical access to the system could potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI in order to gain arbitrary code execution on the system.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-367",
              "description": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-16T19:15:41.959Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000212817/dsa-2023-152-security-update-for-a-dell-client-bios-vulnerability"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2023-28075",
    "datePublished": "2023-08-16T19:15:41.959Z",
    "dateReserved": "2023-03-10T05:07:55.141Z",
    "dateUpdated": "2024-10-08T19:02:39.400Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-24571 (GCVE-0-2023-24571)

Vulnerability from nvd – Published: 2023-03-16 09:55 – Updated: 2025-02-26 18:59

Summary

Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with administrator privileges could potentially exploit this vulnerability to perform arbitrary code execution.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-20 - Improper Input Validation

Assigner

dell

References

1 reference

URL	Tags
https://www.dell.com/support/kbdoc/en-us/00021095…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Dell	Embedded Box PC 3000 , CPG BIOS	Affected: All BIOS Versions

Date Public

2023-03-15 06:30

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:03:18.832Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/kbdoc/en-us/000210955/dsa-2023-046"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-24571",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-26T16:13:13.231228Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-26T18:59:02.354Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Embedded Box PC 3000 , CPG BIOS",
          "vendor": "Dell",
          "versions": [
            {
              "status": "affected",
              "version": "All BIOS Versions"
            }
          ]
        }
      ],
      "datePublic": "2023-03-15T06:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with administrator privileges could potentially exploit this vulnerability to perform arbitrary code execution.\u003c/span\u003e\n\n"
            }
          ],
          "value": "\nDell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with administrator privileges could potentially exploit this vulnerability to perform arbitrary code execution.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-16T09:55:59.328Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000210955/dsa-2023-046"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2023-24571",
    "datePublished": "2023-03-16T09:55:59.328Z",
    "dateReserved": "2023-01-26T16:27:33.568Z",
    "dateUpdated": "2025-02-26T18:59:02.354Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-34398 (GCVE-0-2022-34398)

Vulnerability from nvd – Published: 2023-02-01 05:28 – Updated: 2025-03-26 18:53

Summary

Dell BIOS contains a Time-of-check Time-of-use vulnerability. A local authenticated malicious user could\u00a0potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI to gain arbitrary code execution on the system.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

Assigner

dell

References

1 reference

URL	Tags
https://www.dell.com/support/kbdoc/000206038	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Dell	CPG BIOS	Affected: 0 , ≤ 2.15.0 (custom)

Date Public

2022-12-20 17:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T09:07:16.315Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/kbdoc/000206038"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-34398",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-26T18:53:35.851149Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-26T18:53:45.169Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CPG BIOS",
          "vendor": "Dell",
          "versions": [
            {
              "lessThanOrEqual": "2.15.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-12-20T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cdiv\u003e\u003cdiv\u003eDell BIOS contains a Time-of-check Time-of-use vulnerability. A local authenticated malicious user could\\u00a0potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI to gain arbitrary code execution on the system.\u003c/div\u003e\u003c/div\u003e\n\n"
            }
          ],
          "value": "\nDell BIOS contains a Time-of-check Time-of-use vulnerability. A local authenticated malicious user could\\u00a0potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI to gain arbitrary code execution on the system.\n\n\n\n\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-367",
              "description": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-01T05:28:00.739Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/000206038"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2022-34398",
    "datePublished": "2023-02-01T05:28:00.739Z",
    "dateReserved": "2022-06-23T18:55:17.097Z",
    "dateUpdated": "2025-03-26T18:53:45.169Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-32490 (GCVE-0-2022-32490)

Vulnerability from nvd – Published: 2023-01-18 05:59 – Updated: 2025-04-03 19:43

Summary

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-20 - Improper Input Validation

Assigner

dell

References

1 reference

URL	Tags
https://www.dell.com/support/kbdoc/000204685

Impacted products

1 product

Vendor	Product	Version
Dell	BIOS	Affected: 1.8

Date Public

2022-11-02 16:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:39:51.069Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/kbdoc/000204685"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-32490",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-02T16:21:20.916599Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-03T19:43:07.139Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "BIOS",
          "vendor": "Dell",
          "versions": [
            {
              "status": "affected",
              "version": "1.8"
            }
          ]
        }
      ],
      "datePublic": "2022-11-02T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cdiv\u003e\u003cdiv\u003eDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.\u003c/div\u003e\u003c/div\u003e\n\n"
            }
          ],
          "value": "\nDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.\n\n\n\n\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-18T05:59:52.888Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "url": "https://www.dell.com/support/kbdoc/000204685"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2022-32490",
    "datePublished": "2023-01-18T05:59:52.888Z",
    "dateReserved": "2022-06-06T17:44:58.338Z",
    "dateUpdated": "2025-04-03T19:43:07.139Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-32493 (GCVE-0-2022-32493)

Vulnerability from nvd – Published: 2022-10-12 19:25 – Updated: 2025-05-15 15:35

Summary

Dell BIOS contains an Stack-Based Buffer Overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Severity

6 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-121 - Stack-based Buffer Overflow

Assigner

dell

References

1 reference

URL	Tags
https://www.dell.com/support/kbdoc/000203758

Impacted products

1 product

Vendor	Product	Version
Dell	CPG BIOS	Affected: unspecified , < XPS 8940 BIOS (version: 2.5.1) (custom)

Date Public

2022-09-29 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:46:43.477Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/kbdoc/000203758"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-32493",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-15T15:35:30.235216Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-15T15:35:38.338Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "CPG BIOS",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "XPS 8940 BIOS (version: 2.5.1)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-09-29T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Dell BIOS contains an Stack-Based Buffer Overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-12T00:00:00.000Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "url": "https://www.dell.com/support/kbdoc/000203758"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2022-32493",
    "datePublished": "2022-10-12T19:25:41.419Z",
    "dateReserved": "2022-06-06T00:00:00.000Z",
    "dateUpdated": "2025-05-15T15:35:38.338Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-32491 (GCVE-0-2022-32491)

Vulnerability from nvd – Published: 2022-10-12 19:25 – Updated: 2025-05-15 15:35

Summary

Dell Client BIOS contains a Buffer Overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause an arbitrary write during SMM.

Severity

4.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Assigner

dell

References

1 reference

URL	Tags
https://www.dell.com/support/kbdoc/000203758

Impacted products

1 product

Vendor	Product	Version
Dell	CPG BIOS	Affected: unspecified , < OptiPlex 7770 All-In-One BIOS (version: 1.14.0) (custom)

Date Public

2022-09-29 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:39:51.191Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/kbdoc/000203758"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-32491",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-15T15:35:52.404046Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-15T15:35:57.917Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "CPG BIOS",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "OptiPlex 7770 All-In-One BIOS (version: 1.14.0)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-09-29T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Dell Client BIOS contains a Buffer Overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause an arbitrary write during SMM."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-12T00:00:00.000Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "url": "https://www.dell.com/support/kbdoc/000203758"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2022-32491",
    "datePublished": "2022-10-12T19:25:40.329Z",
    "dateReserved": "2022-06-06T00:00:00.000Z",
    "dateUpdated": "2025-05-15T15:35:57.917Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-32489 (GCVE-0-2022-32489)

Vulnerability from nvd – Published: 2022-10-12 19:25 – Updated: 2025-05-15 15:38

Summary

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Severity

8.2 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-20 - Improper Input Validation

Assigner

dell

References

1 reference

URL	Tags
https://www.dell.com/support/kbdoc/000203758

Impacted products

1 product

Vendor	Product	Version
Dell	CPG BIOS	Affected: unspecified , < OptiPlex 7770 All-In-One BIOS (custom)

Date Public

2022-09-29 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:39:51.126Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/kbdoc/000203758"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-32489",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-15T15:38:20.450104Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-15T15:38:26.491Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "CPG BIOS",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "OptiPlex 7770 All-In-One BIOS",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-09-29T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-12T00:00:00.000Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "url": "https://www.dell.com/support/kbdoc/000203758"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2022-32489",
    "datePublished": "2022-10-12T19:25:39.321Z",
    "dateReserved": "2022-06-06T00:00:00.000Z",
    "dateUpdated": "2025-05-15T15:38:26.491Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-32488 (GCVE-0-2022-32488)

Vulnerability from nvd – Published: 2022-10-12 19:25 – Updated: 2025-05-15 15:38

Summary

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Severity

8.2 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-20 - Improper Input Validation

Assigner

dell

References

1 reference

URL	Tags
https://www.dell.com/support/kbdoc/000203758

Impacted products

1 product

Vendor	Product	Version
Dell	CPG BIOS	Affected: unspecified , < OptiPlex 7770 All-In-One BIOS (custom)

Date Public

2022-09-29 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:39:51.115Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/kbdoc/000203758"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-32488",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-15T15:38:37.443267Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-15T15:38:42.567Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "CPG BIOS",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "OptiPlex 7770 All-In-One BIOS",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-09-29T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-12T00:00:00.000Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "url": "https://www.dell.com/support/kbdoc/000203758"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2022-32488",
    "datePublished": "2022-10-12T19:25:38.371Z",
    "dateReserved": "2022-06-06T00:00:00.000Z",
    "dateUpdated": "2025-05-15T15:38:42.567Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-32487 (GCVE-0-2022-32487)

Vulnerability from nvd – Published: 2022-10-12 19:25 – Updated: 2025-05-15 17:48

Summary

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-20 - Improper Input Validation

Assigner

dell

References

1 reference

URL	Tags
https://www.dell.com/support/kbdoc/000203758

Impacted products

1 product

Vendor	Product	Version
Dell	CPG BIOS	Affected: unspecified , < 2.3 (custom)

Date Public

2022-09-29 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:39:51.223Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/kbdoc/000203758"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-32487",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-15T17:47:56.433063Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-15T17:48:03.891Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "CPG BIOS",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "2.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-09-29T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-12T00:00:00.000Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "url": "https://www.dell.com/support/kbdoc/000203758"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2022-32487",
    "datePublished": "2022-10-12T19:25:37.340Z",
    "dateReserved": "2022-06-06T00:00:00.000Z",
    "dateUpdated": "2025-05-15T17:48:03.891Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-32485 (GCVE-0-2022-32485)

Vulnerability from nvd – Published: 2022-10-12 19:25 – Updated: 2025-05-16 13:45

Summary

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-20 - Improper Input Validation

Assigner

dell

References

1 reference

URL	Tags
https://www.dell.com/support/kbdoc/000203758

Impacted products

1 product

Vendor	Product	Version
Dell	CPG BIOS	Affected: unspecified , < 2.3 (custom)

Date Public

2022-09-29 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:39:51.090Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/kbdoc/000203758"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-32485",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-16T13:45:19.096877Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-16T13:45:24.559Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "CPG BIOS",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "2.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-09-29T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-12T00:00:00.000Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "url": "https://www.dell.com/support/kbdoc/000203758"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2022-32485",
    "datePublished": "2022-10-12T19:25:36.061Z",
    "dateReserved": "2022-06-06T00:00:00.000Z",
    "dateUpdated": "2025-05-16T13:45:24.559Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-32484 (GCVE-0-2022-32484)

Vulnerability from nvd – Published: 2022-10-12 19:25 – Updated: 2025-05-16 13:45

Summary

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

Severity

5.6 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-20 - Improper Input Validation

Assigner

dell

References

1 reference

URL	Tags
https://www.dell.com/support/kbdoc/000203758

Impacted products

1 product

Vendor	Product	Version
Dell	CPG BIOS	Affected: unspecified , < 2.3 (custom)

Date Public

2022-09-29 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:39:51.232Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/kbdoc/000203758"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-32484",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-16T13:45:34.088986Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-16T13:45:40.604Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "CPG BIOS",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "2.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-09-29T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-12T00:00:00.000Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "url": "https://www.dell.com/support/kbdoc/000203758"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2022-32484",
    "datePublished": "2022-10-12T19:25:35.052Z",
    "dateReserved": "2022-06-06T00:00:00.000Z",
    "dateUpdated": "2025-05-16T13:45:40.604Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-32483 (GCVE-0-2022-32483)

Vulnerability from nvd – Published: 2022-10-12 19:25 – Updated: 2025-05-16 13:41

Summary

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

Severity

5.6 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-20 - Improper Input Validation

Assigner

dell

References

1 reference

URL	Tags
https://www.dell.com/support/kbdoc/000203758

Impacted products

1 product

Vendor	Product	Version
Dell	CPG BIOS	Affected: unspecified , < 2.3.1 (custom)

Date Public

2022-09-29 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:39:51.229Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/kbdoc/000203758"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-32483",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-16T13:41:22.475982Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-16T13:41:28.798Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "CPG BIOS",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "2.3.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-09-29T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-12T00:00:00.000Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "url": "https://www.dell.com/support/kbdoc/000203758"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2022-32483",
    "datePublished": "2022-10-12T19:25:34.041Z",
    "dateReserved": "2022-06-06T00:00:00.000Z",
    "dateUpdated": "2025-05-16T13:41:28.798Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-52541 (GCVE-0-2024-52541)

Vulnerability from cvelistv5 – Published: 2025-02-19 16:46 – Updated: 2025-02-19 17:08

Summary

Dell Client Platform BIOS contains a Weak Authentication vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

Severity

8.2 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-1390 - Weak Authentication

Assigner

dell

References

1 reference

URL	Tags
https://www.dell.com/support/kbdoc/en-us/00025842…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Dell	Dell Client Platform BIOS	Affected: N/A , < 1.34.0 (semver) Affected: N/A , < 1.28.0 (semver) Affected: N/A , < 1.21.0 (semver) Affected: N/A , < 1.8.0 (semver) Affected: N/A , < 1.9.0 (semver) Affected: N/A , < 1.17.0 (semver) Affected: N/A , < 1.7.0 (semver) Affected: N/A , < 1.26.0 (semver) Affected: N/A , < 1.20.0 (semver) Affected: N/A , < 1.31.1 (semver) Affected: N/A , < 1.30.0 (semver) Affected: N/A , < 1.29.0 (semver) Affected: N/A , < 1.32.0 (semver) Affected: N/A , < 1.21.1 (semver) Affected: N/A , < 1.25.1 (semver) Affected: N/A , < 1.33.0 (semver) Affected: N/A , < 1.31.0 (semver) Affected: N/A , < 2.31.0 (semver) Affected: N/A , < 2.39.0 (semver) Affected: N/A , < 2.43.0 (semver) Affected: N/A , < 1.27.0 (semver) Affected: N/A , < 1.22.0 (semver) Affected: N/A , < 1.18.0 (semver) Affected: N/A , < 2.30.0 (semver) Affected: N/A , < 1.24.0 (semver) Affected: N/A , < 1.25.0 (semver) Affected: N/A , < 1.10.0 (semver) Affected: N/A , < 1.14.0 (semver) Affected: N/A , < 1.6.1 (semver) Affected: N/A , < 1.15.1 (semver) Affected: N/A , < 1.36.1 (semver) Affected: N/A , < 1.33.1 (semver) Affected: N/A , < 1.48.0 (semver) Affected: N/A , < 1.37.0 (semver) Affected: N/A , < 1.27.1 (semver) Affected: N/A , < 1.26.1 (semver) Affected: N/A , < 1.16.0 (semver) Affected: N/A , < 1.35.1 (semver) Affected: N/A , < 1.32.1 (semver) Affected: N/A , < 1.38.0 (semver) Affected: N/A , < 1.40.0 (semver) Affected: N/A , < 1.35.0 (semver) Affected: N/A , < 1.36.0 (semver) Affected: N/A , < 1.41.0 (semver) Affected: N/A , < 1.31.2 (semver) Affected: N/A , < 1.18.1 (semver) Affected: N/A , < 1.39.0 (semver) Affected: N/A , < 1.53.0 (semver) Affected: N/A , < 1.19.1 (semver) Affected: N/A , < 1.38.1 (semver) Affected: N/A , < 1.7.1 (semver) Affected: N/A , < 1.8.1 (semver) Affected: N/A , < 1.23.0 (semver) Affected: N/A , < 1.34.1 (semver) Affected: N/A , < 1.23.2 (semver) Affected: N/A , < 1.30.1 (semver) Affected: N/A , < 2.28.1 (semver) Affected: N/A , < 2.22.1 (semver) Affected: N/A , < 1.28.1 (semver) Affected: N/A , < 1.1.44 (semver) Affected: N/A , < 3.10.0 (semver) Affected: N/A , < 1.6.0 (semver) Affected: N/A , < 2.33.0 (semver) Affected: N/A , < 2.20.0 (semver) Affected: N/A , < 2.34.0 (semver) Affected: N/A , < 1.15.0 (semver) Affected: N/A , < 1.34.8 (semver) Affected: N/A , < 1.9.1 (semver) Affected: N/A , < 2.6.1 (semver) Affected: N/A , < 01.11.02 (semver) Affected: N/A , < 2.31.1 (semver) Affected: N/A , < 3.27.1 (semver) Affected: N/A , < 2.29.1 (semver) Affected: N/A , < 2.18.1 (semver) Affected: N/A , < 1.13.0 (semver) Affected: N/A , < 1.11.0 (semver) Affected: N/A , < 1.11.1 (semver) Affected: N/A , < 2.24.1 (semver)

Date Public

2025-02-17 06:30

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-52541",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-19T17:07:39.827843Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-19T17:08:48.094Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Alienware m15 R6",
            "Alienware m15 R7",
            "Alienware m16 R1",
            "Alienware m16 R2",
            "Alienware M18 R2",
            "Alienware x14 R2",
            "Alienware X16 R2",
            "ChengMing 3900",
            "ChengMing 3910/3911",
            "ChengMing 3990",
            "Dell Edge Gateway 5000",
            "Dell G15 5510",
            "Dell G15 5511",
            "Dell G15 5530",
            "Dell G5 5000",
            "Dell Precision 3430 Tower",
            "Dell Precision 3431 Tower",
            "Dell Precision 3630 Tower",
            "Dell Precision 5820 Tower",
            "Dell Precision 7820 Tower",
            "Embedded Box PC 5000",
            "Inspiron 13 5320",
            "Inspiron 13 5330",
            "Inspiron 14\u00a0 5410/5418",
            "Inspiron 14 5420",
            "Inspiron 14 Plus 7420",
            "Inspiron 14 Plus 7440",
            "Inspiron 15 3530",
            "Inspiron 16 5640",
            "Inspiron 24 5420 All-in-One",
            "Inspiron 5301",
            "Inspiron 5400/5401",
            "Latitude 12 Rugged Extreme 7214",
            "Latitude 3190",
            "Latitude 3310",
            "Latitude 3310 2-In-1",
            "Latitude 3340",
            "Latitude 3400",
            "Latitude 3410",
            "Latitude 3420",
            "Latitude 5320",
            "Latitude 5400",
            "Latitude 5401",
            "Latitude 5420",
            "Latitude 5430 Rugged Laptop",
            "Latitude 5440",
            "Latitude 5480",
            "Latitude 7212 Rugged Extreme Tablet",
            "Latitude 7230 Rugged Extreme",
            "Latitude 7320",
            "Latitude 7350 Detachable",
            "Latitude 7450",
            "Latitude 9330",
            "Latitude 9420",
            "OptiPlex 3000 Thin Client",
            "OptiPlex 3070",
            "OptiPlex 3080",
            "OptiPlex 3090",
            "OptiPlex 5080",
            "OptiPlex 5400 All-In-One",
            "Precision 3260 XE Compact / Precision 3260 Compact",
            "Precision 3280 CFF",
            "Precision 3420 Tower",
            "Precision 3660",
            "Precision 3930 Rack",
            "Precision 5480",
            "Precision 5530 2-In-1",
            "Precision 5690",
            "Precision 5860 Tower",
            "Precision 7875 Tower",
            "Vostro 3681",
            "XPS 13 9310",
            "XPS 13 9310 2-in-1",
            "XPS 13 Plus 9320",
            "XPS 13 9340",
            "XPS 14 9440",
            "XPS 16 9640",
            "XPS 8940"
          ],
          "product": "Dell Client Platform BIOS",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.34.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.28.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.21.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.8.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.9.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.17.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.7.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.26.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.20.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.31.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.30.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.29.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.32.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.21.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.25.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.33.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.31.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.31.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.39.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.43.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.27.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.22.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.18.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.30.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.24.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.25.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.10.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.14.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.6.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.15.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.36.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.33.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.48.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.37.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.27.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.26.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.16.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.35.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.32.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.38.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.40.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.35.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.36.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.41.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.31.2",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.18.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.39.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.53.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.19.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.38.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.7.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.8.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.23.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.34.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.23.2",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.30.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.28.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.22.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.28.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.1.44",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "3.10.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.6.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.33.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.20.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.34.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.15.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.34.8",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.9.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.6.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "01.11.02",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.31.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "3.27.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.29.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.18.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.13.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.11.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.11.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.24.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-02-17T06:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Dell Client Platform BIOS contains a Weak Authentication vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.\u003cbr\u003e"
            }
          ],
          "value": "Dell Client Platform BIOS contains a Weak Authentication vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1390",
              "description": "CWE-1390: Weak Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-19T16:46:22.803Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000258429/dsa-2025-021"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2024-52541",
    "datePublished": "2025-02-19T16:46:22.803Z",
    "dateReserved": "2024-11-12T06:04:07.776Z",
    "dateUpdated": "2025-02-19T17:08:48.094Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-47238 (GCVE-0-2024-47238)

Vulnerability from cvelistv5 – Published: 2024-12-12 17:38 – Updated: 2024-12-12 19:00

Summary

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-20 - Improper Input Validation

Assigner

dell

References

1 reference

URL	Tags
https://www.dell.com/support/kbdoc/en-us/00022759…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Dell	Dell Client Platform BIOS	Affected: N/A , < 1.29.0 (semver) Affected: N/A , < 1.19.0 (semver) Affected: N/A , < 1.25.0 (semver)

Date Public

2024-12-11 18:30

Credits

Dell Technologies would like to thank Eclypsium for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-47238",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-12T19:00:41.886434Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-12T19:00:54.508Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Dell Client Platform BIOS",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.29.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.19.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.25.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Dell Technologies would like to thank Eclypsium for reporting this issue."
        }
      ],
      "datePublic": "2024-12-11T18:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution."
            }
          ],
          "value": "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-12T17:38:19.407Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000227595/dsa-2024-355"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2024-47238",
    "datePublished": "2024-12-12T17:38:19.407Z",
    "dateReserved": "2024-09-23T05:36:07.682Z",
    "dateUpdated": "2024-12-12T19:00:54.508Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-0158 (GCVE-0-2024-0158)

Vulnerability from cvelistv5 – Published: 2024-07-02 06:20 – Updated: 2024-08-01 17:41

Summary

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability to modify a UEFI variable, leading to denial of service and escalation of privileges

Severity

5.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-20 - Improper Input Validation

Assigner

dell

References

1 reference

URL	Tags
https://www.dell.com/support/kbdoc/en-in/00022014…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Dell	CPG BIOS	Affected: N/A , < 1.28.0 (semver) Affected: N/A , < 1.23.0 (semver) Affected: N/A , < 1.15.0 (semver) Affected: N/A , < 1.2.1 (semver) Affected: N/A , < 1.12.1 (semver) Affected: N/A , < 1.2.0 (semver) Affected: N/A , < 1.20.0 (semver) Affected: N/A , < 1.12.0 (semver) Affected: N/A , < 1.26.0 (semver) Affected: N/A , < 1.27.0 (semver) Affected: N/A , < 1.13.0 (semver) Affected: N/A , < 1.29.0 (semver) Affected: N/A , < 1.19.0 (semver) Affected: N/A , < 1.25.0 (semver) Affected: N/A , < 1.31.0 (semver) Affected: N/A , < 2.27.0 (semver) Affected: N/A , < 2.35.0 (semver) Affected: N/A , < 2.39.0 (semver) Affected: N/A , < 1.17.0 (semver) Affected: N/A , < 1.24.0 (semver) Affected: N/A , < 2.26.0 (semver) Affected: N/A , < 1.13.1 (semver) Affected: N/A , < 2.25.0 (semver) Affected: N/A , < 1.3.1 (semver) Affected: N/A , < 1.18.0 (semver) Affected: N/A , < 1.21.0 (semver) Affected: N/A , < 1.22.0 (semver) Affected: N/A , < 1.9.0 (semver) Affected: N/A , < 1.3.0 (semver) Affected: N/A , < 1.30.0 (semver) Affected: N/A , < 1.32.0 (semver) Affected: N/A , < 1.29..0 (semver) Affected: N/A , < 1.45.0 (semver) Affected: N/A , < 1.33.0 (semver) Affected: N/A , < 1.11.0 (semver) Affected: N/A , < 1.35.0 (semver) Affected: N/A , < 1.34.0 (semver) Affected: N/A , < 1.36.0 (semver) Affected: N/A , < 1.36.2 (semver) Affected: N/A , < 1.25.1 (semver) Affected: N/A , < 1.21.1 (semver) Affected: N/A , < 1.4.1 (semver) Affected: N/A , < 1.49.0 (semver) Affected: N/A , < 1.37.0 (semver) Affected: N/A , < 1.34.2 (semver) Affected: N/A , < 1.30.1 (semver) Affected: N/A , < 1.16.1 (semver) Affected: N/A , < 2.24.0 (semver) Affected: N/A , < 2.18.0 (semver) Affected: N/A , < 1.1.38 (semver) Affected: N/A , < 3.3.2 (semver) Affected: N/A , < 2.29.0 (semver) Affected: N/A , < 2.12.0 (semver) Affected: N/A , < 2.30.0 (semver) Affected: N/A , < 1.30.8 (semver) Affected: N/A , < 1.10.0 (semver) Affected: N/A , < 1.26.1 (semver) Affected: N/A , < 1.1.17 (semver) Affected: N/A , < 1.20.1 (semver) Affected: N/A , < 1.7.0 (semver) Affected: N/A , < 01.03.00 (semver) Affected: N/A , < 1.1.16 (semver) Affected: N/A , < 3.21.0 (semver) Affected: N/A , < 2.23.0 (semver) Affected: N/A , < 1.19.1 (semver) Affected: N/A , < 2.10.0 (semver) Affected: N/A , < 2.18.1 (semver) Affected: N/A , < 1.14.0 (semver)

Date Public

2024-03-12 06:30

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-0158",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-02T14:21:02.955425Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-02T14:21:13.009Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T17:41:16.039Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/kbdoc/en-in/000220141/dsa-2024-030-security-update-for-dell-client-bios-for-an-improper-input-validation-vulnerability"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CPG BIOS",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.28.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.23.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.15.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.2.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.12.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.2.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.20.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.12.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.26.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.27.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.13.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.29.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.19.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.25.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.31.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.27.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.35.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.39.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.17.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.24.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.26.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.13.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.25.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.3.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.18.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.21.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.22.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.9.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.3.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.30.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.32.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.29..0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.45.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.33.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.11.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.35.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.34.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.36.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.36.2",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.25.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.21.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.4.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.49.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.37.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.34.2",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.30.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.16.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.24.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.18.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.1.38",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "3.3.2",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.29.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.12.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.30.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.30.8",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.10.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.26.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.1.17",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.20.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.7.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "01.03.00",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.1.16",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "3.21.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.23.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.19.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.10.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.18.1",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.14.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-03-12T06:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability to modify a UEFI variable, leading to denial of service and escalation of privileges"
            }
          ],
          "value": "Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability to modify a UEFI variable, leading to denial of service and escalation of privileges"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-02T06:20:44.735Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-in/000220141/dsa-2024-030-security-update-for-dell-client-bios-for-an-improper-input-validation-vulnerability"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2024-0158",
    "datePublished": "2024-07-02T06:20:44.735Z",
    "dateReserved": "2023-12-14T05:30:35.591Z",
    "dateUpdated": "2024-08-01T17:41:16.039Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-22429 (GCVE-0-2024-22429)

Vulnerability from cvelistv5 – Published: 2024-05-17 15:20 – Updated: 2024-08-01 22:43

Summary

Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-20 - Improper Input Validation

Assigner

dell

References

1 reference

URL	Tags
https://www.dell.com/support/kbdoc/en-us/00022110…	vendor-advisory

Impacted products

16 products

Vendor	Product	Version
Dell	CPG BIOS	Affected: N/A , < 2.36.0 (semver) Affected: N/A , < 1.18.0 (semver) Affected: N/A , < 1.46.0 (semver) Affected: N/A , < 1.27.0 (semver) Affected: N/A , < 1.29.0 (semver) Affected: N/A , < 1.28.0 (semver) Affected: N/A , < 1.31.0 (semver) Affected: N/A , < 1.32.0 (semver) Affected: N/A , < 1.50.0 (semver) Affected: N/A , < 2.30.0 (semver)
dell	edge_gateway_3000_firmware	Affected: 0 , < 1.18.0 (semver) cpe:2.3:o:dell:edge_gateway_3000_firmware:-:::::::*
dell	latitude_13_3380	Affected: 0 , < 1.27.0 (semver) cpe:2.3:h:dell:latitude_13_3380:-:::::::*
dell	latitude_3180_firmware	Affected: 0 , < 1.29.0 (semver) cpe:2.3:o:dell:latitude_3180_firmware:-:::::::*
dell	latitude_3189_firmware	Affected: 0 , < 1.29.0 (semver) cpe:2.3:o:dell:latitude_3189_firmware:-:::::::*
dell	latitude_3390_2-in-1	Affected: 0 , < 1.31.0 (semver) cpe:2.3:h:dell:latitude_3390_2-in-1:-:::::::*
dell	latitude_5414_firmware	Affected: 0 , < 1.46.0 (semver) cpe:2.3:o:dell:latitude_5414_firmware:-:::::::*
dell	latitude_5424_firmware	Affected: 0 , < 1.32.0 (semver) cpe:2.3:a:dell:latitude_5424_firmware::::::::
dell	latitude_7414_rugged_extreme_firmware	Affected: 0 , < 1.46.0 (semver) cpe:2.3:o:dell:latitude_7414_rugged_extreme_firmware:-:::::::*
dell	precision_3420_tower	Affected: 0 , < 2.30.0 (semver) cpe:2.3:h:dell:precision_3420_tower:-:::::::*
dell	precision_3620_tower	Affected: 0 , < 2.30.0 (semver) cpe:2.3:h:dell:precision_3620_tower:-:::::::*
dell	latitude_5280_firmware	Affected: 0 , < 2.36.0 (semver) cpe:2.3:o:dell:latitude_5280_firmware:-:::::::*
dell	latitude_12_rugged_extreme_7214_firmware	Affected: 0 , < 1.46.0 (semver) cpe:2.3:o:dell:latitude_12_rugged_extreme_7214_firmware:-:::::::*
dell	latitude_3300_firmware	Affected: 0 , < 1.28.0 (semver) cpe:2.3:o:dell:latitude_3300_firmware:-:::::::*
dell	latitude_7212_rugged_extreme_tablet_firmware	Affected: 0 , < 1.50.0 (semver) cpe:2.3:a:dell:latitude_7212_rugged_extreme_tablet_firmware::::::::
dell	wyse_5070	Affected: 0 , < 1.31.0 (semver) cpe:2.3:h:dell:wyse_5070:-:::::::*

Date Public

2024-05-14 06:30

Credits

Dell would like to thank schur of BUPT, Dubhe Lab for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:dell:edge_gateway_3000_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "edge_gateway_3000_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.18.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:dell:latitude_13_3380:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "latitude_13_3380",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.27.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:latitude_3180_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "latitude_3180_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.29.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:latitude_3189_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "latitude_3189_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.29.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:dell:latitude_3390_2-in-1:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "latitude_3390_2-in-1",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.31.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:latitude_5414_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "latitude_5414_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.46.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:dell:latitude_5424_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "latitude_5424_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.32.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:latitude_7414_rugged_extreme_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "latitude_7414_rugged_extreme_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.46.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:dell:precision_3420_tower:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "precision_3420_tower",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "2.30.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:dell:precision_3620_tower:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "precision_3620_tower",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "2.30.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:latitude_5280_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "latitude_5280_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "2.36.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:latitude_12_rugged_extreme_7214_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "latitude_12_rugged_extreme_7214_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.46.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:latitude_3300_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "latitude_3300_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.28.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:dell:latitude_7212_rugged_extreme_tablet_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "latitude_7212_rugged_extreme_tablet_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.50.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:dell:wyse_5070:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "wyse_5070",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.31.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-22429",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-21T13:54:51.026876Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-06T14:03:23.200Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:43:35.008Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/kbdoc/en-us/000221102/dsa-2024-020"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CPG BIOS",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "2.36.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.18.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.46.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.27.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.29.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.28.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.31.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.32.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.50.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "2.30.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Dell would like to thank schur of BUPT, Dubhe Lab for reporting this issue."
        }
      ],
      "datePublic": "2024-05-14T06:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution."
            }
          ],
          "value": "Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-17T15:20:16.147Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000221102/dsa-2024-020"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2024-22429",
    "datePublished": "2024-05-17T15:20:16.147Z",
    "dateReserved": "2024-01-10T15:23:01.337Z",
    "dateUpdated": "2024-08-01T22:43:35.008Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-28075 (GCVE-0-2023-28075)

Vulnerability from cvelistv5 – Published: 2023-08-16 19:15 – Updated: 2024-10-08 19:02

Summary

Dell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS. A local authenticated malicious user with physical access to the system could potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI in order to gain arbitrary code execution on the system.

Severity

6.9 (Medium)


                        
                          CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

Assigner

dell

References

1 reference

URL	Tags
https://www.dell.com/support/kbdoc/en-us/00021281…	vendor-advisory

Impacted products

2 products

Vendor	Product	Version
Dell	CPG BIOS	Affected: All Versions
dell	cpg_bios	Affected: 0 , < * (custom) cpe:2.3:o:dell:cpg_bios::::::::

Date Public

2023-08-08 06:30

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:30:23.618Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/kbdoc/en-us/000212817/dsa-2023-152-security-update-for-a-dell-client-bios-vulnerability"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:dell:cpg_bios:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "cpg_bios",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-28075",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-08T19:01:58.435016Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-08T19:02:39.400Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CPG BIOS",
          "vendor": "Dell",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions"
            }
          ]
        }
      ],
      "datePublic": "2023-08-08T06:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS. A local authenticated malicious user with physical access to the system could potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI in order to gain arbitrary code execution on the system.\u003c/span\u003e\n\n"
            }
          ],
          "value": "\nDell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS. A local authenticated malicious user with physical access to the system could potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI in order to gain arbitrary code execution on the system.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-367",
              "description": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-16T19:15:41.959Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000212817/dsa-2023-152-security-update-for-a-dell-client-bios-vulnerability"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2023-28075",
    "datePublished": "2023-08-16T19:15:41.959Z",
    "dateReserved": "2023-03-10T05:07:55.141Z",
    "dateUpdated": "2024-10-08T19:02:39.400Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-24571 (GCVE-0-2023-24571)

Vulnerability from cvelistv5 – Published: 2023-03-16 09:55 – Updated: 2025-02-26 18:59

Summary

Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with administrator privileges could potentially exploit this vulnerability to perform arbitrary code execution.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-20 - Improper Input Validation

Assigner

dell

References

1 reference

URL	Tags
https://www.dell.com/support/kbdoc/en-us/00021095…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Dell	Embedded Box PC 3000 , CPG BIOS	Affected: All BIOS Versions

Date Public

2023-03-15 06:30

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:03:18.832Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/kbdoc/en-us/000210955/dsa-2023-046"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-24571",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-26T16:13:13.231228Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-26T18:59:02.354Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Embedded Box PC 3000 , CPG BIOS",
          "vendor": "Dell",
          "versions": [
            {
              "status": "affected",
              "version": "All BIOS Versions"
            }
          ]
        }
      ],
      "datePublic": "2023-03-15T06:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with administrator privileges could potentially exploit this vulnerability to perform arbitrary code execution.\u003c/span\u003e\n\n"
            }
          ],
          "value": "\nDell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with administrator privileges could potentially exploit this vulnerability to perform arbitrary code execution.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-16T09:55:59.328Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000210955/dsa-2023-046"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2023-24571",
    "datePublished": "2023-03-16T09:55:59.328Z",
    "dateReserved": "2023-01-26T16:27:33.568Z",
    "dateUpdated": "2025-02-26T18:59:02.354Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-34398 (GCVE-0-2022-34398)

Vulnerability from cvelistv5 – Published: 2023-02-01 05:28 – Updated: 2025-03-26 18:53

Summary

Dell BIOS contains a Time-of-check Time-of-use vulnerability. A local authenticated malicious user could\u00a0potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI to gain arbitrary code execution on the system.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

Assigner

dell

References

1 reference

URL	Tags
https://www.dell.com/support/kbdoc/000206038	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Dell	CPG BIOS	Affected: 0 , ≤ 2.15.0 (custom)

Date Public

2022-12-20 17:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T09:07:16.315Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/kbdoc/000206038"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-34398",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-26T18:53:35.851149Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-26T18:53:45.169Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CPG BIOS",
          "vendor": "Dell",
          "versions": [
            {
              "lessThanOrEqual": "2.15.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-12-20T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cdiv\u003e\u003cdiv\u003eDell BIOS contains a Time-of-check Time-of-use vulnerability. A local authenticated malicious user could\\u00a0potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI to gain arbitrary code execution on the system.\u003c/div\u003e\u003c/div\u003e\n\n"
            }
          ],
          "value": "\nDell BIOS contains a Time-of-check Time-of-use vulnerability. A local authenticated malicious user could\\u00a0potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI to gain arbitrary code execution on the system.\n\n\n\n\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-367",
              "description": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-01T05:28:00.739Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/000206038"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2022-34398",
    "datePublished": "2023-02-01T05:28:00.739Z",
    "dateReserved": "2022-06-23T18:55:17.097Z",
    "dateUpdated": "2025-03-26T18:53:45.169Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-32490 (GCVE-0-2022-32490)

Vulnerability from cvelistv5 – Published: 2023-01-18 05:59 – Updated: 2025-04-03 19:43

Summary

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-20 - Improper Input Validation

Assigner

dell

References

1 reference

URL	Tags
https://www.dell.com/support/kbdoc/000204685

Impacted products

1 product

Vendor	Product	Version
Dell	BIOS	Affected: 1.8

Date Public

2022-11-02 16:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:39:51.069Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/kbdoc/000204685"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-32490",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-02T16:21:20.916599Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-03T19:43:07.139Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "BIOS",
          "vendor": "Dell",
          "versions": [
            {
              "status": "affected",
              "version": "1.8"
            }
          ]
        }
      ],
      "datePublic": "2022-11-02T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cdiv\u003e\u003cdiv\u003eDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.\u003c/div\u003e\u003c/div\u003e\n\n"
            }
          ],
          "value": "\nDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.\n\n\n\n\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-18T05:59:52.888Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "url": "https://www.dell.com/support/kbdoc/000204685"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2022-32490",
    "datePublished": "2023-01-18T05:59:52.888Z",
    "dateReserved": "2022-06-06T17:44:58.338Z",
    "dateUpdated": "2025-04-03T19:43:07.139Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-32493 (GCVE-0-2022-32493)

Vulnerability from cvelistv5 – Published: 2022-10-12 19:25 – Updated: 2025-05-15 15:35

Summary

Dell BIOS contains an Stack-Based Buffer Overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Severity

6 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-121 - Stack-based Buffer Overflow

Assigner

dell

References

1 reference

URL	Tags
https://www.dell.com/support/kbdoc/000203758

Impacted products

1 product

Vendor	Product	Version
Dell	CPG BIOS	Affected: unspecified , < XPS 8940 BIOS (version: 2.5.1) (custom)

Date Public

2022-09-29 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:46:43.477Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/kbdoc/000203758"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-32493",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-15T15:35:30.235216Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-15T15:35:38.338Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "CPG BIOS",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "XPS 8940 BIOS (version: 2.5.1)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-09-29T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Dell BIOS contains an Stack-Based Buffer Overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-12T00:00:00.000Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "url": "https://www.dell.com/support/kbdoc/000203758"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2022-32493",
    "datePublished": "2022-10-12T19:25:41.419Z",
    "dateReserved": "2022-06-06T00:00:00.000Z",
    "dateUpdated": "2025-05-15T15:35:38.338Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-32491 (GCVE-0-2022-32491)

Vulnerability from cvelistv5 – Published: 2022-10-12 19:25 – Updated: 2025-05-15 15:35

Summary

Dell Client BIOS contains a Buffer Overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause an arbitrary write during SMM.

Severity

4.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Assigner

dell

References

1 reference

URL	Tags
https://www.dell.com/support/kbdoc/000203758

Impacted products

1 product

Vendor	Product	Version
Dell	CPG BIOS	Affected: unspecified , < OptiPlex 7770 All-In-One BIOS (version: 1.14.0) (custom)

Date Public

2022-09-29 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:39:51.191Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/kbdoc/000203758"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-32491",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-15T15:35:52.404046Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-15T15:35:57.917Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "CPG BIOS",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "OptiPlex 7770 All-In-One BIOS (version: 1.14.0)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-09-29T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Dell Client BIOS contains a Buffer Overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause an arbitrary write during SMM."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-12T00:00:00.000Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "url": "https://www.dell.com/support/kbdoc/000203758"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2022-32491",
    "datePublished": "2022-10-12T19:25:40.329Z",
    "dateReserved": "2022-06-06T00:00:00.000Z",
    "dateUpdated": "2025-05-15T15:35:57.917Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-32489 (GCVE-0-2022-32489)

Vulnerability from cvelistv5 – Published: 2022-10-12 19:25 – Updated: 2025-05-15 15:38

Summary

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Severity

8.2 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-20 - Improper Input Validation

Assigner

dell

References

1 reference

URL	Tags
https://www.dell.com/support/kbdoc/000203758

Impacted products

1 product

Vendor	Product	Version
Dell	CPG BIOS	Affected: unspecified , < OptiPlex 7770 All-In-One BIOS (custom)

Date Public

2022-09-29 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:39:51.126Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/kbdoc/000203758"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-32489",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-15T15:38:20.450104Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-15T15:38:26.491Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "CPG BIOS",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "OptiPlex 7770 All-In-One BIOS",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-09-29T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-12T00:00:00.000Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "url": "https://www.dell.com/support/kbdoc/000203758"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2022-32489",
    "datePublished": "2022-10-12T19:25:39.321Z",
    "dateReserved": "2022-06-06T00:00:00.000Z",
    "dateUpdated": "2025-05-15T15:38:26.491Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-32488 (GCVE-0-2022-32488)

Vulnerability from cvelistv5 – Published: 2022-10-12 19:25 – Updated: 2025-05-15 15:38

Summary

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Severity

8.2 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-20 - Improper Input Validation

Assigner

dell

References

1 reference

URL	Tags
https://www.dell.com/support/kbdoc/000203758

Impacted products

1 product

Vendor	Product	Version
Dell	CPG BIOS	Affected: unspecified , < OptiPlex 7770 All-In-One BIOS (custom)

Date Public

2022-09-29 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:39:51.115Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/kbdoc/000203758"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-32488",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-15T15:38:37.443267Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-15T15:38:42.567Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "CPG BIOS",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "OptiPlex 7770 All-In-One BIOS",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-09-29T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-12T00:00:00.000Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "url": "https://www.dell.com/support/kbdoc/000203758"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2022-32488",
    "datePublished": "2022-10-12T19:25:38.371Z",
    "dateReserved": "2022-06-06T00:00:00.000Z",
    "dateUpdated": "2025-05-15T15:38:42.567Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-32487 (GCVE-0-2022-32487)

Vulnerability from cvelistv5 – Published: 2022-10-12 19:25 – Updated: 2025-05-15 17:48

Summary

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-20 - Improper Input Validation

Assigner

dell

References

1 reference

URL	Tags
https://www.dell.com/support/kbdoc/000203758

Impacted products

1 product

Vendor	Product	Version
Dell	CPG BIOS	Affected: unspecified , < 2.3 (custom)

Date Public

2022-09-29 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:39:51.223Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/kbdoc/000203758"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-32487",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-15T17:47:56.433063Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-15T17:48:03.891Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "CPG BIOS",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "2.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-09-29T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-12T00:00:00.000Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "url": "https://www.dell.com/support/kbdoc/000203758"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2022-32487",
    "datePublished": "2022-10-12T19:25:37.340Z",
    "dateReserved": "2022-06-06T00:00:00.000Z",
    "dateUpdated": "2025-05-15T17:48:03.891Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-32485 (GCVE-0-2022-32485)

Vulnerability from cvelistv5 – Published: 2022-10-12 19:25 – Updated: 2025-05-16 13:45

Summary

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-20 - Improper Input Validation

Assigner

dell

References

1 reference

URL	Tags
https://www.dell.com/support/kbdoc/000203758

Impacted products

1 product

Vendor	Product	Version
Dell	CPG BIOS	Affected: unspecified , < 2.3 (custom)

Date Public

2022-09-29 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:39:51.090Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/kbdoc/000203758"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-32485",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-16T13:45:19.096877Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-16T13:45:24.559Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "CPG BIOS",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "2.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-09-29T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-12T00:00:00.000Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "url": "https://www.dell.com/support/kbdoc/000203758"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2022-32485",
    "datePublished": "2022-10-12T19:25:36.061Z",
    "dateReserved": "2022-06-06T00:00:00.000Z",
    "dateUpdated": "2025-05-16T13:45:24.559Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Find a vulnerability

Search criteria

50 vulnerabilities found for embedded_box_pc_3000_firmware by dell

CVE-2024-52541 (GCVE-0-2024-52541)

CVE-2024-47238 (GCVE-0-2024-47238)

CVE-2024-0158 (GCVE-0-2024-0158)

CVE-2024-22429 (GCVE-0-2024-22429)

CVE-2023-28075 (GCVE-0-2023-28075)

CVE-2023-24571 (GCVE-0-2023-24571)

CVE-2022-34398 (GCVE-0-2022-34398)

CVE-2022-32490 (GCVE-0-2022-32490)

CVE-2022-32493 (GCVE-0-2022-32493)

CVE-2022-32491 (GCVE-0-2022-32491)

CVE-2022-32489 (GCVE-0-2022-32489)

CVE-2022-32488 (GCVE-0-2022-32488)

CVE-2022-32487 (GCVE-0-2022-32487)

CVE-2022-32485 (GCVE-0-2022-32485)

CVE-2022-32484 (GCVE-0-2022-32484)

CVE-2022-32483 (GCVE-0-2022-32483)

CVE-2024-52541 (GCVE-0-2024-52541)

CVE-2024-47238 (GCVE-0-2024-47238)

CVE-2024-0158 (GCVE-0-2024-0158)

CVE-2024-22429 (GCVE-0-2024-22429)

CVE-2023-28075 (GCVE-0-2023-28075)

CVE-2023-24571 (GCVE-0-2023-24571)

CVE-2022-34398 (GCVE-0-2022-34398)

CVE-2022-32490 (GCVE-0-2022-32490)

CVE-2022-32493 (GCVE-0-2022-32493)

CVE-2022-32491 (GCVE-0-2022-32491)

CVE-2022-32489 (GCVE-0-2022-32489)

CVE-2022-32488 (GCVE-0-2022-32488)

CVE-2022-32487 (GCVE-0-2022-32487)

CVE-2022-32485 (GCVE-0-2022-32485)