FKIE_CVE-2022-22558
Vulnerability from fkie_nvd - Published: 2022-04-21 21:15 - Updated: 2024-11-21 06:47
Severity
5.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H
6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Summary
Dell PowerEdge Server BIOS and Dell Precision Workstation 7910 and 7920 Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A Local High Privileged attacker could potentially exploit this vulnerability leading to arbitrary writes or denial of service.
References
| URL | Tags | ||
|---|---|---|---|
| security_alert@emc.com | https://www.dell.com/support/kbdoc/000197971 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dell.com/support/kbdoc/000197971 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | r6415_firmware | * | |
| dell | r6415 | - | |
| dell | r7415_firmware | * | |
| dell | r7415 | - | |
| dell | r7425_firmware | * | |
| dell | r7425 | - | |
| dell | r730_firmware | * | |
| dell | r730 | - | |
| dell | r730xd_firmware | * | |
| dell | r730xd | - | |
| dell | r630_firmware | * | |
| dell | r630 | - | |
| dell | c4130_firmware | * | |
| dell | c4130 | - | |
| dell | m630_firmware | * | |
| dell | m630 | - | |
| dell | m630p_firmware | * | |
| dell | m630p | - | |
| dell | fc630_firmware | * | |
| dell | fc630 | - | |
| dell | fc430_firmware | * | |
| dell | fc430 | - | |
| dell | m830_firmware | * | |
| dell | m830 | - | |
| dell | m830p_firmware | * | |
| dell | m830p | - | |
| dell | fc830_firmware | * | |
| dell | fc830 | - | |
| dell | t630_firmware | * | |
| dell | t630 | - | |
| dell | r530_firmware | * | |
| dell | r530 | - | |
| dell | r430_firmware | * | |
| dell | r430 | - | |
| dell | t430_firmware | * | |
| dell | t430 | - | |
| dell | r830_firmware | * | |
| dell | r830 | - | |
| dell | c6320_firmware | * | |
| dell | c6320 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:r6415_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E35A4C62-2C8B-4CB8-AE55-70EB68B0A38A",
"versionEndExcluding": "1.18.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:r6415:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89C134A5-019D-4041-A8F2-F9B6030DF5D3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:r7415_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06C7EC3F-103B-4373-8F66-C247996866D7",
"versionEndExcluding": "1.18.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:r7415:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80CA12AA-1174-498D-915E-FAB3DCD2A896",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:r7425_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3A3D62E-A55B-4542-A8F8-A7FDF06DB0D9",
"versionEndExcluding": "1.18.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:r7425:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50F780EA-F44B-4E20-B806-B613FCC8F99A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:r730_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B35165E-8DD1-460D-9EC5-D8D7B465C29B",
"versionEndExcluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:r730:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D89A83E-B0BB-49E9-8C30-588EFF5636A8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:r730xd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2114939-BF66-4BA5-B1FB-DD3074189645",
"versionEndExcluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:r730xd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "794C69E0-EB43-449B-863E-8C731B33B052",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:r630_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A7E331C-D80B-466D-92FF-718B4BDB9FFE",
"versionEndExcluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:r630:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B929203-6695-4005-9874-D0C981D3C3CD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:c4130_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57EC4054-8664-41D2-9C3F-D66217C1E578",
"versionEndExcluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:c4130:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58207D1D-AEAB-4D1D-B6BA-9E934E374E52",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:m630_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C825111-BCCE-431D-9319-4EA6E32AE67E",
"versionEndExcluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:m630:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8CF1B153-2325-4EA7-97CA-5C2A2B4792A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:m630p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FC951A2-0801-4344-8DE6-052CD72FEFED",
"versionEndExcluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:m630p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD4FD947-F2DB-4D89-A0F3-15E686608D9C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:fc630_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6F83417-293C-476D-AB83-F2C5ABE7033E",
"versionEndExcluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:fc630:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58516F75-929B-48B1-80E0-E5764B851B72",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:fc430_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4A4D988-B008-4A29-8FD0-C21C4F3F7CEB",
"versionEndExcluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:fc430:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9BD2EC34-DE95-41F1-9BC1-570D156556C5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:m830_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA6EB42E-CE29-43A3-A953-34794DF39C06",
"versionEndExcluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:m830:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C9AA8E2-0F89-47F3-ADFC-0D065A9C29CE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:m830p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B15E4A7C-86AC-46A1-8B8C-6B54AD80A64F",
"versionEndExcluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:m830p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91A26ADE-ADBB-4325-8229-4EABACA9CFCC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:fc830_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16AF810F-C55C-4638-9EC3-E458AB09CAF1",
"versionEndExcluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:fc830:-:*:*:*:*:*:*:*",
"matchCriteriaId": "590795FD-E8E7-4170-8576-1E9AFA066750",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:t630_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5512F1F-30B9-4762-80C6-47858F281C24",
"versionEndExcluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:t630:-:*:*:*:*:*:*:*",
"matchCriteriaId": "983597B7-8CB1-4645-8432-965601D07B7B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:r530_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25DC61AC-E854-4291-AA02-3191554D8FBA",
"versionEndExcluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:r530:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D40EDE41-1554-4D4E-940D-8B20CD91C224",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:r430_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5127E4DF-3B6C-40BF-BC31-248B9A16BDB7",
"versionEndExcluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:r430:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D4A4EB4-38BF-47B0-BCF4-D944D691778D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:t430_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1234DF64-47CD-4A0D-B89D-8317640B7FA0",
"versionEndExcluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:t430:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43CD63EC-8C82-45EE-AFF8-07D9E36F2390",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:r830_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "935DA10F-EA1C-491E-9DCB-0FD56D1D9984",
"versionEndExcluding": "1.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:r830:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9B218B8E-D516-4277-A3F5-EF98DEDA860A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:c6320_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C40F793D-A0C2-4D2F-8DFF-30C8DCD343D8",
"versionEndExcluding": "2.14.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:c6320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "30FD5AD8-3280-491C-B5C4-B169939DB875",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell PowerEdge Server BIOS and Dell Precision Workstation 7910 and 7920 Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A Local High Privileged attacker could potentially exploit this vulnerability leading to arbitrary writes or denial of service."
},
{
"lang": "es",
"value": "La BIOS del servidor Dell PowerEdge y la BIOS de la estaci\u00f3n de trabajo Dell Precision 7910 y 7920 para rack contienen una vulnerabilidad de verificaci\u00f3n del b\u00fafer de comunicaci\u00f3n SMM inadecuada. Un atacante local con altos privilegios podr\u00eda explotar potencialmente esta vulnerabilidad que conduce a escrituras arbitrarias o a la denegaci\u00f3n de servicio"
}
],
"id": "CVE-2022-22558",
"lastModified": "2024-11-21T06:47:01.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 5.2,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-21T21:15:07.747",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/000197971"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/000197971"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…