CVE-2022-22567Insufficient Verification of Data Authenticity in Dell CPG Bios

CWE-345Insufficient Verification of Data Authenticity3 documents3 sources
Severity
5.1MEDIUMNVD
CNA4.7
EPSS
0.0%
top 93.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
215
Dell CPG BiosDell Alienware Area 51M R1 FirmwareDell Alienware Area 51M R2 Firmware+212 more
Timeline
PublishedFeb 9
Latest updateFeb 10

Description

Select Dell Client Commercial and Consumer platforms are vulnerable to an insufficient verification of data authenticity vulnerability. An authenticated malicious user may exploit this vulnerability in order to install modified BIOS firmware.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:LExploitability: 0.8 | Impact: 4.2

Affected Packages215 packages

CVEListV5dell/cpg_biosunspecified1.15
NVDdell/g3_3500_firmware< 1.12.0
NVDdell/g3_3590_firmware< 1.14.0
NVDdell/g5_5500_firmware< 1.12.0

🔴Vulnerability Details

2
GHSA
GHSA-rmxf-c923-96h6: Select Dell Client Commercial and Consumer platforms are vulnerable to an insufficient verification of data authenticity vulnerability2022-02-10
CVEList
CVE-2022-22567: Select Dell Client Commercial and Consumer platforms are vulnerable to an insufficient verification of data authenticity vulnerability2022-02-09