CVE-2022-24410Sensitive Information Exposure in Dell Alienware 13 R2 Firmware

CWE-200Sensitive Information ExposureCWE-312Cleartext Storage of Sensitive Info3 documents3 sources
Severity
4.2MEDIUMNVD
CNA6.8
EPSS
0.1%
top 80.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
158
Dell Alienware 13 R2 FirmwareDell Alienware 13 R3 FirmwareDell Alienware 15 R2 Firmware+155 more
Timeline
PublishedFeb 10

Description

Dell BIOS contains an information exposure vulnerability. An unauthenticated local attacker with physical access to the system and knowledge of the system configuration could potentially exploit this vulnerability to read system information via debug interfaces.

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 0.5 | Impact: 3.6

Affected Packages158 packages

CVEListV5dell/cpg_biosAll supported versions
NVDdell/inspiron_3470< 2.18.0
NVDdell/inspiron_7590< 1.10.0
NVDdell/inspiron_7591< 1.10.0
NVDdell/g3_3500_firmware< 1.10.1+1

🔴Vulnerability Details

2
CVEList
CVE-2022-24410: Dell BIOS contains an information exposure vulnerability2023-02-10
GHSA
GHSA-3m34-2j9g-qvqx: Dell BIOS contains an information exposure vulnerability2023-02-10
CVE-2022-24410 — Sensitive Information Exposure in Dell | cvebase