cbcvebase.
CVE-2022-26858
published 2022-09-06

CVE-2022-26858: Dell BIOS versions contain an Improper Authentication vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by…

high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
Dell BIOS versions contain an Improper Authentication vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls.

Affected

400 ranges· showing 25
VendorProductVersion rangeFixed in
dellalienware_m15_r6_firmware< 1.8.01.8.0
dellchengming_3980_firmware< 2.21.02.21.0
dellchengming_3988_firmware< 1.9.01.9.0
dellchengming_3990_firmware< 1.8.21.8.2
dellchengming_3991_firmware< 1.8.21.8.2
dellcpg_bios>= unspecified < AllAll
delledge_gateway_3000_firmware< 1.8.01.8.0
delledge_gateway_5000_firmware< 1.18.01.18.0
dellembedded_box_pc_3000_firmware< 1.14.01.14.0
dellembedded_box_pc_5000_firmware< 1.15.01.15.0
dellg15_5510_firmware< 1.8.01.8.0
dellg15_5511_firmware< 1.9.01.9.0
dellg3_15_3590_firmware< 1.16.01.16.0
dellg3_3500_firmware< 1.12.01.12.0
dellg3_3579_firmware< 1.19.01.19.0
dellg5_15_5587_firmware< 1.19.01.19.0
dellg5_15_5590_firmware< 1.18.01.18.0
dellg5_5000_firmware< 1.5.11.5.1
dellg5_5090_firmware< 1.12.01.12.0
dellg5_5500_firmware< 1.12.01.12.0
dellg7_17_7700_firmware< 1.12.01.12.0
dellg7_17_7790_firmware< 1.18.01.18.0
dellg7_7500_firmware< 1.12.01.12.0
dellg7_7588_firmware< 1.19.01.19.0
dellinspiron_13_5378_firmware< 1.36.01.36.0

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cisa7.8HIGH