CVE-2022-26862

CWE-20Improper Input Validation3 documents3 sources
Severity
7.8HIGH
EPSS
0.0%
top 89.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
35
Dell CPG BiosDell Alienware M15 R5 FirmwareDell G15 5515 Firmware+32 more
Timeline
PublishedJun 23
Latest updateJun 24

Description

Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:LExploitability: 0.8 | Impact: 5.5

Affected Packages35 packages

CVEListV5dell/cpg_biosunspecified1.5.0

🔴Vulnerability Details

2
GHSA
GHSA-x4c8-pv8w-6cx5: Prior Dell BIOS versions contain an Input Validation vulnerability2022-06-24
CVEList
CVE-2022-26862: Prior Dell BIOS versions contain an Input Validation vulnerability2022-06-23