CVE-2022-29083 — Improper Authentication in Dell CPG Bios

CWE-287 — Improper Authentication3 documents3 sources

Severity

6.8MEDIUMNVD

EPSS

0.1%

top 70.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

109

Dell CPG Bios Dell Chengming 3980 Firmware Dell Chengming 3990 Firmware +106 more

Timeline

PublishedAug 9

Latest updateAug 10

Description

Prior Dell BIOS versions contain an Improper Authentication vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability by bypassing drive security mechanisms in order to gain access to the system.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages109 packages

▶CVEListV5dell/cpg_biosunspecified — 9-12

▶NVDdell/g3_3579_firmware< 1.21.0

▶NVDdell/g3_3779_firmware< 1.21.0

▶NVDdell/g5_5000_firmware< 1.7.0

▶NVDdell/g5_5090_firmware< 1.14.0

🔴Vulnerability Details

GHSA

GHSA-gq7w-5v6q-h6vc: Prior Dell BIOS versions contain an Improper Authentication vulnerability↗2022-08-10

▶

CVEList

CVE-2022-29083: Prior Dell BIOS versions contain an Improper Authentication vulnerability↗2022-08-09

▶