Dell Cpg Bios vulnerabilities

CVE-2022-32488 [HIGH] CWE-20 CVE-2022-32488: Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

CVE-2022-32487 [HIGH] CWE-20 CVE-2022-32487: Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

CVE-2022-32493 [HIGH] CWE-121 CVE-2022-32493: Dell BIOS contains an Stack-Based Buffer Overflow vulnerability. A local authenticated malicious use Dell BIOS contains an Stack-Based Buffer Overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

CVE-2022-32483 [MEDIUM] CWE-20 CVE-2022-32483: Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

CVE-2022-32484 [MEDIUM] CWE-20 CVE-2022-32484: Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

CVE-2022-32492 [HIGH] CWE-20 CVE-2022-32492: Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

CVE-2022-32486 [HIGH] CWE-20 CVE-2022-32486: Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

CVE-2022-31226 [HIGH] CWE-121 CVE-2022-31226: Dell BIOS versions contain a Stack-based Buffer Overflow vulnerability. A local authenticated malici Dell BIOS versions contain a Stack-based Buffer Overflow vulnerability. A local authenticated malicious user could potentially exploit this vulnerability by sending excess data to a function in order to gain arbitrary code execution on the system.

CVE-2022-31220 [MEDIUM] CWE-1038 CVE-2022-31220: Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administra Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause unexpected failures.

CVE-2022-31225 [MEDIUM] CWE-252 CVE-2022-31225: Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administra Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause unexpected failures.

CVE-2022-31222 [MEDIUM] CWE-401 CVE-2022-31222: Dell BIOS versions contain a Missing Release of Resource after Effective Lifetime vulnerability. A l Dell BIOS versions contain a Missing Release of Resource after Effective Lifetime vulnerability. A local authenticated administrator user could potentially exploit this vulnerability by consuming excess memory in order to cause the application to crash.

CVE-2022-31224 [LOW] CWE-1247 CVE-2022-31224: Dell BIOS versions contain an Improper Protection Against Voltage and Clock Glitches vulnerability. Dell BIOS versions contain an Improper Protection Against Voltage and Clock Glitches vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by triggering a fault condition in order to change the behavior of the system.

CVE-2022-31223 [LOW] CWE-158 CVE-2022-31223: Dell BIOS versions contain an Improper Neutralization of Null Byte vulnerability. A local authentica Dell BIOS versions contain an Improper Neutralization of Null Byte vulnerability. A local authenticated administrator user could potentially exploit this vulnerability by sending unexpected null bytes in order to read memory on the system.

CVE-2022-31221 [LOW] CWE-200 CVE-2022-31221: Dell BIOS versions contain an Information Exposure vulnerability. A local authenticated administrato Dell BIOS versions contain an Information Exposure vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order access sensitive state information on the system.

CVE-2022-26859 [HIGH] CWE-367 CVE-2022-26859: Dell BIOS contains a race condition vulnerability. A local attacker could exploit this vulnerability Dell BIOS contains a race condition vulnerability. A local attacker could exploit this vulnerability by sending malicious input via SMI in order to bypass security checks during SMM.

CVE-2022-26858 [HIGH] CWE-287 CVE-2022-26858: Dell BIOS versions contain an Improper Authentication vulnerability. A locally authenticated malicio Dell BIOS versions contain an Improper Authentication vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls.

CVE-2022-26860 [HIGH] CWE-121 CVE-2022-26860: Dell BIOS versions contain a stack-based buffer overflow vulnerability. A local attacker could explo Dell BIOS versions contain a stack-based buffer overflow vulnerability. A local attacker could exploit this vulnerability by sending malicious input via SMI to bypass security checks resulting in arbitrary code execution in SMM.

CVE-2022-26861 [HIGH] CWE-1038 CVE-2022-26861: Dell BIOS versions contain an Insecure Automated Optimization vulnerability. A local authenticated m Dell BIOS versions contain an Insecure Automated Optimization vulnerability. A local authenticated malicious user could exploit this vulnerability by sending malicious input via SMI to obtain arbitrary code execution during SMM.

CVE-2022-29083 [MEDIUM] CWE-287 CVE-2022-29083: Prior Dell BIOS versions contain an Improper Authentication vulnerability. An unauthenticated attack Prior Dell BIOS versions contain an Improper Authentication vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability by bypassing drive security mechanisms in order to gain access to the system.

CVE-2022-26862 [HIGH] CWE-20 CVE-2022-26862: Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated maliciou Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM.