Dell Embedded Box Pc 3000 Firmware vulnerabilities

CVE-2024-52541 [HIGH] CWE-1390 CVE-2024-52541: Dell Client Platform BIOS contains a Weak Authentication vulnerability. A high privileged attacker w Dell Client Platform BIOS contains a Weak Authentication vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

CVE-2024-47238 [MEDIUM] CWE-20 CVE-2024-47238: Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally devel Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.

CVE-2024-0158 [MEDIUM] CWE-20 CVE-2024-0158: Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability to modify a UEFI variable, leading to denial of service and escalation of privileges

CVE-2024-22429 [MEDIUM] CWE-20 CVE-2024-22429: Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution.

CVE-2023-28075 [MEDIUM] CWE-367 CVE-2023-28075: Dell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS. A local authenticated maliciou Dell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS. A local authenticated malicious user with physical access to the system could potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI in order to gain arbitrary code execution on the system.

CVE-2023-24571 [MEDIUM] CWE-20 CVE-2023-24571: Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with administrator privileges could potentially exploit this vulnerability to perform arbitrary code execution.

CVE-2022-34398 [HIGH] CWE-367 CVE-2022-34398: Dell BIOS contains a Time-of-check Time-of-use vulnerability. A local authenticated malicious user Dell BIOS contains a Time-of-check Time-of-use vulnerability. A local authenticated malicious user could\u00a0potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI to gain arbitrary code execution on the system.

CVE-2022-32490 [HIGH] CWE-20 CVE-2022-32490: Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

CVE-2022-32489 [HIGH] CWE-20 CVE-2022-32489: Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

CVE-2022-32491 [HIGH] CWE-119 CVE-2022-32491: Dell Client BIOS contains a Buffer Overflow vulnerability. A local authenticated malicious user may Dell Client BIOS contains a Buffer Overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause an arbitrary write during SMM.

CVE-2022-32485 [HIGH] CWE-20 CVE-2022-32485: Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

CVE-2022-32488 [HIGH] CWE-20 CVE-2022-32488: Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

CVE-2022-32487 [HIGH] CWE-20 CVE-2022-32487: Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

CVE-2022-32493 [HIGH] CWE-121 CVE-2022-32493: Dell BIOS contains an Stack-Based Buffer Overflow vulnerability. A local authenticated malicious use Dell BIOS contains an Stack-Based Buffer Overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

CVE-2022-32483 [MEDIUM] CWE-20 CVE-2022-32483: Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

CVE-2022-32484 [MEDIUM] CWE-20 CVE-2022-32484: Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

CVE-2022-26859 [HIGH] CWE-367 CVE-2022-26859: Dell BIOS contains a race condition vulnerability. A local attacker could exploit this vulnerability Dell BIOS contains a race condition vulnerability. A local attacker could exploit this vulnerability by sending malicious input via SMI in order to bypass security checks during SMM.

CVE-2022-26858 [HIGH] CWE-287 CVE-2022-26858: Dell BIOS versions contain an Improper Authentication vulnerability. A locally authenticated malicio Dell BIOS versions contain an Improper Authentication vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls.

CVE-2022-26860 [HIGH] CWE-121 CVE-2022-26860: Dell BIOS versions contain a stack-based buffer overflow vulnerability. A local attacker could explo Dell BIOS versions contain a stack-based buffer overflow vulnerability. A local attacker could exploit this vulnerability by sending malicious input via SMI to bypass security checks resulting in arbitrary code execution in SMM.

CVE-2022-26861 [HIGH] CWE-1038 CVE-2022-26861: Dell BIOS versions contain an Insecure Automated Optimization vulnerability. A local authenticated m Dell BIOS versions contain an Insecure Automated Optimization vulnerability. A local authenticated malicious user could exploit this vulnerability by sending malicious input via SMI to obtain arbitrary code execution during SMM.