var-202203-0822
Vulnerability from variot
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. Alienware 13 R3 firmware, Alienware 15 R3 firmware, Alienware 15 R4 Multiple Dell products, such as firmware, contain a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-0822",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vostro 3268",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.20.0"
},
{
"model": "alienware x15 r1",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.7.0"
},
{
"model": "vostro 3667",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.20.0"
},
{
"model": "alienware 17 r5",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.17.0"
},
{
"model": "alienware m17 r4",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.8.0"
},
{
"model": "vostro 3669",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.20.0"
},
{
"model": "inspiron 3465",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.12.0"
},
{
"model": "edge gateway 5100",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.17.0"
},
{
"model": "inspiron 3477",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.19.0"
},
{
"model": "inspiron 3582",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.13.0"
},
{
"model": "alienware aurora r8",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.0.20"
},
{
"model": "alienware m15 r3",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.14.0"
},
{
"model": "embedded box pc 3000",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.13.0"
},
{
"model": "vostro 3668",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.20.0"
},
{
"model": "vostro 15 5568",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.19.0"
},
{
"model": "vostro 14 5468",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.19.0"
},
{
"model": "alienware m15 r2",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.12.0"
},
{
"model": "alienware 13 r3",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.16.1"
},
{
"model": "alienware 15 r4",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.17.0"
},
{
"model": "alienware x17 r1",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.7.0"
},
{
"model": "latitude 3379",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.0.34"
},
{
"model": "inspiron 3482",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.13.0"
},
{
"model": "embedded box pc 5000",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.14.0"
},
{
"model": "inspiron 15 3573",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.14.0"
},
{
"model": "alienware 15 r3",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.16.1"
},
{
"model": "wyse 7040 thin client",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.15.0"
},
{
"model": "vostro 3660",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.20.0"
},
{
"model": "vostro 3582",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.13.0"
},
{
"model": "xps 8930",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.1.21"
},
{
"model": "alienware 17 r4",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.16.1"
},
{
"model": "edge gateway 3000",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.7.0"
},
{
"model": "inspiron 3782",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.13.0"
},
{
"model": "vostro 3267",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.20.0"
},
{
"model": "edge gateway 5000",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.17.0"
},
{
"model": "vostro 3572",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.14.0"
},
{
"model": "inspiron 3502",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.7.0"
},
{
"model": "alienware m15 r4",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.8.0"
},
{
"model": "inspiron 3277",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.19.0"
},
{
"model": "inspiron 3565",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.12.0"
},
{
"model": "inspiron 14 3473",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.14.0"
},
{
"model": "inspiron 15 5566",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.18.0"
},
{
"model": "alienware m17 r3",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.14.0"
},
{
"model": "alienware m17 r2",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.12.0"
},
{
"model": "alienware area 51m r1",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.18.0"
},
{
"model": "alienware area 51m r2",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.13.0"
},
{
"model": "inspiron 3510",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "1.6.0"
},
{
"model": "alienware area 51m r1",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "alienware m15 r3",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "alienware 17 r4",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "alienware 17 r5",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "alienware aurora r8",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "alienware 15 r3",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "alienware 13 r3",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "alienware area 51m r2",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "alienware m15 r2",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
},
{
"model": "alienware 15 r4",
"scope": null,
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-006722"
},
{
"db": "NVD",
"id": "CVE-2022-24416"
}
]
},
"cve": "CVE-2022-24416",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-24416",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-24416",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security_alert@emc.com",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.5,
"id": "CVE-2022-24416",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-24416",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-24416",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2022-24416",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-24416",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-1205",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-006722"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1205"
},
{
"db": "NVD",
"id": "CVE-2022-24416"
},
{
"db": "NVD",
"id": "CVE-2022-24416"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. Alienware 13 R3 firmware, Alienware 15 R3 firmware, Alienware 15 R4 Multiple Dell products, such as firmware, contain a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-24416"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006722"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-24416",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006722",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1205",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-006722"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1205"
},
{
"db": "NVD",
"id": "CVE-2022-24416"
}
]
},
"id": "VAR-202203-0822",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.34285715
},
"last_update_date": "2024-08-14T13:22:36.444000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dell BIOS Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=244004"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1205"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.0
},
{
"problemtype": "Buffer error (CWE-119) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-006722"
},
{
"db": "NVD",
"id": "CVE-2022-24416"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.dell.com/support/kbdoc/en-us/000197057/dsa-2022-053"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24416"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-24416/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-006722"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1205"
},
{
"db": "NVD",
"id": "CVE-2022-24416"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2022-006722"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1205"
},
{
"db": "NVD",
"id": "CVE-2022-24416"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-006722"
},
{
"date": "2022-03-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1205"
},
{
"date": "2022-03-11T22:15:12.747000",
"db": "NVD",
"id": "CVE-2022-24416"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-07T08:27:00",
"db": "JVNDB",
"id": "JVNDB-2022-006722"
},
{
"date": "2023-07-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1205"
},
{
"date": "2023-06-30T18:32:42.563000",
"db": "NVD",
"id": "CVE-2022-24416"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1205"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer Error Vulnerability in Multiple Dell Products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-006722"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1205"
}
],
"trust": 0.6
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.