Details of VAR-202203-0927

ID

VAR-202203-0927

CVE

CVE-2022-24419

TITLE

Buffer Error Vulnerability in Multiple Dell Products

Trust: 0.8

sources: JVNDB: JVNDB-2022-006721

DESCRIPTION

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. Alienware 13 R3 firmware, Alienware 15 R3 firmware, Alienware 15 R4 Multiple Dell products, such as firmware, contain a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dell is a company that manufactures, designs, and sells home and office computers, as well as servers, data storage devices, networking equipment, and more

Trust: 2.16

sources: NVD: CVE-2022-24419 // JVNDB: JVNDB-2022-006721 // CNVD: CNVD-2022-20686

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-20686

AFFECTED PRODUCTS

vendor:	dell	model:	vostro 3267	scope:	lt	version:	1.20.0	Trust: 1.0
vendor:	dell	model:	alienware m17 r3	scope:	lt	version:	1.14.0	Trust: 1.0
vendor:	dell	model:	vostro 3660	scope:	lt	version:	1.20.0	Trust: 1.0
vendor:	dell	model:	alienware 15 r4	scope:	lt	version:	1.17.0	Trust: 1.0
vendor:	dell	model:	inspiron 3477	scope:	lt	version:	1.19.0	Trust: 1.0
vendor:	dell	model:	alienware m15 r4	scope:	lt	version:	1.8.0	Trust: 1.0
vendor:	dell	model:	vostro 3582	scope:	lt	version:	1.13.0	Trust: 1.0
vendor:	dell	model:	alienware m15 r2	scope:	lt	version:	1.12.0	Trust: 1.0
vendor:	dell	model:	alienware x15 r1	scope:	lt	version:	1.7.0	Trust: 1.0
vendor:	dell	model:	embedded box pc 3000	scope:	lt	version:	1.13.0	Trust: 1.0
vendor:	dell	model:	alienware x17 r1	scope:	lt	version:	1.7.0	Trust: 1.0
vendor:	dell	model:	edge gateway 3000	scope:	lt	version:	1.7.0	Trust: 1.0
vendor:	dell	model:	inspiron 3565	scope:	lt	version:	1.12.0	Trust: 1.0
vendor:	dell	model:	vostro 14 5468	scope:	lt	version:	1.19.0	Trust: 1.0
vendor:	dell	model:	edge gateway 5000	scope:	lt	version:	1.17.0	Trust: 1.0
vendor:	dell	model:	inspiron 14 3473	scope:	lt	version:	1.14.0	Trust: 1.0
vendor:	dell	model:	alienware 17 r4	scope:	lt	version:	1.16.1	Trust: 1.0
vendor:	dell	model:	alienware area 51m r1	scope:	lt	version:	1.18.0	Trust: 1.0
vendor:	dell	model:	embedded box pc 5000	scope:	lt	version:	1.14.0	Trust: 1.0
vendor:	dell	model:	alienware m15 r3	scope:	lt	version:	1.14.0	Trust: 1.0
vendor:	dell	model:	inspiron 3582	scope:	lt	version:	1.13.0	Trust: 1.0
vendor:	dell	model:	alienware m17 r4	scope:	lt	version:	1.8.0	Trust: 1.0
vendor:	dell	model:	inspiron 3482	scope:	lt	version:	1.13.0	Trust: 1.0
vendor:	dell	model:	inspiron 15 3573	scope:	lt	version:	1.14.0	Trust: 1.0
vendor:	dell	model:	wyse 7040 thin client	scope:	lt	version:	1.15.0	Trust: 1.0
vendor:	dell	model:	alienware 15 r3	scope:	lt	version:	1.16.1	Trust: 1.0
vendor:	dell	model:	latitude 3379	scope:	lt	version:	1.0.34	Trust: 1.0
vendor:	dell	model:	vostro 3668	scope:	lt	version:	1.20.0	Trust: 1.0
vendor:	dell	model:	inspiron 3465	scope:	lt	version:	1.12.0	Trust: 1.0
vendor:	dell	model:	alienware area 51m r2	scope:	lt	version:	1.13.0	Trust: 1.0
vendor:	dell	model:	xps 8930	scope:	lt	version:	1.1.21	Trust: 1.0
vendor:	dell	model:	alienware 17 r5	scope:	lt	version:	1.17.0	Trust: 1.0
vendor:	dell	model:	vostro 3667	scope:	lt	version:	1.20.0	Trust: 1.0
vendor:	dell	model:	inspiron 3502	scope:	lt	version:	1.7.0	Trust: 1.0
vendor:	dell	model:	vostro 15 5568	scope:	lt	version:	1.19.0	Trust: 1.0
vendor:	dell	model:	alienware 13 r3	scope:	lt	version:	1.16.1	Trust: 1.0
vendor:	dell	model:	alienware aurora r8	scope:	lt	version:	1.0.20	Trust: 1.0
vendor:	dell	model:	vostro 3572	scope:	lt	version:	1.14.0	Trust: 1.0
vendor:	dell	model:	vostro 3669	scope:	lt	version:	1.20.0	Trust: 1.0
vendor:	dell	model:	inspiron 3782	scope:	lt	version:	1.13.0	Trust: 1.0
vendor:	dell	model:	inspiron 3277	scope:	lt	version:	1.19.0	Trust: 1.0
vendor:	dell	model:	alienware m17 r2	scope:	lt	version:	1.12.0	Trust: 1.0
vendor:	dell	model:	vostro 3268	scope:	lt	version:	1.20.0	Trust: 1.0
vendor:	dell	model:	inspiron 15 5566	scope:	lt	version:	1.18.0	Trust: 1.0
vendor:	dell	model:	inspiron 3510	scope:	lt	version:	1.6.0	Trust: 1.0
vendor:	dell	model:	edge gateway 5100	scope:	lt	version:	1.17.0	Trust: 1.0
vendor:	デル	model:	alienware area 51m r1	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	alienware m15 r3	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	alienware 17 r4	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	alienware 17 r5	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	alienware aurora r8	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	alienware 15 r3	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	alienware 13 r3	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	alienware area 51m r2	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	alienware m15 r2	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	alienware 15 r4	scope:	-	version:	-	Trust: 0.8
vendor:	dell	model:	bios	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2022-20686 // JVNDB: JVNDB-2022-006721 // NVD: CVE-2022-24419

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-24419
value:	HIGH
Trust: 1.0
security_alert@emc.com:	CVE-2022-24419
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-24419
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2022-20686
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202203-1204
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-24419
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2022-20686
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:L/AC:L/AU:M/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	2.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-24419
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2022-24419
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.5
impactScore:	6.0
version:	3.1
Trust: 1.0
NVD:	CVE-2022-24419
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-20686 // JVNDB: JVNDB-2022-006721 // CNNVD: CNNVD-202203-1204 // NVD: CVE-2022-24419 // NVD: CVE-2022-24419

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.0
problemtype:	Buffer error (CWE-119) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-006721 // NVD: CVE-2022-24419

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202203-1204

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202203-1204

PATCH

title:	Patch for Dell BIOS Input Validation Vulnerability (CNVD-2022-20686)	url:	https://www.cnvd.org.cn/patchInfo/show/326601	Trust: 0.6
title:	Dell BIOS Buffer error vulnerability fix	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=244003	Trust: 0.6

sources: CNVD: CNVD-2022-20686 // CNNVD: CNNVD-202203-1204

EXTERNAL IDS

db:	NVD	id:	CVE-2022-24419	Trust: 3.8
db:	JVNDB	id:	JVNDB-2022-006721	Trust: 0.8
db:	CNVD	id:	CNVD-2022-20686	Trust: 0.6
db:	CNNVD	id:	CNNVD-202203-1204	Trust: 0.6

sources: CNVD: CNVD-2022-20686 // JVNDB: JVNDB-2022-006721 // CNNVD: CNNVD-202203-1204 // NVD: CVE-2022-24419

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000197057/dsa-2022-053	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-24419	Trust: 1.4
url:	https://cxsecurity.com/cveshow/cve-2022-24419/	Trust: 0.6

sources: CNVD: CNVD-2022-20686 // JVNDB: JVNDB-2022-006721 // CNNVD: CNNVD-202203-1204 // NVD: CVE-2022-24419

SOURCES

db:	CNVD	id:	CNVD-2022-20686
db:	JVNDB	id:	JVNDB-2022-006721
db:	CNNVD	id:	CNNVD-202203-1204
db:	NVD	id:	CVE-2022-24419

LAST UPDATE DATE

2024-11-23T23:10:56.556000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-20686	date:	2022-03-18T00:00:00
db:	JVNDB	id:	JVNDB-2022-006721	date:	2023-07-07T08:27:00
db:	CNNVD	id:	CNNVD-202203-1204	date:	2023-07-03T00:00:00
db:	NVD	id:	CVE-2022-24419	date:	2024-11-21T06:50:23.180

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-20686	date:	2022-03-18T00:00:00
db:	JVNDB	id:	JVNDB-2022-006721	date:	2023-07-07T00:00:00
db:	CNNVD	id:	CNNVD-202203-1204	date:	2022-03-11T00:00:00
db:	NVD	id:	CVE-2022-24419	date:	2022-03-11T22:15:13.137