ID

VAR-202203-0927


CVE

CVE-2022-24419


TITLE

Buffer Error Vulnerability in Multiple Dell Products

Trust: 0.8

sources: JVNDB: JVNDB-2022-006721

DESCRIPTION

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. Alienware 13 R3 firmware, Alienware 15 R3 firmware, Alienware 15 R4 Multiple Dell products, such as firmware, contain a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dell is a company that manufactures, designs, and sells home and office computers, as well as servers, data storage devices, networking equipment, and more

Trust: 2.16

sources: NVD: CVE-2022-24419 // JVNDB: JVNDB-2022-006721 // CNVD: CNVD-2022-20686

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-20686

AFFECTED PRODUCTS

vendor:dellmodel:vostro 3268scope:ltversion:1.20.0

Trust: 1.0

vendor:dellmodel:alienware x15 r1scope:ltversion:1.7.0

Trust: 1.0

vendor:dellmodel:vostro 3667scope:ltversion:1.20.0

Trust: 1.0

vendor:dellmodel:alienware 17 r5scope:ltversion:1.17.0

Trust: 1.0

vendor:dellmodel:alienware m17 r4scope:ltversion:1.8.0

Trust: 1.0

vendor:dellmodel:vostro 3669scope:ltversion:1.20.0

Trust: 1.0

vendor:dellmodel:inspiron 3465scope:ltversion:1.12.0

Trust: 1.0

vendor:dellmodel:edge gateway 5100scope:ltversion:1.17.0

Trust: 1.0

vendor:dellmodel:inspiron 3477scope:ltversion:1.19.0

Trust: 1.0

vendor:dellmodel:inspiron 3582scope:ltversion:1.13.0

Trust: 1.0

vendor:dellmodel:alienware aurora r8scope:ltversion:1.0.20

Trust: 1.0

vendor:dellmodel:alienware m15 r3scope:ltversion:1.14.0

Trust: 1.0

vendor:dellmodel:embedded box pc 3000scope:ltversion:1.13.0

Trust: 1.0

vendor:dellmodel:vostro 3668scope:ltversion:1.20.0

Trust: 1.0

vendor:dellmodel:vostro 15 5568scope:ltversion:1.19.0

Trust: 1.0

vendor:dellmodel:vostro 14 5468scope:ltversion:1.19.0

Trust: 1.0

vendor:dellmodel:alienware m15 r2scope:ltversion:1.12.0

Trust: 1.0

vendor:dellmodel:alienware 13 r3scope:ltversion:1.16.1

Trust: 1.0

vendor:dellmodel:alienware 15 r4scope:ltversion:1.17.0

Trust: 1.0

vendor:dellmodel:alienware x17 r1scope:ltversion:1.7.0

Trust: 1.0

vendor:dellmodel:latitude 3379scope:ltversion:1.0.34

Trust: 1.0

vendor:dellmodel:inspiron 3482scope:ltversion:1.13.0

Trust: 1.0

vendor:dellmodel:embedded box pc 5000scope:ltversion:1.14.0

Trust: 1.0

vendor:dellmodel:inspiron 15 3573scope:ltversion:1.14.0

Trust: 1.0

vendor:dellmodel:alienware 15 r3scope:ltversion:1.16.1

Trust: 1.0

vendor:dellmodel:wyse 7040 thin clientscope:ltversion:1.15.0

Trust: 1.0

vendor:dellmodel:vostro 3660scope:ltversion:1.20.0

Trust: 1.0

vendor:dellmodel:vostro 3582scope:ltversion:1.13.0

Trust: 1.0

vendor:dellmodel:xps 8930scope:ltversion:1.1.21

Trust: 1.0

vendor:dellmodel:alienware 17 r4scope:ltversion:1.16.1

Trust: 1.0

vendor:dellmodel:edge gateway 3000scope:ltversion:1.7.0

Trust: 1.0

vendor:dellmodel:inspiron 3782scope:ltversion:1.13.0

Trust: 1.0

vendor:dellmodel:vostro 3267scope:ltversion:1.20.0

Trust: 1.0

vendor:dellmodel:edge gateway 5000scope:ltversion:1.17.0

Trust: 1.0

vendor:dellmodel:vostro 3572scope:ltversion:1.14.0

Trust: 1.0

vendor:dellmodel:inspiron 3502scope:ltversion:1.7.0

Trust: 1.0

vendor:dellmodel:alienware m15 r4scope:ltversion:1.8.0

Trust: 1.0

vendor:dellmodel:inspiron 3277scope:ltversion:1.19.0

Trust: 1.0

vendor:dellmodel:inspiron 3565scope:ltversion:1.12.0

Trust: 1.0

vendor:dellmodel:inspiron 14 3473scope:ltversion:1.14.0

Trust: 1.0

vendor:dellmodel:inspiron 15 5566scope:ltversion:1.18.0

Trust: 1.0

vendor:dellmodel:alienware m17 r3scope:ltversion:1.14.0

Trust: 1.0

vendor:dellmodel:alienware m17 r2scope:ltversion:1.12.0

Trust: 1.0

vendor:dellmodel:alienware area 51m r1scope:ltversion:1.18.0

Trust: 1.0

vendor:dellmodel:alienware area 51m r2scope:ltversion:1.13.0

Trust: 1.0

vendor:dellmodel:inspiron 3510scope:ltversion:1.6.0

Trust: 1.0

vendor:デルmodel:alienware area 51m r1scope: - version: -

Trust: 0.8

vendor:デルmodel:alienware m15 r3scope: - version: -

Trust: 0.8

vendor:デルmodel:alienware 17 r4scope: - version: -

Trust: 0.8

vendor:デルmodel:alienware 17 r5scope: - version: -

Trust: 0.8

vendor:デルmodel:alienware aurora r8scope: - version: -

Trust: 0.8

vendor:デルmodel:alienware 15 r3scope: - version: -

Trust: 0.8

vendor:デルmodel:alienware 13 r3scope: - version: -

Trust: 0.8

vendor:デルmodel:alienware area 51m r2scope: - version: -

Trust: 0.8

vendor:デルmodel:alienware m15 r2scope: - version: -

Trust: 0.8

vendor:デルmodel:alienware 15 r4scope: - version: -

Trust: 0.8

vendor:dellmodel:biosscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2022-20686 // JVNDB: JVNDB-2022-006721 // NVD: CVE-2022-24419

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-24419
value: HIGH

Trust: 1.0

security_alert@emc.com: CVE-2022-24419
value: HIGH

Trust: 1.0

NVD: CVE-2022-24419
value: HIGH

Trust: 0.8

CNVD: CNVD-2022-20686
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202203-1204
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-24419
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2022-20686
severity: MEDIUM
baseScore: 6.5
vectorString: AV:L/AC:L/AU:M/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 2.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-24419
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

security_alert@emc.com: CVE-2022-24419
baseSeverity: HIGH
baseScore: 8.2
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.5
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2022-24419
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-20686 // JVNDB: JVNDB-2022-006721 // CNNVD: CNNVD-202203-1204 // NVD: CVE-2022-24419 // NVD: CVE-2022-24419

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.0

problemtype:Buffer error (CWE-119) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-006721 // NVD: CVE-2022-24419

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202203-1204

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202203-1204

PATCH

title:Patch for Dell BIOS Input Validation Vulnerability (CNVD-2022-20686)url:https://www.cnvd.org.cn/patchInfo/show/326601

Trust: 0.6

title:Dell BIOS Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=244003

Trust: 0.6

sources: CNVD: CNVD-2022-20686 // CNNVD: CNNVD-202203-1204

EXTERNAL IDS

db:NVDid:CVE-2022-24419

Trust: 3.8

db:JVNDBid:JVNDB-2022-006721

Trust: 0.8

db:CNVDid:CNVD-2022-20686

Trust: 0.6

db:CNNVDid:CNNVD-202203-1204

Trust: 0.6

sources: CNVD: CNVD-2022-20686 // JVNDB: JVNDB-2022-006721 // CNNVD: CNNVD-202203-1204 // NVD: CVE-2022-24419

REFERENCES

url:https://www.dell.com/support/kbdoc/en-us/000197057/dsa-2022-053

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-24419

Trust: 1.4

url:https://cxsecurity.com/cveshow/cve-2022-24419/

Trust: 0.6

sources: CNVD: CNVD-2022-20686 // JVNDB: JVNDB-2022-006721 // CNNVD: CNNVD-202203-1204 // NVD: CVE-2022-24419

SOURCES

db:CNVDid:CNVD-2022-20686
db:JVNDBid:JVNDB-2022-006721
db:CNNVDid:CNNVD-202203-1204
db:NVDid:CVE-2022-24419

LAST UPDATE DATE

2024-08-14T13:22:36.172000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-20686date:2022-03-18T00:00:00
db:JVNDBid:JVNDB-2022-006721date:2023-07-07T08:27:00
db:CNNVDid:CNNVD-202203-1204date:2023-07-03T00:00:00
db:NVDid:CVE-2022-24419date:2023-06-30T18:41:08.983

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-20686date:2022-03-18T00:00:00
db:JVNDBid:JVNDB-2022-006721date:2023-07-07T00:00:00
db:CNNVDid:CNNVD-202203-1204date:2022-03-11T00:00:00
db:NVDid:CVE-2022-24419date:2022-03-11T22:15:13.137