ID

VAR-202210-0502


CVE

CVE-2022-32492


TITLE

Dell's  BIOS  Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-018706

DESCRIPTION

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2022-32492 // JVNDB: JVNDB-2022-018706

AFFECTED PRODUCTS

vendor:dellmodel:biosscope:ltversion:2.25.0

Trust: 1.0

vendor:dellmodel:biosscope:ltversion:2.21.0

Trust: 1.0

vendor:デルmodel:biosscope:eqversion:2.21.0

Trust: 0.8

vendor:デルmodel:biosscope: - version: -

Trust: 0.8

vendor:デルmodel:biosscope:eqversion:2.25.0

Trust: 0.8

vendor:デルmodel:biosscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-018706 // NVD: CVE-2022-32492

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-32492
value: HIGH

Trust: 1.0

security_alert@emc.com: CVE-2022-32492
value: HIGH

Trust: 1.0

NVD: CVE-2022-32492
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202210-535
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-32492
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.0
impactScore: 6.0
version: 3.1

Trust: 1.0

security_alert@emc.com: CVE-2022-32492
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2022-32492
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-018706 // CNNVD: CNNVD-202210-535 // NVD: CVE-2022-32492 // NVD: CVE-2022-32492

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

problemtype:Inappropriate input confirmation (CWE-20) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-018706 // NVD: CVE-2022-32492

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202210-535

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202210-535

PATCH

title:Dell BIOS Enter the fix for the verification error vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=210806

Trust: 0.6

sources: CNNVD: CNNVD-202210-535

EXTERNAL IDS

db:NVDid:CVE-2022-32492

Trust: 3.2

db:JVNDBid:JVNDB-2022-018706

Trust: 0.8

db:CNNVDid:CNNVD-202210-535

Trust: 0.6

sources: JVNDB: JVNDB-2022-018706 // CNNVD: CNNVD-202210-535 // NVD: CVE-2022-32492

REFERENCES

url:https://www.dell.com/support/kbdoc/000202772

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-32492

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-32492/

Trust: 0.6

sources: JVNDB: JVNDB-2022-018706 // CNNVD: CNNVD-202210-535 // NVD: CVE-2022-32492

SOURCES

db:JVNDBid:JVNDB-2022-018706
db:CNNVDid:CNNVD-202210-535
db:NVDid:CVE-2022-32492

LAST UPDATE DATE

2024-08-14T14:37:16.831000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2022-018706date:2023-10-23T02:29:00
db:CNNVDid:CNNVD-202210-535date:2022-10-17T00:00:00
db:NVDid:CVE-2022-32492date:2022-10-14T03:25:33.837

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2022-018706date:2023-10-23T00:00:00
db:CNNVDid:CNNVD-202210-535date:2022-10-11T00:00:00
db:NVDid:CVE-2022-32492date:2022-10-11T17:15:10.790