Sign-up

ID

VAR-202210-0667


CVE

CVE-2022-32486


TITLE

Dell's  BIOS  Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-018707

DESCRIPTION

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2022-32486 // JVNDB: JVNDB-2022-018707

AFFECTED PRODUCTS

vendor:dellmodel:biosscope:ltversion:2.25.0

Trust: 1.0

vendor:dellmodel:biosscope:ltversion:2.21.0

Trust: 1.0

vendor:デルmodel:biosscope:eqversion:2.21.0

Trust: 0.8

vendor:デルmodel:biosscope: - version: -

Trust: 0.8

vendor:デルmodel:biosscope:eqversion:2.25.0

Trust: 0.8

vendor:デルmodel:biosscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-018707 // NVD: CVE-2022-32486

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-32486
value: HIGH

Trust: 1.0

security_alert@emc.com: CVE-2022-32486
value: HIGH

Trust: 1.0

NVD: CVE-2022-32486
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202210-533
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-32486
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.0
impactScore: 6.0
version: 3.1

Trust: 1.0

security_alert@emc.com: CVE-2022-32486
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2022-32486
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-018707 // CNNVD: CNNVD-202210-533 // NVD: CVE-2022-32486 // NVD: CVE-2022-32486

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

problemtype:Inappropriate input confirmation (CWE-20) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-018707 // NVD: CVE-2022-32486

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202210-533

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202210-533

PATCH

title:Dell BIOS Enter the fix for the verification error vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=210805

Trust: 0.6

sources: CNNVD: CNNVD-202210-533

EXTERNAL IDS

db:NVDid:CVE-2022-32486

Trust: 3.2

db:JVNDBid:JVNDB-2022-018707

Trust: 0.8

db:CNNVDid:CNNVD-202210-533

Trust: 0.6

sources: JVNDB: JVNDB-2022-018707 // CNNVD: CNNVD-202210-533 // NVD: CVE-2022-32486

REFERENCES

url:https://www.dell.com/support/kbdoc/000202772

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-32486

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-32486/

Trust: 0.6

sources: JVNDB: JVNDB-2022-018707 // CNNVD: CNNVD-202210-533 // NVD: CVE-2022-32486

SOURCES

db:JVNDBid:JVNDB-2022-018707
db:CNNVDid:CNNVD-202210-533
db:NVDid:CVE-2022-32486

LAST UPDATE DATE

2024-08-14T14:24:29.510000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2022-018707date:2023-10-23T02:30:00
db:CNNVDid:CNNVD-202210-533date:2022-10-17T00:00:00
db:NVDid:CVE-2022-32486date:2022-10-14T03:25:19.490

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2022-018707date:2023-10-23T00:00:00
db:CNNVDid:CNNVD-202210-533date:2022-10-11T00:00:00
db:NVDid:CVE-2022-32486date:2022-10-11T17:15:10.697