Sign-up

ID

VAR-202301-1433


CVE

CVE-2022-32490


TITLE

plural  Dell BIOS  Product input verification vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2022-005952

DESCRIPTION

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. Dell Edge Gateway 3000 firmware, Dell Edge Gateway 5000 firmware, Embedded Box PC 3000 There is an input validation vulnerability in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-32490 // JVNDB: JVNDB-2022-005952 // VULMON: CVE-2022-32490

AFFECTED PRODUCTS

vendor:dellmodel:embedded box pc 3000scope:ltversion:1.15.0

Trust: 1.0

vendor:dellmodel:edge gateway 5000scope:ltversion:1.19.0

Trust: 1.0

vendor:dellmodel:edge gateway 3000scope:ltversion:1.9.0

Trust: 1.0

vendor:デルmodel:dell edge gateway 3000scope: - version: -

Trust: 0.8

vendor:デルmodel:embedded box pc 3000scope: - version: -

Trust: 0.8

vendor:デルmodel:dell edge gateway 5000scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-005952 // NVD: CVE-2022-32490

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-32490
value: HIGH

Trust: 1.0

security_alert@emc.com: CVE-2022-32490
value: HIGH

Trust: 1.0

NVD: CVE-2022-32490
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202301-1445
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-32490
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.1
impactScore: 6.0
version: 3.1

Trust: 1.0

security_alert@emc.com: CVE-2022-32490
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2022-32490
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-005952 // CNNVD: CNNVD-202301-1445 // NVD: CVE-2022-32490 // NVD: CVE-2022-32490

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

problemtype:Inappropriate input confirmation (CWE-20) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-005952 // NVD: CVE-2022-32490

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202301-1445

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202301-1445

PATCH

title:DSA-2022-249url:https://www.dell.com/support/kbdoc/en-id/000204685/dsa-2022-249-dell-security-update-for-dell-edge-gateway-and-embedded-box-bios

Trust: 0.8

title: - url:https://github.com/Live-Hack-CVE/CVE-2022-32490

Trust: 0.1

sources: VULMON: CVE-2022-32490 // JVNDB: JVNDB-2022-005952

EXTERNAL IDS

db:NVDid:CVE-2022-32490

Trust: 3.3

db:JVNDBid:JVNDB-2022-005952

Trust: 0.8

db:CNNVDid:CNNVD-202301-1445

Trust: 0.6

db:VULMONid:CVE-2022-32490

Trust: 0.1

sources: VULMON: CVE-2022-32490 // JVNDB: JVNDB-2022-005952 // CNNVD: CNNVD-202301-1445 // NVD: CVE-2022-32490

REFERENCES

url:https://www.dell.com/support/kbdoc/000204685

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-32490

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-32490/

Trust: 0.6

url:https://github.com/live-hack-cve/cve-2022-32490

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2022-32490 // JVNDB: JVNDB-2022-005952 // CNNVD: CNNVD-202301-1445 // NVD: CVE-2022-32490

SOURCES

db:VULMONid:CVE-2022-32490
db:JVNDBid:JVNDB-2022-005952
db:CNNVDid:CNNVD-202301-1445
db:NVDid:CVE-2022-32490

LAST UPDATE DATE

2024-08-14T15:21:21.747000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2022-32490date:2023-01-18T00:00:00
db:JVNDBid:JVNDB-2022-005952date:2023-06-20T09:12:00
db:CNNVDid:CNNVD-202301-1445date:2023-01-28T00:00:00
db:NVDid:CVE-2022-32490date:2023-11-07T03:47:49.683

SOURCES RELEASE DATE

db:VULMONid:CVE-2022-32490date:2023-01-18T00:00:00
db:JVNDBid:JVNDB-2022-005952date:2023-06-20T00:00:00
db:CNNVDid:CNNVD-202301-1445date:2023-01-18T00:00:00
db:NVDid:CVE-2022-32490date:2023-01-18T06:15:11.313