CVE-2022-24420

CVSS V2 High 7.2 CVSS V3 High 7.8
Description
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
Overview
  • CVE ID
  • CVE-2022-24420
  • Assigner
  • security_alert@emc.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-03-11T22:15:13
  • Last Modified Date
  • 2022-03-18T20:22:45
Weakness Enumerations
CWE URL
CWE-20 http://cwe.mitre.org/data/definitions/20.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:dell:alienware_13_r3_firmware:*:*:*:*:*:*:*:* 1 OR 1.16.1
cpe:2.3:h:dell:alienware_13_r3:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:alienware_15_r3_firmware:*:*:*:*:*:*:*:* 1 OR 1.16.1
cpe:2.3:h:dell:alienware_15_r3:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:alienware_15_r4_firmware:*:*:*:*:*:*:*:* 1 OR 1.17.0
cpe:2.3:h:dell:alienware_15_r4:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:alienware_17_r4_firmware:*:*:*:*:*:*:*:* 1 OR 1.16.1
cpe:2.3:h:dell:alienware_17_r4:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:alienware_17_r5_firmware:*:*:*:*:*:*:*:* 1 OR 1.17.0
cpe:2.3:h:dell:alienware_17_r5:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:alienware_area_51m_r1_firmware:*:*:*:*:*:*:*:* 1 OR 1.18.0
cpe:2.3:h:dell:alienware_area_51m_r1:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:alienware_area_51m_r2_firmware:*:*:*:*:*:*:*:* 1 OR 1.13.0
cpe:2.3:h:dell:alienware_area_51m_r2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:alienware_aurora_r8_firmware:*:*:*:*:*:*:*:* 1 OR 1.0.20
cpe:2.3:h:dell:alienware_aurora_r8:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:alienware_m15_r2_firmware:*:*:*:*:*:*:*:* 1 OR 1.12.0
cpe:2.3:h:dell:alienware_m15_r2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:alienware_m15_r3_firmware:*:*:*:*:*:*:*:* 1 OR 1.14.0
cpe:2.3:h:dell:alienware_m15_r3:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:alienware_m15_r4_firmware:*:*:*:*:*:*:*:* 1 OR 1.8.0
cpe:2.3:h:dell:alienware_m15_r4:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:alienware_m17_r2_firmware:*:*:*:*:*:*:*:* 1 OR 1.12.0
cpe:2.3:h:dell:alienware_m17_r2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:alienware_m17_r3_firmware:*:*:*:*:*:*:*:* 1 OR 1.14.0
cpe:2.3:h:dell:alienware_m17_r3:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:alienware_m17_r4_firmware:*:*:*:*:*:*:*:* 1 OR 1.8.0
cpe:2.3:h:dell:alienware_m17_r4:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:alienware_x15_r1_firmware:*:*:*:*:*:*:*:* 1 OR 1.7.0
cpe:2.3:h:dell:alienware_x15_r1:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:alienware_x17_r1_firmware:*:*:*:*:*:*:*:* 1 OR 1.7.0
cpe:2.3:h:dell:alienware_x17_r1:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:edge_gateway_3000_firmware:*:*:*:*:*:*:*:* 1 OR 1.7.0
cpe:2.3:h:dell:edge_gateway_3000:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:edge_gateway_5000_firmware:*:*:*:*:*:*:*:* 1 OR 1.17.0
cpe:2.3:h:dell:edge_gateway_5000:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:edge_gateway_5100_firmware:*:*:*:*:*:*:*:* 1 OR 1.17.0
cpe:2.3:h:dell:edge_gateway_5100:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:embedded_box_pc_3000_firmware:*:*:*:*:*:*:*:* 1 OR 1.13.0
cpe:2.3:h:dell:embedded_box_pc_3000:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:embedded_box_pc_5000_firmware:*:*:*:*:*:*:*:* 1 OR 1.14.0
cpe:2.3:h:dell:embedded_box_pc_5000:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:inspiron_14_3473_firmware:*:*:*:*:*:*:*:* 1 OR 1.14.0
cpe:2.3:h:dell:inspiron_14_3473:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:inspiron_15_3573_firmware:*:*:*:*:*:*:*:* 1 OR 1.14.0
cpe:2.3:h:dell:inspiron_15_3573:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:inspiron_15_5566_firmware:*:*:*:*:*:*:*:* 1 OR 1.18.0
cpe:2.3:h:dell:inspiron_15_5566:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:inspiron_3277_firmware:*:*:*:*:*:*:*:* 1 OR 1.19.0
cpe:2.3:h:dell:inspiron_3277:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:inspiron_3465_firmware:*:*:*:*:*:*:*:* 1 OR 1.12.0
cpe:2.3:h:dell:inspiron_3465:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:inspiron_3477_firmware:*:*:*:*:*:*:*:* 1 OR 1.19.0
cpe:2.3:h:dell:inspiron_3477:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:inspiron_3482_firmware:*:*:*:*:*:*:*:* 1 OR 1.13.0
cpe:2.3:h:dell:inspiron_3482:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:inspiron_3502_firmware:*:*:*:*:*:*:*:* 1 OR 1.7.0
cpe:2.3:h:dell:inspiron_3502:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:inspiron_3510_firmware:*:*:*:*:*:*:*:* 1 OR 1.6.0
cpe:2.3:h:dell:inspiron_3510:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:inspiron_3565_firmware:*:*:*:*:*:*:*:* 1 OR 1.12.0
cpe:2.3:h:dell:inspiron_3565:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:inspiron_3582_firmware:*:*:*:*:*:*:*:* 1 OR 1.13.0
cpe:2.3:h:dell:inspiron_3582:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:inspiron_3782_firmware:*:*:*:*:*:*:*:* 1 OR 1.13.0
cpe:2.3:h:dell:inspiron_3782:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:latitude_3379_firmware:*:*:*:*:*:*:*:* 1 OR 1.0.34
cpe:2.3:h:dell:latitude_3379:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:vostro_14_5468_firmware:*:*:*:*:*:*:*:* 1 OR 1.19.0
cpe:2.3:h:dell:vostro_14_5468:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:vostro_15_5568_firmware:*:*:*:*:*:*:*:* 1 OR 1.19.0
cpe:2.3:h:dell:vostro_15_5568:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:vostro_3267_firmware:*:*:*:*:*:*:*:* 1 OR 1.20.0
cpe:2.3:h:dell:vostro_3267:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:vostro_3268_firmware:*:*:*:*:*:*:*:* 1 OR 1.20.0
cpe:2.3:h:dell:vostro_3268:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:vostro_3572_firmware:*:*:*:*:*:*:*:* 1 OR 1.14.0
cpe:2.3:h:dell:vostro_3572:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:vostro_3582_firmware:*:*:*:*:*:*:*:* 1 OR 1.13.0
cpe:2.3:h:dell:vostro_3582:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:vostro_3660_firmware:*:*:*:*:*:*:*:* 1 OR 1.20.0
cpe:2.3:h:dell:vostro_3660:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:vostro_3667_firmware:*:*:*:*:*:*:*:* 1 OR 1.20.0
cpe:2.3:h:dell:vostro_3667:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:vostro_3668_firmware:*:*:*:*:*:*:*:* 1 OR 1.20.0
cpe:2.3:h:dell:vostro_3668:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:vostro_3669_firmware:*:*:*:*:*:*:*:* 1 OR 1.20.0
cpe:2.3:h:dell:vostro_3669:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:wyse_7040_thin_client_firmware:*:*:*:*:*:*:*:* 1 OR 1.15.0
cpe:2.3:h:dell:wyse_7040_thin_client:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dell:xps_8930_firmware:*:*:*:*:*:*:*:* 1 OR 1.1.21
cpe:2.3:h:dell:xps_8930:-:*:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:L/AC:L/Au:N/C:C/I:C/A:C
  • Access Vector
  • LOCAL
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • COMPLETE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 7.2
  • Severity
  • HIGH
  • Exploitability Score
  • 3.9
  • Impact Score
  • 10
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Attack Vector
  • LOCAL
  • Attack Compatibility
  • LOW
  • Privileges Required
  • LOW
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • HIGH
  • Availability Impact
  • HIGH
  • Base Score
  • 7.8
  • Base Severity
  • HIGH
  • Exploitability Score
  • 1.8
  • Impact Score
  • 5.9
References
Reference URL Reference Tags
https://www.dell.com/support/kbdoc/en-us/000197057/dsa-2022-053 Vendor Advisory
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-24420
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24420
History
Created Old Value New Value Data Type Notes
2022-05-10 15:45:15 Added to TrackCVE
2022-12-06 12:09:13 secure@dell.com security_alert@emc.com CVE Assigner updated
2022-12-06 12:09:13 2022-03-11T22:15Z 2022-03-11T22:15:13 CVE Published Date updated
2022-12-06 12:09:13 2022-03-18T20:22:45 CVE Modified Date updated
2022-12-06 12:09:13 Analyzed Vulnerability Status updated