BIOS
by Dell
CVEs (117)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-28073 | Hig | 0.53 | 8.2 | 0.00 | Jun 23, 2023 | Dell BIOS contains an improper authentication vulnerability. A locally authenticated malicious user may potentially exploit this vulnerability by bypassing certain authentication mechanisms in order to elevate privileges on the system. | ||
| CVE-2022-32489 | Hig | 0.53 | 8.2 | 0.00 | Oct 12, 2022 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | ||
| CVE-2022-32488 | Hig | 0.53 | 8.2 | 0.00 | Oct 12, 2022 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | ||
| CVE-2022-24421 | Hig | 0.53 | 8.2 | 0.00 | Mar 11, 2022 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. | ||
| CVE-2022-24420 | Hig | 0.53 | 8.2 | 0.00 | Mar 11, 2022 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. | ||
| CVE-2022-24419 | Hig | 0.53 | 8.2 | 0.00 | Mar 11, 2022 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. | ||
| CVE-2022-24416 | Hig | 0.53 | 8.2 | 0.00 | Mar 11, 2022 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. | ||
| CVE-2022-24415 | Hig | 0.53 | 8.2 | 0.00 | Mar 11, 2022 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. | ||
| CVE-2021-21522 | Hig | 0.53 | 8.2 | 0.00 | Sep 28, 2021 | Dell BIOS contains a Credentials Management issue. A local authenticated malicious user may potentially exploit this vulnerability to gain access to sensitive information on an NVMe storage by resetting the BIOS password on the system via the Manageability Interface. | ||
| CVE-2022-26861 | Hig | 0.51 | 7.9 | 0.00 | Sep 6, 2022 | Dell BIOS versions contain an Insecure Automated Optimization vulnerability. A local authenticated malicious user could exploit this vulnerability by sending malicious input via SMI to obtain arbitrary code execution during SMM. | ||
| CVE-2024-32860 | Hig | 0.49 | 7.5 | 0.00 | Jun 13, 2024 | Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. | ||
| CVE-2024-32859 | Hig | 0.49 | 7.5 | 0.00 | Jun 13, 2024 | Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. | ||
| CVE-2024-32858 | Hig | 0.49 | 7.5 | 0.00 | Jun 13, 2024 | Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. | ||
| CVE-2023-32475 | Hig | 0.49 | 7.6 | 0.00 | Jun 7, 2024 | Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially bypass security mechanisms to run arbitrary code on the system. | ||
| CVE-2024-22429 | Hig | 0.49 | 7.5 | 0.00 | May 17, 2024 | Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution. | ||
| CVE-2023-24571 | Hig | 0.49 | 7.5 | 0.00 | Mar 16, 2023 | Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with administrator privileges could potentially exploit this vulnerability to perform arbitrary code execution. | ||
| CVE-2022-34403 | Hig | 0.49 | 7.5 | 0.00 | Feb 1, 2023 | Dell BIOS contains a Stack based buffer overflow vulnerability. A local authenticated attacker could potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter to gain arbitrary code execution in SMRAM. | ||
| CVE-2022-34398 | Hig | 0.49 | 7.5 | 0.00 | Feb 1, 2023 | Dell BIOS contains a Time-of-check Time-of-use vulnerability. A local authenticated malicious user could\u00a0potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI to gain arbitrary code execution on the system. | ||
| CVE-2022-34460 | Hig | 0.49 | 7.5 | 0.00 | Jan 18, 2023 | Prior Dell BIOS versions contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | ||
| CVE-2022-34401 | Hig | 0.49 | 7.5 | 0.00 | Jan 18, 2023 | Dell BIOS contains a stack based buffer overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter in order to gain arbitrary code execution in SMRAM. |
- risk 0.53cvss 8.2epss 0.00
Dell BIOS contains an improper authentication vulnerability. A locally authenticated malicious user may potentially exploit this vulnerability by bypassing certain authentication mechanisms in order to elevate privileges on the system.
- risk 0.53cvss 8.2epss 0.00
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
- risk 0.53cvss 8.2epss 0.00
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
- risk 0.53cvss 8.2epss 0.00
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
- risk 0.53cvss 8.2epss 0.00
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
- risk 0.53cvss 8.2epss 0.00
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
- risk 0.53cvss 8.2epss 0.00
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
- risk 0.53cvss 8.2epss 0.00
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
- risk 0.53cvss 8.2epss 0.00
Dell BIOS contains a Credentials Management issue. A local authenticated malicious user may potentially exploit this vulnerability to gain access to sensitive information on an NVMe storage by resetting the BIOS password on the system via the Manageability Interface.
- risk 0.51cvss 7.9epss 0.00
Dell BIOS versions contain an Insecure Automated Optimization vulnerability. A local authenticated malicious user could exploit this vulnerability by sending malicious input via SMI to obtain arbitrary code execution during SMM.
- risk 0.49cvss 7.5epss 0.00
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
- risk 0.49cvss 7.5epss 0.00
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
- risk 0.49cvss 7.5epss 0.00
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
- risk 0.49cvss 7.6epss 0.00
Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially bypass security mechanisms to run arbitrary code on the system.
- risk 0.49cvss 7.5epss 0.00
Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution.
- risk 0.49cvss 7.5epss 0.00
Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with administrator privileges could potentially exploit this vulnerability to perform arbitrary code execution.
- risk 0.49cvss 7.5epss 0.00
Dell BIOS contains a Stack based buffer overflow vulnerability. A local authenticated attacker could potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter to gain arbitrary code execution in SMRAM.
- risk 0.49cvss 7.5epss 0.00
Dell BIOS contains a Time-of-check Time-of-use vulnerability. A local authenticated malicious user could\u00a0potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI to gain arbitrary code execution on the system.
- risk 0.49cvss 7.5epss 0.00
Prior Dell BIOS versions contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
- risk 0.49cvss 7.5epss 0.00
Dell BIOS contains a stack based buffer overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter in order to gain arbitrary code execution in SMRAM.
Page 1 of 6