Dell BIOS code execution | CVE-2022-24420
NAME
Dell BIOS code execution
- Platforms Affected:
Dell BIOS - Risk Level:
8.2 - Exploitability:
Unproven - Consequences:
Gain Access
DESCRIPTION
Dell BIOS could allow a local authenticated attacker to execute arbitrary code on the system, caused by improper input validation. By using an SMI, an attacker could exploit this vulnerability to execute arbitrary code on the system during SMM.
CVSS 3.0 Information
- Privileges Required: High
- User Interaction: None
- Scope: Changed
- Access Vector: Local
- Access Complexity: Low
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
- Remediation Level: Official Fix
MITIGATION
Refer to Dell DSA Identifier: DSA-2022-053 for patch, upgrade or suggested workaround information. See References.
- Reference Link:
https://www.dell.com/support/kbdoc/en-us/000197057/dsa-2022-053 - Reference Link:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24420
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.