Headline
CVE-2022-22558: DSA-2022-015: Dell PowerEdge Improper SMM Communication Buffer Verification Vulnerability
Dell PowerEdge Server BIOS and Dell Precision Workstation 7910 and 7920 Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A Local High Privileged attacker could potentially exploit this vulnerability leading to arbitrary writes or denial of service.
Vaikutus
Medium
Tiedot
Proprietary Code CVE
Description
CVSS Base Score
CVSS Vector String
CVE-2022-22558
Dell PowerEdge Server BIOS and Dell Precision Workstation 7910 and 7920 Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A Local High Privileged attacker may potentially exploit this vulnerability leading to arbitrary writes or denial of service…
5.7
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H
Proprietary Code CVE
Description
CVSS Base Score
CVSS Vector String
CVE-2022-22558
Dell PowerEdge Server BIOS and Dell Precision Workstation 7910 and 7920 Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A Local High Privileged attacker may potentially exploit this vulnerability leading to arbitrary writes or denial of service…
5.7
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H
Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.
Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen****Kiitokset
Dell would like to thank yngweijw for reporting this issue.
Versiohistoria
Revision
Date
Description
1.0
2022-03-31
Initial release
1.1
2022-05-31
Updated “Affected Products and Remediation” section
1.2
2022-06-20
Updated Target Release Dates
1.3
2022-07-27
Updated “Affected Products and Remediation” section
1.4
2022-08-04
Updated CVE Description.
1.5
2022-08-22
Added PowerEdge XE8545 to “Affected Products and Remediation” section.
Asiaan liittyvät tiedot
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide
PowerEdge, PowerEdge C4130, PowerEdge C6320, PowerEdge FC430, PowerEdge FC630, PowerEdge FC830, PowerEdge M630, PowerEdge M630 (for PE VRTX), PowerEdge M830, PowerEdge M830 (for PE VRTX), PowerEdge R430, PowerEdge R530, PowerEdge R630Näytä lisää
22 elok. 2022
Related news
Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.