9 results (0.011 seconds)

CVSS: 8.8EPSS: 0%CPEs: 166EXPL: 0

Dell BIOS contains a Stack based buffer overflow vulnerability. A local authenticated attacker could potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter to gain arbitrary code execution in SMRAM. • https://www.dell.com/support/kbdoc/000205716 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 7.1EPSS: 0%CPEs: 166EXPL: 0

Dell BIOS contains a heap buffer overflow vulnerability. A local attacker with admin privileges could potentially exploit this vulnerability to perform an arbitrary write to SMRAM during SMM. • https://www.dell.com/support/kbdoc/en-us/000205716/dsa-2022-327 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 52EXPL: 0

Prior Dell BIOS versions contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. Las versiones anteriores del BIOS de Dell contienen una vulnerabilidad de validación de entrada incorrecta. Un usuario malicioso que se haya autenticado en local puede explotar esta vulnerabilidad utilizando un SMI para obtener la ejecución de código arbitrario en SMRAM. • https://www.dell.com/support/kbdoc/000204686 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 52EXPL: 0

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. Dell BIOS contiene una vulnerabilidad de validación de entrada incorrecta. Un usuario malicioso autenticado local podría explotar esta vulnerabilidad utilizando un SMI para obtener la ejecución de código arbitrario en SMRAM. • https://www.dell.com/support/kbdoc/000204686 • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 0%CPEs: 68EXPL: 0

Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM. Las versiones anteriores de Dell BIOS contienen una vulnerabilidad de comprobación de entrada. Un usuario malicioso autenticado localmente podría explotar esta vulnerabilidad mediante el envío de entradas maliciosas a un SMI para omitir los controles de seguridad en el SMM • https://www.dell.com/support/kbdoc/en-us/000200568/dsa-2022-096 • CWE-20: Improper Input Validation •