CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-32492
https://notcve.org/view.php?id=CVE-2022-32492
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. Dell BIOS contiene una vulnerabilidad de comprobación de entrada inapropiada. Un usuario local malicioso y autenticado podría explotar esta vulnerabilidad usando un SMI para conseguir una ejecución de código arbitrario en la SMRAM • https://www.dell.com/support/kbdoc/000202772 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-32486
https://notcve.org/view.php?id=CVE-2022-32486
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. Dell BIOS contiene una vulnerabilidad de comprobación de entrada inapropiada. Un usuario local malicioso y autenticado puede explotar esta vulnerabilidad usando una SMI para conseguir una ejecución de código arbitrario en la SMRAM • https://www.dell.com/support/kbdoc/000202772 • CWE-20: Improper Input Validation •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5361
https://notcve.org/view.php?id=CVE-2020-5361
Select Dell Client Commercial and Consumer platforms support a BIOS password reset capability that is designed to assist authorized customers who forget their passwords. Dell is aware of unauthorized password generation tools that can generate BIOS recovery passwords. The tools, which are not authorized by Dell, can be used by a physically present attacker to reset BIOS passwords and BIOS-managed Hard Disk Drive (HDD) passwords. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to bypass security restrictions for BIOS Setup configuration, HDD access and BIOS pre-boot authentication. Plataformas Select Dell Client Commercial and Consumer, admiten una capacidad de restablecimiento de contraseña del BIOS que ha sido diseñada para ayudar a clientes autorizados que olvidan sus contraseñas. • https://www.dell.com/support/kbdoc/en-us/000180741/dsa-2020-119-dell-client-products-unauthorized-bios-password-reset-tool-vulnerability • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2020-5379
https://notcve.org/view.php?id=CVE-2020-5379
Dell Inspiron 7352 BIOS versions prior to A12 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in System Management Mode (SMM). El BIOS de Dell Inspiron 7352 versiones anteriores a A12, contienen una vulnerabilidad de sobrescritura de UEFI BIOS Boot Services. Un atacante local con acceso a la memoria del sistema puede aprovechar esta vulnerabilidad al sobrescribir la estructura de EFI_BOOT_SERVICES para ejecutar código arbitrario en System Management Mode (SMM) • https://www.dell.com/support/article/SLN322616 • CWE-693: Protection Mechanism Failure •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2020-5378
https://notcve.org/view.php?id=CVE-2020-5378
Dell G7 17 7790 BIOS versions prior to 1.13.2 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in System Management Mode (SMM). El BIOS de Dell G7 17 7790 versiones anteriores a 1.13.2 contienen una vulnerabilidad de sobrescritura de UEFI BIOS Boot Services. Un atacante local con acceso a la memoria del sistema puede aprovechar esta vulnerabilidad al sobrescribir la estructura de EFI_BOOT_SERVICES para ejecutar código arbitrario en System Management Mode (SMM) • https://www.dell.com/support/article/SLN322616 • CWE-416: Use After Free •