21 results (0.006 seconds)

CVSS: 4.6EPSS: 0%CPEs: 222EXPL: 0

Dell BIOS contains an improper authentication vulnerability. A malicious user with physical access to the system may potentially exploit this vulnerability in order to modify a security-critical UEFI variable without knowledge of the BIOS administrator. • https://www.dell.com/support/kbdoc/en-us/000215217/dsa-2023-190-dell-client-bios • CWE-287: Improper Authentication •

CVSS: 6.9EPSS: 0%CPEs: 490EXPL: 0

Dell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS. A local authenticated malicious user with physical access to the system could potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI in order to gain arbitrary code execution on the system. • https://www.dell.com/support/kbdoc/en-us/000212817/dsa-2023-152-security-update-for-a-dell-client-bios-vulnerability • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •

CVSS: 4.6EPSS: 0%CPEs: 150EXPL: 0

Dell BIOS contains an Improper Authorization vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability, leading to denial of service. • https://www.dell.com/support/kbdoc/en-us/000207928/dsa-2023-011-dell-client-platform-security-update-for-a-bios-vulnerability • CWE-285: Improper Authorization •

CVSS: 8.8EPSS: 0%CPEs: 166EXPL: 0

Dell BIOS contains a Stack based buffer overflow vulnerability. A local authenticated attacker could potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter to gain arbitrary code execution in SMRAM. • https://www.dell.com/support/kbdoc/000205716 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 5.6EPSS: 0%CPEs: 378EXPL: 0

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable. • https://www.dell.com/support/kbdoc/en-us/000205717/dsa-2022-326 • CWE-20: Improper Input Validation •