CVE-2022-34401

{"id": "CVE-2022-34401", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 0.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 0.8}]}, "published": "2023-01-18T06:15:11.493", "references": [{"url": "https://www.dell.com/support/kbdoc/000204679", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}, {"url": "https://www.dell.com/support/kbdoc/000204679", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-121"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "\nDell BIOS contains a stack based buffer overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter in order to gain arbitrary code execution in SMRAM.\n\n\n\n\n\n"}, {"lang": "es", "value": "Dell BIOS contiene una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria. Un usuario malicioso autenticado local puede explotar esta vulnerabilidad utilizando un SMI para enviar una entrada mayor a la esperada a un par\u00e1metro con el fin de obtener la ejecuci\u00f3n de c\u00f3digo arbitrario en SMRAM."}], "lastModified": "2024-11-21T07:09:26.877", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:alienware_m15_a6_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6568990-B376-45EA-B56F-A03207A1AD61", "versionEndExcluding": "1.4.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:alienware_m15_a6:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "37462389-91CB-4B5B-9412-180995860E37"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:alienware_m17_r5_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B22D1FA-F68E-41B7-BCF2-D6E7AAF8D9B8", "versionEndExcluding": "1.4.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:alienware_m17_r5:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5E8A465D-8F53-49CB-9498-D2894CEE8264"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:g15_5525_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CCF400B8-885E-4E6D-B6A5-1A0329791FAE", "versionEndExcluding": "1.4.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:g15_5525:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "68FD27D9-7C76-450C-8535-DE86FC006C46"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security_alert@emc.com"}