CVE-2022-26862
moderate-risk
Published 2022-06-23
Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM.
Do I need to act?
-
0.04% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.3/10
Medium
LOCAL
/ LOW complexity
Affected Products (20)
Alienware M15 R5 Firmware
G15 5515 Firmware
G5 Se 5505 Firmware
Inspiron 27 7775 Firmware
Inspiron 14 5425 Firmware
Inspiron 3275 Firmware
Inspiron 3475 Firmware
Inspiron 3180 Firmware
Inspiron 3185 Firmware
Inspiron 3195 Firmware
Inspiron 3505 Firmware
Inspiron 3515 Firmware
Inspiron 3525 Firmware
Inspiron 3585 Firmware
Inspiron 3595 Firmware
Inspiron 3785 Firmware
Inspiron 5405 Firmware
Inspiron 5415 Firmware
Inspiron 5415 All-In-One Firmware
Inspiron 5485 Firmware
Affected Vendors
References (2)
Vendor Advisory
https://www.dell.com/support/kbdoc/en-us/000200568/dsa-2022-096
Vendor Advisory
https://www.dell.com/support/kbdoc/en-us/000200568/dsa-2022-096
43
/ 100
moderate-risk
Severity
20/34 · Moderate
Exploitability
0/34 · Minimal
Exposure
23/34 · High