CVE-2022-29083

high-risk

Published 2022-08-09

Prior Dell BIOS versions contain an Improper Authentication vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability by bypassing drive security mechanisms in order to gain access to the system.

Do I need to act?

0.11% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.8/10 Medium

PHYSICAL / LOW complexity

Affected Products (20)

Chengming 3980 Firmware

Chengming 3990 Firmware

Chengming 3991 Firmware

G3 3579 Firmware

G3 3779 Firmware

G5 5587 Firmware

G5 5000 Firmware

G5 5090 Firmware

G7 7588 Firmware

Inspiron 3470 Firmware

Inspiron 3480 Firmware

Inspiron 3493 Firmware

Inspiron 3501 Firmware

Inspiron 3580 Firmware

Inspiron 3593 Firmware

Inspiron 3670 Firmware

Inspiron 3780 Firmware

Inspiron 3790 Firmware

Inspiron 3793 Firmware

Inspiron 3880 Firmware

Affected Vendors

Dell

References (2)

Vendor Advisory https://www.dell.com/support/kbdoc/000201396

/ 100

high-risk

Severity 22/34 · High

Exploitability 0/34 · Minimal

Exposure 30/34 · Critical