CVE-2022-34376

moderate-risk

Published 2023-02-10

Dell PowerEdge BIOS and Dell Precision BIOS contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause a denial of service during SMM.

Do I need to act?

0.03% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 3.9/10 Low

LOCAL / HIGH complexity

Affected Products (20)

R6515 Firmware

R7515 Firmware

R6525 Firmware

R7525 Firmware

Xe8545 Firmware

C6525 Firmware

R6415 Firmware

R7415 Firmware

R7425 Firmware

R750 Firmware

R750Xa Firmware

R650 Firmware

C6520 Firmware

Mx750C Firmware

R450 Firmware

R550 Firmware

R650Xs Firmware

R750Xs Firmware

T550 Firmware

Xr11 Firmware

Affected Vendors

Dell

References (2)

Patch https://www.dell.com/support/kbdoc/en-us/000206296/dsa-2022-204-dell-poweredge-i...

/ 100

moderate-risk

Severity 10/34 · Low

Exploitability 0/34 · Minimal

Exposure 29/34 · Critical