CVE-2022-34377

moderate-risk

Published 2023-02-10

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

Do I need to act?

0.03% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 1.9/10 Low

LOCAL / HIGH complexity

Affected Products (20)

R6515 Firmware

R7515 Firmware

R6525 Firmware

R7525 Firmware

Xe8545 Firmware

C6525 Firmware

R6415 Firmware

R7415 Firmware

R7425 Firmware

R750 Firmware

R750Xa Firmware

R650 Firmware

C6520 Firmware

Mx750C Firmware

R450 Firmware

R550 Firmware

R650Xs Firmware

R750Xs Firmware

T550 Firmware

Xr11 Firmware

Affected Vendors

Dell

References (2)

Patch https://www.dell.com/support/kbdoc/en-us/000206296/dsa-2022-204-dell-poweredge-i...

/ 100

moderate-risk

Severity 5/34 · Minimal

Exploitability 0/34 · Minimal

Exposure 29/34 · Critical