Security vulnerabilities have been discovered within the Dell BIOS
Five new security vulnerabilities have been discovered within the Dell BIOS, which leaves the system vulnerable to code execution.
Read more about the CVE details here: CVE-2022-24415, CVE-2022-24416, CVE-2022-24419, CVE-2022-24420, and CVE-2022-24421
The CVSS (Common Vulnerability Scoring System) Severity Score has been rated as: All the vulnerabilities are rated 8.2
All five vulnerabilities are related to improper input validation vulnerabilities, affecting the system management mode of the firmware. This effectively allows a locally authenticated attacker to leverage the system management interrupt to achieve arbitrary code execution. The ongoing discovery of these vulnerabilities is due to repeatable failures around input sanitation.
A range of Dell products are affected:
- Alienware 13 R3, 15 R3, 15 R4, 17 R4, 17 R5
- Alienware Area 51m R1, R2
- Alienware Aurora R8
- Alienware m15 R2, R3, R4
- Alienware m17 R2, R3, R4
- Alienware x15, x17 R1
- Dell Edge Gateway 3000, 5000, 5100
- Dell Embedded Box PC 3000, 5000
- Inspiron 14 3473
- Inspiron 15 3573, 5566
- Inspiron 3277, 3465, 3477, 3482, 3502, 3510, 3565, 3582, 3782
- Latitude 3379
- Vostro 14, 15 5468
- Vostro 3267, 3268, 3572, 3582, 3660, 3667, 3668, 3669
- Wyse 7040 Thin Client
- XPS 8930
Dell recommends that users of any of these systems upgrade their BIOS at the earliest opportunity. This can be accessed from the Dell drivers website.
DigitalXRAID’s SOC (Security Operations Centre) Analysts recommend that any devices are patched and updated immediately.
If you discover that you’ve suffered a breach and need help urgently, get in contact with us. You can call our emergency line on 0800 066 4509 to speak to one of our experts. They’re available 24 hours a day, 7 days a week. Bookmark this page in case you ever need us.
If you need any support in mitigating any risks this vulnerability may have on your business, please don’t hesitate to get in contact.
