X
NEXT
Forgot password?

DigitalXRAID

Security vulnerabilities have been discovered within the Dell BIOS 

Five new security vulnerabilities have been discovered within the Dell BIOS, which leaves the system vulnerable to code execution. 

Read more about the CVE details here: CVE-2022-24415, CVE-2022-24416, CVE-2022-24419, CVE-2022-24420, and CVE-2022-24421 

The CVSS (Common Vulnerability Scoring System) Severity Score has been rated as: All the vulnerabilities are rated 8.2 

All five vulnerabilities are related to improper input validation vulnerabilities, affecting the system management mode of the firmware. This effectively allows a locally authenticated attacker to leverage the system management interrupt to achieve arbitrary code execution. The ongoing discovery of these vulnerabilities is due to repeatable failures around input sanitation. 

A range of Dell products are affected: 

  • Alienware 13 R3, 15 R3, 15 R4, 17 R4, 17 R5 
  • Alienware Area 51m R1, R2 
  • Alienware Aurora R8 
  • Alienware m15 R2, R3, R4 
  • Alienware m17 R2, R3, R4 
  • Alienware x15, x17 R1 
  • Dell Edge Gateway 3000, 5000, 5100 
  • Dell Embedded Box PC 3000, 5000 
  • Inspiron 14 3473 
  • Inspiron 15 3573, 5566 
  • Inspiron 3277, 3465, 3477, 3482, 3502, 3510, 3565, 3582, 3782 
  • Latitude 3379 
  • Vostro 14, 15 5468 
  • Vostro 3267, 3268, 3572, 3582, 3660, 3667, 3668, 3669 
  • Wyse 7040 Thin Client 
  • XPS 8930 

Dell recommends that users of any of these systems upgrade their BIOS at the earliest opportunity. This can be accessed from the Dell drivers website. 

DigitalXRAID’s SOC (Security Operations Centre) Analysts recommend that any devices are patched and updated immediately.  

If you discover that you’ve suffered a breach and need help urgently, get in contact with us. You can call our emergency line on 0800 066 4509 to speak to one of our experts. They’re available 24 hours a day, 7 days a week. Bookmark this page in case you ever need us.  

If you need any support in mitigating any risks this vulnerability may have on your business, please don’t hesitate to get in contact. 

Cyber Security Experts

Accredited and regulated, we're in the top 1% of cyber security agencies globally

Crown Commercial Service Supplier Cyber Essentials Plus ISO 27001 BSI ISO 9001 CHECK NCSC Cyber Incident Response CREST

We’re trusted by the UK Government as Crown Commercial Service providers as well as being accredited by two of the leading cyber security governing bodies. Our ISO9001 certification means you can rest assured our processes and approach are market leading.

Protect Your Business & Your Reputation.

With a continued focus on security, you can rest assured that breaches and exploits won't be holding you back.

Speak To An Expert

x

Get In Touch

[contact-form-7 id="5" title="Contact Us Form"]