Threat Advisory

Dell vulnerabilities

April 8, 2022 | By Accorian

Hello,

Dell recently announced five new security vulnerabilities in the firmware of their BIOS. The vulnerability if successfully exploited could lead to code execution. Furthermore, the firmware monitoring systems are unable to detect these vulnerabilities due to the design limitation of the firmware. 

All the 5 vulnerabilities have been rated as high-severity issues with a CVSS score of 8.2. The CVE assigned to each one of them are CVE-2022-24415, CVE-2022-24416, CVE-2022-24419, CVE-2022-24420, and CVE-2022-24421. A large number of Dell products such as Alienware, Inspiron, Edge Gateway 300 and Vostro series are affected. The full list of affected devices can be found here. https://www.dell.com/support/kbdoc/en-in/000197057/dsa-2022-053.

All the flaws are related to the improper input validation vulnerability which affects the System Management Mode (SMM) of the firmware. This subsequently allows an unauthenticated local attacker to leverage the System Management Interrupt (SMI) to gain arbitrary code execution on the vulnerable system.

In response to this, Dell has announced firmware level remediation updates. Accorian recommends updating all Dell systems to the latest firmware version to prevent any exploitation.  

Source: https://www.dell.com/support/kbdoc/en-in/000197057/dsa-2022-053 

Recent Post

    Ready to Start?



      Ready to Start?



        Download Case study




          Download Guide




          Human Resources Director

          Posted On: 09 May, 2022

          Drop your CVs to joinourteam@accorian.com

            Interested Position

            First Name

            Last Name

            Email

            Total Experience

            Mobile Number

            Upload Resume