Threat Advisory

Dell vulnerabilities

April 8, 2022 | By Accorian


Dell recently announced five new security vulnerabilities in the firmware of their BIOS. The vulnerability if successfully exploited could lead to code execution. Furthermore, the firmware monitoring systems are unable to detect these vulnerabilities due to the design limitation of the firmware. 

All the 5 vulnerabilities have been rated as high-severity issues with a CVSS score of 8.2. The CVE assigned to each one of them are CVE-2022-24415, CVE-2022-24416, CVE-2022-24419, CVE-2022-24420, and CVE-2022-24421. A large number of Dell products such as Alienware, Inspiron, Edge Gateway 300 and Vostro series are affected. The full list of affected devices can be found here.

All the flaws are related to the improper input validation vulnerability which affects the System Management Mode (SMM) of the firmware. This subsequently allows an unauthenticated local attacker to leverage the System Management Interrupt (SMI) to gain arbitrary code execution on the vulnerable system.

In response to this, Dell has announced firmware level remediation updates. Accorian recommends updating all Dell systems to the latest firmware version to prevent any exploitation.  


Recent Post

Ready to Start?

Ready to Start?​

Drop your CVs to

Interested Position

Download Case study

Download SOC2 Guide