Threat Advisory

Dell vulnerabilities

April 8, 2022 | By Accorian

Hello,

Dell recently announced five new security vulnerabilities in the firmware of their BIOS. The vulnerability if successfully exploited could lead to code execution. Furthermore, the firmware monitoring systems are unable to detect these vulnerabilities due to the design limitation of the firmware. 

All the 5 vulnerabilities have been rated as high-severity issues with a CVSS score of 8.2. The CVE assigned to each one of them are CVE-2022-24415, CVE-2022-24416, CVE-2022-24419, CVE-2022-24420, and CVE-2022-24421. A large number of Dell products such as Alienware, Inspiron, Edge Gateway 300 and Vostro series are affected. The full list of affected devices can be found here. https://www.dell.com/support/kbdoc/en-in/000197057/dsa-2022-053.

All the flaws are related to the improper input validation vulnerability which affects the System Management Mode (SMM) of the firmware. This subsequently allows an unauthenticated local attacker to leverage the System Management Interrupt (SMI) to gain arbitrary code execution on the vulnerable system.

In response to this, Dell has announced firmware level remediation updates. Accorian recommends updating all Dell systems to the latest firmware version to prevent any exploitation.  

Source: https://www.dell.com/support/kbdoc/en-in/000197057/dsa-2022-053 

Recent Post

    Ready to Start?

    Shukla CPA, d.b.a Accorian Assurance is a licensed, certified public accounting firm registered with the American Institute of Pubic Accountants (AICPA) and the Public Company Accounting Oversight Board (PCAOB). Esha IT Corp d.b.a Accorian is a global leader in cybersecurity and compliance professional services.

    © 2023 Accorian. All Rights Reserved.

      Ready to Start?

      Download Case study

      Download SOC2 Guide

      Human Resources Director

      Posted On: 09 May, 2022

      Drop your CVs to joinourteam@accorian.com

        Interested Position
        First Name
        Last Name
        Email
        Total Experience
        Mobile Number
        Upload Resume