Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2015-6856

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-08 Jan, 2016 | 19:00
Updated At-06 Aug, 2024 | 07:36
Rejected At-
Credits

Dell Pre-Boot Authentication Driver (PBADRV.sys) 1.0.1.5 allows local users to write to arbitrary physical memory locations and gain privileges via a 0x0022201c IOCTL call.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:08 Jan, 2016 | 19:00
Updated At:06 Aug, 2024 | 07:36
Rejected At:
▼CVE Numbering Authority (CNA)

Dell Pre-Boot Authentication Driver (PBADRV.sys) 1.0.1.5 allows local users to write to arbitrary physical memory locations and gain privileges via a 0x0022201c IOCTL call.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.korelogic.com/Resources/Advisories/KL-001-2015-008.txt
x_refsource_MISC
http://packetstormsecurity.com/files/134987/Dell-Authentication-Driver-Uncontrolled-Write.html
x_refsource_MISC
http://www.securityfocus.com/archive/1/537161/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://www.securityfocus.com/bid/79643
vdb-entry
x_refsource_BID
http://seclists.org/fulldisclosure/2015/Dec/81
mailing-list
x_refsource_FULLDISC
Hyperlink: https://www.korelogic.com/Resources/Advisories/KL-001-2015-008.txt
Resource:
x_refsource_MISC
Hyperlink: http://packetstormsecurity.com/files/134987/Dell-Authentication-Driver-Uncontrolled-Write.html
Resource:
x_refsource_MISC
Hyperlink: http://www.securityfocus.com/archive/1/537161/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.securityfocus.com/bid/79643
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://seclists.org/fulldisclosure/2015/Dec/81
Resource:
mailing-list
x_refsource_FULLDISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.korelogic.com/Resources/Advisories/KL-001-2015-008.txt
x_refsource_MISC
x_transferred
http://packetstormsecurity.com/files/134987/Dell-Authentication-Driver-Uncontrolled-Write.html
x_refsource_MISC
x_transferred
http://www.securityfocus.com/archive/1/537161/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.securityfocus.com/bid/79643
vdb-entry
x_refsource_BID
x_transferred
http://seclists.org/fulldisclosure/2015/Dec/81
mailing-list
x_refsource_FULLDISC
x_transferred
Hyperlink: https://www.korelogic.com/Resources/Advisories/KL-001-2015-008.txt
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://packetstormsecurity.com/files/134987/Dell-Authentication-Driver-Uncontrolled-Write.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/537161/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.securityfocus.com/bid/79643
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2015/Dec/81
Resource:
mailing-list
x_refsource_FULLDISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:08 Jan, 2016 | 19:59
Updated At:12 Apr, 2025 | 10:46

Dell Pre-Boot Authentication Driver (PBADRV.sys) 1.0.1.5 allows local users to write to arbitrary physical memory locations and gain privileges via a 0x0022201c IOCTL call.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.8HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary2.07.2HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.0
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.2
Base severity: HIGH
Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
Dell Inc.
dell
>>pre-boot_authentication_driver>>1.0.1.5
cpe:2.3:a:dell:pre-boot_authentication_driver:1.0.1.5:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-264Primarynvd@nist.gov
CWE ID: CWE-264
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://packetstormsecurity.com/files/134987/Dell-Authentication-Driver-Uncontrolled-Write.htmlcve@mitre.org
Exploit
http://seclists.org/fulldisclosure/2015/Dec/81cve@mitre.org
Exploit
http://www.securityfocus.com/archive/1/537161/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/bid/79643cve@mitre.org
N/A
https://www.korelogic.com/Resources/Advisories/KL-001-2015-008.txtcve@mitre.org
Exploit
http://packetstormsecurity.com/files/134987/Dell-Authentication-Driver-Uncontrolled-Write.htmlaf854a3a-2127-422b-91ae-364da2661108
Exploit
http://seclists.org/fulldisclosure/2015/Dec/81af854a3a-2127-422b-91ae-364da2661108
Exploit
http://www.securityfocus.com/archive/1/537161/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/79643af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.korelogic.com/Resources/Advisories/KL-001-2015-008.txtaf854a3a-2127-422b-91ae-364da2661108
Exploit
Hyperlink: http://packetstormsecurity.com/files/134987/Dell-Authentication-Driver-Uncontrolled-Write.html
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://seclists.org/fulldisclosure/2015/Dec/81
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://www.securityfocus.com/archive/1/537161/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/79643
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.korelogic.com/Resources/Advisories/KL-001-2015-008.txt
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://packetstormsecurity.com/files/134987/Dell-Authentication-Driver-Uncontrolled-Write.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Hyperlink: http://seclists.org/fulldisclosure/2015/Dec/81
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Hyperlink: http://www.securityfocus.com/archive/1/537161/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/79643
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.korelogic.com/Resources/Advisories/KL-001-2015-008.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit

Change History

0
Information is not available yet

Similar CVEs

76Records found
CVE-2022-24421
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.04% / 11.38%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 21:45
Updated-17 Sep, 2024 | 03:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_m15_r4_firmwarealienware_m17_r4_firmwarealienware_x17_r1alienware_15_r3inspiron_3465latitude_3379_firmwareedge_gateway_3000alienware_m17_r3inspiron_15_5566vostro_3669edge_gateway_5100_firmwarewyse_7040_thin_client_firmwarevostro_3268_firmwareinspiron_3482_firmwarevostro_3660alienware_aurora_r8alienware_x15_r1_firmwarealienware_x15_r1embedded_box_pc_3000inspiron_3277wyse_7040_thin_clientvostro_14_5468_firmwarealienware_15_r3_firmwarealienware_15_r4vostro_3572_firmwareinspiron_3482alienware_m17_r4alienware_area_51m_r1_firmwarealienware_m17_r2inspiron_3510_firmwarealienware_area_51m_r2alienware_x17_r1_firmwarealienware_aurora_r8_firmwarexps_8930vostro_3572vostro_3669_firmwarealienware_m15_r3_firmwarealienware_13_r3_firmwareinspiron_3782_firmwarealienware_m17_r3_firmwareedge_gateway_5000vostro_14_5468alienware_m15_r4vostro_3668_firmwareinspiron_3565_firmwareinspiron_3477alienware_13_r3vostro_3667inspiron_3510latitude_3379edge_gateway_3000_firmwareinspiron_3277_firmwarevostro_3660_firmwarevostro_15_5568_firmwarevostro_15_5568alienware_17_r5alienware_m15_r2_firmwareinspiron_15_3573_firmwarealienware_area_51m_r1inspiron_3782inspiron_3582alienware_17_r4_firmwarealienware_m15_r2inspiron_3565edge_gateway_5000_firmwarevostro_3582_firmwareinspiron_3582_firmwarealienware_m17_r2_firmwareinspiron_3465_firmwareinspiron_3502_firmwarevostro_3267edge_gateway_5100xps_8930_firmwareinspiron_3477_firmwarealienware_17_r4inspiron_15_3573inspiron_14_3473vostro_3268embedded_box_pc_5000_firmwareembedded_box_pc_5000embedded_box_pc_3000_firmwarealienware_m15_r3inspiron_3502vostro_3267_firmwareinspiron_14_3473_firmwarealienware_15_r4_firmwarevostro_3582vostro_3667_firmwareinspiron_15_5566_firmwarealienware_area_51m_r2_firmwarealienware_17_r5_firmwarevostro_3668CPG BIOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-24418
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.05% / 14.27%
||
7 Day CHG~0.00%
Published-26 May, 2022 | 15:20
Updated-17 Sep, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

Action-Not Available
Vendor-Dell Inc.
Product-inspiron_5515_firmwarevostro_5515_firmwareinspiron_3180vostro_3515_firmwareinspiron_3185_firmwareinspiron_22-3275_firmwaredell_g5_5505_firmwareinspiron_3185inspiron_3585inspiron_7405_firmwareinspiron_5515inspiron_5675_firmwareinspiron_5415_firmwareinspiron_5405_firmwareinspiron_27_7775_firmwareinspiron_3505_firmwareinspiron_5585inspiron_5775_firmwareinspiron_7375_firmwareinspiron_5575_firmwareinspiron_3785vostro_5415inspiron_7415_firmwareinspiron_3515inspiron_5415inspiron_3785_firmwareinspiron_7415vostro_3405_firmwareinspiron_3195inspiron_24-3475vostro_3515inspiron_3515_firmwareinspiron_3180_firmwareinspiron_5575inspiron_24-3475_firmwareinspiron_3195_firmwareinspiron_5505inspiron_3505inspiron_3595inspiron_27_7775inspiron_5505_firmwarevostro_5515dell_g5_5505inspiron_3595_firmwareinspiron_7375inspiron_3585_firmwareinspiron_5485_firmwareinspiron_5585_firmwareinspiron_7405inspiron_22-3275inspiron_5675vostro_5415_firmwareinspiron_5405inspiron_5775vostro_3405inspiron_5485CPG BIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2022-24420
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.04% / 11.38%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 21:45
Updated-17 Sep, 2024 | 00:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_m15_r4_firmwarealienware_m17_r4_firmwarealienware_x17_r1alienware_15_r3inspiron_3465latitude_3379_firmwareedge_gateway_3000alienware_m17_r3inspiron_15_5566vostro_3669edge_gateway_5100_firmwarewyse_7040_thin_client_firmwarevostro_3268_firmwareinspiron_3482_firmwarevostro_3660alienware_aurora_r8alienware_x15_r1_firmwarealienware_x15_r1embedded_box_pc_3000inspiron_3277wyse_7040_thin_clientvostro_14_5468_firmwarealienware_15_r3_firmwarealienware_15_r4vostro_3572_firmwareinspiron_3482alienware_m17_r4alienware_area_51m_r1_firmwarealienware_m17_r2inspiron_3510_firmwarealienware_area_51m_r2alienware_x17_r1_firmwarealienware_aurora_r8_firmwarexps_8930vostro_3572vostro_3669_firmwarealienware_m15_r3_firmwarealienware_13_r3_firmwareinspiron_3782_firmwarealienware_m17_r3_firmwareedge_gateway_5000vostro_14_5468alienware_m15_r4vostro_3668_firmwareinspiron_3565_firmwareinspiron_3477alienware_13_r3vostro_3667inspiron_3510latitude_3379edge_gateway_3000_firmwareinspiron_3277_firmwarevostro_3660_firmwarevostro_15_5568_firmwarevostro_15_5568alienware_17_r5alienware_m15_r2_firmwareinspiron_15_3573_firmwarealienware_area_51m_r1inspiron_3782inspiron_3582alienware_17_r4_firmwarealienware_m15_r2inspiron_3565edge_gateway_5000_firmwarevostro_3582_firmwareinspiron_3582_firmwarealienware_m17_r2_firmwareinspiron_3465_firmwareinspiron_3502_firmwarevostro_3267edge_gateway_5100xps_8930_firmwareinspiron_3477_firmwarealienware_17_r4inspiron_15_3573inspiron_14_3473vostro_3268embedded_box_pc_5000_firmwareembedded_box_pc_5000embedded_box_pc_3000_firmwarealienware_m15_r3inspiron_3502vostro_3267_firmwareinspiron_14_3473_firmwarealienware_15_r4_firmwarevostro_3582vostro_3667_firmwareinspiron_15_5566_firmwarealienware_area_51m_r2_firmwarealienware_17_r5_firmwarevostro_3668CPG BIOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-24419
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.04% / 11.38%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 21:45
Updated-16 Sep, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_m15_r4_firmwarealienware_m17_r4_firmwarealienware_x17_r1alienware_15_r3inspiron_3465latitude_3379_firmwareedge_gateway_3000alienware_m17_r3inspiron_15_5566vostro_3669edge_gateway_5100_firmwarewyse_7040_thin_client_firmwarevostro_3268_firmwareinspiron_3482_firmwarevostro_3660alienware_aurora_r8alienware_x15_r1_firmwarealienware_x15_r1embedded_box_pc_3000inspiron_3277wyse_7040_thin_clientvostro_14_5468_firmwarealienware_15_r3_firmwarealienware_15_r4vostro_3572_firmwareinspiron_3482alienware_m17_r4alienware_area_51m_r1_firmwarealienware_m17_r2inspiron_3510_firmwarealienware_area_51m_r2alienware_x17_r1_firmwarealienware_aurora_r8_firmwarexps_8930vostro_3572vostro_3669_firmwarealienware_m15_r3_firmwarealienware_13_r3_firmwareinspiron_3782_firmwarealienware_m17_r3_firmwareedge_gateway_5000vostro_14_5468alienware_m15_r4vostro_3668_firmwareinspiron_3565_firmwareinspiron_3477alienware_13_r3vostro_3667inspiron_3510latitude_3379edge_gateway_3000_firmwareinspiron_3277_firmwarevostro_3660_firmwarevostro_15_5568_firmwarevostro_15_5568alienware_17_r5alienware_m15_r2_firmwareinspiron_15_3573_firmwarealienware_area_51m_r1inspiron_3782inspiron_3582alienware_17_r4_firmwarealienware_m15_r2inspiron_3565edge_gateway_5000_firmwarevostro_3582_firmwareinspiron_3582_firmwarealienware_m17_r2_firmwareinspiron_3465_firmwareinspiron_3502_firmwarevostro_3267edge_gateway_5100xps_8930_firmwareinspiron_3477_firmwarealienware_17_r4inspiron_15_3573inspiron_14_3473vostro_3268embedded_box_pc_5000_firmwareembedded_box_pc_5000embedded_box_pc_3000_firmwarealienware_m15_r3inspiron_3502vostro_3267_firmwareinspiron_14_3473_firmwarealienware_15_r4_firmwarevostro_3582vostro_3667_firmwareinspiron_15_5566_firmwarealienware_area_51m_r2_firmwarealienware_17_r5_firmwarevostro_3668CPG BIOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-24417
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.05% / 14.27%
||
7 Day CHG~0.00%
Published-26 May, 2022 | 15:20
Updated-16 Sep, 2024 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

Action-Not Available
Vendor-Dell Inc.
Product-inspiron_5515_firmwarevostro_5515_firmwareinspiron_3180vostro_3515_firmwareinspiron_3185_firmwareinspiron_22-3275_firmwaredell_g5_5505_firmwareinspiron_3185inspiron_3585inspiron_7405_firmwareinspiron_5515inspiron_5675_firmwareinspiron_5415_firmwareinspiron_5405_firmwareinspiron_27_7775_firmwareinspiron_3505_firmwareinspiron_5585inspiron_5775_firmwareinspiron_7375_firmwareinspiron_5575_firmwareinspiron_3785vostro_5415inspiron_7415_firmwareinspiron_3515inspiron_5415inspiron_3785_firmwareinspiron_7415vostro_3405_firmwareinspiron_3195inspiron_24-3475vostro_3515inspiron_3515_firmwareinspiron_3180_firmwareinspiron_5575inspiron_24-3475_firmwareinspiron_3195_firmwareinspiron_5505inspiron_3505inspiron_3595inspiron_27_7775inspiron_5505_firmwarevostro_5515dell_g5_5505inspiron_3595_firmwareinspiron_7375inspiron_3585_firmwareinspiron_5485_firmwareinspiron_5585_firmwareinspiron_7405inspiron_22-3275inspiron_5675vostro_5415_firmwareinspiron_5405inspiron_5775vostro_3405inspiron_5485CPG BIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2018-1203
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-1.08% / 76.95%
||
7 Day CHG~0.00%
Published-26 Mar, 2018 | 18:00
Updated-16 Sep, 2024 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary with root privileges. In versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, the tcpdump binary, being run with sudo, may potentially be used by compadmin to execute arbitrary code with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-emc_isilon_onefsIsilon OneFS
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-1185
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-1.52% / 80.49%
||
7 Day CHG~0.00%
Published-03 Feb, 2018 | 01:00
Updated-05 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Admin CLI may allow a malicious user with admin privileges to escape from the restricted shell to an interactive shell and run arbitrary commands with root privileges.

Action-Not Available
Vendor-n/aDell Inc.
Product-emc_recoverpointemc_recoverpoint_for_virtual_machinesEMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, EMC RecoverPoint versions prior to 5.0.1.3
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-1184
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.25% / 47.88%
||
7 Day CHG~0.00%
Published-03 Feb, 2018 | 01:00
Updated-05 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Boxmgmt CLI may allow a malicious user with boxmgmt privileges to bypass Boxmgmt CLI and run arbitrary commands with root privileges.

Action-Not Available
Vendor-n/aDell Inc.
Product-emc_recoverpointemc_recoverpoint_for_virtual_machinesEMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, EMC RecoverPoint versions prior to 5.0.1.3
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-21553
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.03% / 7.80%
||
7 Day CHG~0.00%
Published-02 Aug, 2021 | 23:45
Updated-17 Sep, 2024 | 03:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 8.1.0-9.1.0 contain an Incorrect User Management vulnerability.under some specific conditions, this can allow the CompAdmin user to elevate privileges and break out of Compliance mode. This is a critical vulnerability and Dell recommends upgrading at the earliest.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-286
Incorrect User Management
CVE-2021-21554
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.1||MEDIUM
EPSS-0.05% / 14.69%
||
7 Day CHG~0.00%
Published-14 Jun, 2021 | 19:10
Updated-16 Sep, 2024 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and, Dell Precision 7920 Rack Workstation BIOS contain a stack-based buffer overflow vulnerability in systems with Intel Optane DC Persistent Memory installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.

Action-Not Available
Vendor-Dell Inc.
Product-poweredge_r740_firmwarepoweredge_r940xapoweredge_mx740c_firmwareprecision_7920_firmwarepoweredge_r640_firmwareprecision_7920poweredge_r940xa_firmwarepoweredge_r640poweredge_r840poweredge_mx840cpoweredge_mx740cpoweredge_r940_firmwarepoweredge_r840_firmwarepoweredge_r740xd_firmwarepoweredge_r940poweredge_r740poweredge_mx840c_firmwarepoweredge_r740xdPowerEdge BIOS Intel 15G
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21550
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6||MEDIUM
EPSS-0.05% / 16.77%
||
7 Day CHG~0.00%
Published-06 May, 2021 | 12:40
Updated-16 Sep, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability can allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-21552
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.2||MEDIUM
EPSS-0.14% / 34.60%
||
7 Day CHG~0.00%
Published-21 May, 2021 | 20:05
Updated-16 Sep, 2024 | 23:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse Windows Embedded System versions WIE10 LTSC 2019 and earlier contain an improper authorization vulnerability. A local authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass the restricted environment and perform unauthorized actions on the affected system.

Action-Not Available
Vendor-Microsoft CorporationDell Inc.
Product-wyse_5070_thin_clientwyse_5470_all-in-one_thin_clientwyse_5470_thin_clientwindows_10Wyse Windows Embedded (WES)
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-21557
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.1||HIGH
EPSS-0.04% / 11.71%
||
7 Day CHG~0.00%
Published-14 Jun, 2021 | 19:10
Updated-16 Sep, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge Server BIOS and select Dell Precision Rack BIOS contain an out-of-bounds array access vulnerability. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of service, arbitrary code execution, or information disclosure in System Management Mode.

Action-Not Available
Vendor-Dell Inc.
Product-poweredge_r7515poweredge_m640ppoweredge_t140_firmwarepoweredge_r6515_firmwarepoweredge_r240poweredge_r7515_firmwarepoweredge_r440_firmwarepoweredge_m640poweredge_mx740c_firmwarepoweredge_r640_firmwarepoweredge_t440poweredge_m640p_firmwarepoweredge_r940xa_firmwarepoweredge_r7525_firmwarepoweredge_mx840cpoweredge_r6525poweredge_t640poweredge_mx740cpoweredge_r7525poweredge_r840_firmwarepoweredge_c4140_firmwarepoweredge_r940poweredge_r540poweredge_m640_firmwarepoweredge_mx840c_firmwarepoweredge_r540_firmwarepoweredge_r740xdpoweredge_r740_firmwarepoweredge_t340_firmwarepoweredge_r6415poweredge_r440poweredge_r740xd2_firmwarepoweredge_r340_firmwarepoweredge_c6525_firmwarepoweredge_c6525poweredge_xr2_firmwarepoweredge_r6515poweredge_r940xapoweredge_r340poweredge_r6415_firmwarepoweredge_r6525_firmwarepoweredge_c6420poweredge_fc640_firmwarepoweredge_r640poweredge_t640_firmwarepoweredge_c6420_firmwarepoweredge_r740xd2poweredge_r840poweredge_r7415_firmwarepoweredge_r7425poweredge_fc640poweredge_t340poweredge_r240_firmwarepoweredge_r7415poweredge_r7425_firmwarepoweredge_c4140poweredge_r940_firmwarepoweredge_t440_firmwarepoweredge_r740xd_firmwarepoweredge_t140poweredge_r740poweredge_xr2PowerEdge BIOS Intel 15G
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-22557
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.11% / 30.50%
||
7 Day CHG~0.00%
Published-02 Jun, 2022 | 21:00
Updated-16 Sep, 2024 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PowerStore contains Plain-Text Password Storage Vulnerability in PowerStore X & T environments running versions 2.0.0.x and 2.0.1.x A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

Action-Not Available
Vendor-Dell Inc.
Product-powerstore_xpowerstore_tpowerstoreosPowerStore
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-22566
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 11.71%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 20:00
Updated-17 Sep, 2024 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Select Dell Client Commercial and Consumer platforms contain a pre-boot direct memory access (DMA) vulnerability. An authenticated attacker with physical access to the system may potentially exploit this vulnerability in order to execute arbitrary code on the device.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_5401vostro_5391_firmwarexps_15_9510_firmwareinspiron_5583inspiron_7500_firmwareinspiron_7300_firmwarelatitude_3520precision_3541_firmwareinspiron_5591_2-in-1g5_5500precision_3561_firmwareinspiron_7506_2-in-1xps_17_9710_firmwareg7_7500precision_7560inspiron_5590_firmwarevostro_3881_firmwarevostro_3490_firmwarelatitude_7200_2-in-1latitude_5511_firmwareinspiron_5493precision_3550vostro_3888inspiron_3891_firmwareoptiplex_3090_ultra_firmwareinspiron_7490vostro_3888_firmwarexps_13_7390_2-in-1_firmwarelatitude_7420_firmwareprecision_7540inspiron_5501vostro_5501_firmwarelatitude_3310_2-in-1inspiron_5390_firmwarelatitude_9420inspiron_5490_firmwareoptiplex_3090_ultraalienware_area_51m_r1_firmwareoptiplex_5080inspiron_5400_aioinspiron_5502latitude_5511inspiron_7501precision_5550inspiron_7300_2-in-1xps_17_9700inspiron_7390_firmwarexps_7590alienware_m17_r3_firmwarelatitude_5300vostro_3400inspiron_3891vostro_5310g3_3500latitude_9410_firmwarevostro_7590optiplex_7090_firmwareinspiron_7300_2-in-1_firmwareinspiron_7706_2-in-1_firmwarelatitude_5300_2-in-1g15_5511_firmwarelatitude_7410_firmwarelatitude_7320latitude_7300optiplex_7090latitude_5310_2-in-1inspiron_5490_aio_firmwareinspiron_5491_aiolatitude_3420inspiron_14_5418_firmwareg5_5500_firmwarelatitude_rugged_7330_firmwarevostro_5491_firmwarelatitude_5500_firmwarelatitude_5410_firmwarelatitude_5310_2-in-1_firmwarexps_13_7390inspiron_7490_firmwareinspiron_5409latitude_3400_firmwarevostro_3890latitude_7400latitude_3510precision_3560_firmwareinspiron_5584precision_3520vostro_5401_firmwareinspiron_3880_firmwareinspiron_3511_firmwareinspiron_5310_firmwareinspiron_5501_firmwareoptiplex_5080_firmwareinspiron_14_5410inspiron_5493_firmwarelatitude_3400xps_17_9700_firmwarelatitude_3420_firmwarealienware_m15_r3g5_5000vostro_3590vostro_5390inspiron_5491_2-in-1_firmwareinspiron_15_5510vostro_5590_firmwareinspiron_7506_2-in-1_firmwarealienware_m17_r4_firmwarelatitude_7320_detachable_firmwarelatitude_9410inspiron_3790optiplex_7080_firmwareinspiron_5491_aio_firmwarelatitude_5310vostro_5391inspiron_5494latitude_3301inspiron_5594optiplex_7090_ultra_firmwarexps_13_9300xps_15_9500latitude_5500precision_3450inspiron_5508_firmwareprecision_7550_firmwarelatitude_3500_firmwarechengming_3991vostro_5591precision_5560inspiron_5400_aio_firmwareinspiron_7501_firmwareinspiron_7500_2-in-1_blackg15_5510_firmwareinspiron_3881_firmwarevostro_7510_firmwarelatitude_5521g3_3590vostro_7510optiplex_5480_all-in-one_firmwareinspiron_7791precision_3540latitude_5501inspiron_7510_firmwarelatitude_7400_firmwarevostro_3501latitude_7520inspiron_7500_2-in-1_black_firmwareprecision_3450_firmwarechengming_3990inspiron_5301latitude_3310g7_7700_firmwarevostro_5880_firmwarexps_17_9710inspiron_3493vostro_5410alienware_area_51m_r1inspiron_5402precision_7540_firmwareprecision_5750_firmwareinspiron_7700_aiovostro_3401_firmwareinspiron_7391_firmwarevostro_3881vostro_5401inspiron_5593latitude_5420_firmwareprecision_3561vostro_5390_firmwarelatitude_5520latitude_3410_firmwareinspiron_7510vostro_5300inspiron_7400_firmwareoptiplex_7490_aio_firmwareinspiron_3493_firmwareprecision_3530_firmwarelatitude_3320vostro_5301inspiron_5583_firmwarexps_13_9310_2-in-1_firmwarexps_15_9510inspiron_3590latitude_7210_2-in-1inspiron_7590vostro_5880precision_7750alienware_m15_r6_firmwarelatitude_3301_firmwarelatitude_3320_firmwarelatitude_rugged_7220_extreme_firmwarelatitude_9520_firmwareprecision_5560_firmwarevostro_3690_firmwareoptiplex_7080g15_5510latitude_5520_firmwareoptiplex_5090optiplex_5480_all-in-oneinspiron_15_5518inspiron_5591_2-in-1_firmwarealienware_area_51m_r2_firmwarevostro_7500_firmwarelatitude_5400alienware_m15_r4_firmwarelatitude_5410precision_3541xps_8940inspiron_5310vostro_5510_firmwareprecision_3551latitude_5401_firmwarealienware_m17_r3vostro_5491inspiron_7610latitude_rugged_7330vostro_5301_firmwarelatitude_7300_firmwarelatitude_5421vostro_5890latitude_9420_firmwarelatitude_5510inspiron_5400_2-in-1inspiron_5401_aio_firmwarelatitude_5400_firmwareinspiron_7610_firmwarevostro_5300_firmwareoptiplex_5090_firmwarevostro_3501_firmwareinspiron_5400_2-in-1_firmwareinspiron_7391inspiron_3593_firmwarealienware_m17_r4optiplex_7780_all-in-one_firmwareprecision_3440inspiron_5494_firmwareprecision_3440_firmwarevostro_5402optiplex_7090_ultrag5_5000_firmwareprecision_3640_firmwarelatitude_3310_2-in-1_firmwarealienware_m15_r3_firmwarelatitude_5320precision_3550_firmwarelatitude_7410latitude_3310_firmwareinspiron_3590_firmwarelatitude_5501_firmwarexps_13_7390_2-in-1vostro_3690optiplex_3280_all-in-one_firmwarexps_15_9500_firmwarelatitude_5411inspiron_5300_firmwareprecision_7760vostro_7500vostro_3500_firmwareinspiron_7306_2-in-1_firmwareinspiron_7590_firmwareinspiron_7791_firmwareprecision_7740_firmwarelatitude_7320_detachablelatitude_9520latitude_rugged_7220_extremeinspiron_5509vostro_3590_firmwareinspiron_5406_2-in-1_firmwareinspiron_5498vostro_3681inspiron_7500_2-in-1_silver_firmwarelatitude_7420inspiron_7591_firmwareinspiron_5300inspiron_7706_2-in-1latitude_7400_2-in-1_firmwareinspiron_5508precision_5550_firmwareinspiron_5491_2-in-1precision_3530g7_7500_firmwarelatitude_5411_firmwarelatitude_3510_firmwarelatitude_3120_firmwareinspiron_5590vostro_5490inspiron_3593inspiron_15_5518_firmwareprecision_7740inspiron_5301_firmwareinspiron_5408_firmwarelatitude_7310_firmwareinspiron_5498_firmwareprecision_5540vostro_5490_firmwareinspiron_7306_2-in-1xps_13_9310_firmwareinspiron_3790_firmwarexps_13_7390_firmwarelatitude_9510optiplex_3280_all-in-onelatitude_7520_firmwareprecision_5760_firmwarelatitude_5420inspiron_7300inspiron_3793_firmwareinspiron_5402_firmwarevostro_3681_firmwareinspiron_7390vostro_5890_firmwareprecision_7560_firmwarelatitude_9510_firmwareinspiron_5406_2-in-1precision_3650latitude_7400_2-in-1optiplex_5490_aio_firmwareprecision_7760_firmwareoptiplex_7070_ufflatitude_5300_2-in-1_firmwarevostro_5510inspiron_3511inspiron_3490latitude_7210_2-in-1_firmwarelatitude_rugged_5430_firmwarexps_13_9310inspiron_5410latitude_5510_firmwareg7_7700vostro_5502vostro_3510_firmwareoptiplex_7490_aioinspiron_5410_firmwareoptiplex_7780_all-in-oneinspiron_15_5510_firmwareinspiron_5490inspiron_3501_firmwareinspiron_5408vostro_5410_firmwarevostro_5502_firmwareprecision_3540_firmwarelatitude_5300_firmwareinspiron_3880g3_3500_firmwareoptiplex_3080_firmwarelatitude_3410precision_7550vostro_5402_firmwarevostro_3490latitude_rugged_7220inspiron_5391inspiron_3881inspiron_5598xps_13_9380latitude_5320_firmwarexps_7590_firmwareoptiplex_3080alienware_area_51m_r2inspiron_7500_2-in-1_silverinspiron_3501latitude_5310_firmwarelatitude_3500xps_13_9300_firmwareprecision_5750alienware_m15_r4inspiron_3793latitude_rugged_5430xps_9305_firmwarealienware_m15_r6inspiron_7591vostro_3890_firmwareoptiplex_5490_aiolatitude_7310inspiron_14_5410_firmwareinspiron_7790latitude_5421_firmwareg3_3590_firmwareinspiron_7500inspiron_7790_firmwareg15_5511inspiron_5584_firmwareprecision_5540_firmwareprecision_5760vostro_5590inspiron_5401_firmwarevostro_5501optiplex_7480_all-in-onechengming_3990_firmwarexps_8940_firmwarelatitude_7320_firmwarelatitude_3120latitude_rugged_7220_firmwareprecision_3520_firmwareprecision_3560inspiron_5594_firmwareprecision_3551_firmwareinspiron_5401_aioprecision_3640inspiron_7700_aio_firmwarevostro_3400_firmwarevostro_5310_firmwareinspiron_5509_firmwareinspiron_5593_firmwarelatitude_7200_2-in-1_firmwareinspiron_5598_firmwareoptiplex_7480_all-in-one_firmwareprecision_3650_firmwarevostro_3500xps_9305precision_3240_compactprecision_7750_firmwareinspiron_5391_firmwarelatitude_3520_firmwarevostro_3401inspiron_5490_aioinspiron_5502_firmwarechengming_3991_firmwarevostro_7590_firmwareinspiron_14_5418inspiron_3490_firmwareinspiron_5409_firmwareinspiron_7400xps_13_9380_firmwareinspiron_5390optiplex_7070_uff_firmwareprecision_3240_compact_firmwarelatitude_5521_firmwarevostro_3510inspiron_5401xps_13_9310_2-in-1vostro_5591_firmwareCPG BIOS
CWE ID-CWE-1190
DMA Device Enabled Too Early in Boot Phase
CVE-2020-5385
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.32%
||
7 Day CHG~0.00%
Published-18 Aug, 2020 | 20:40
Updated-17 Sep, 2024 | 02:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Encryption versions prior to 10.8 and Dell Endpoint Security Suite versions prior to 2.8 contain a privilege escalation vulnerability because of an incomplete fix for CVE-2020-5358. A local malicious user with low privileges could potentially exploit this vulnerability to gain elevated privilege on the affected system with the help of a symbolic link.

Action-Not Available
Vendor-Dell Inc.
Product-encryptionendpoint_security_suite_enterpriseDell Encryption Enterprise
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2021-43587
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.03% / 8.07%
||
7 Day CHG~0.00%
Published-21 Dec, 2021 | 17:05
Updated-17 Sep, 2024 | 03:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerPath Management Appliance, versions 3.2, 3.1, 3.0 P01, 3.0, and 2.6, use hard-coded cryptographic key. A local high-privileged malicious user may potentially exploit this vulnerability to gain access to secrets and elevate to gain higher privileges.

Action-Not Available
Vendor-Dell Inc.
Product-powerpath_management_appliancePowerPath Management Appliance
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CVE-2021-36315
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.04% / 12.76%
||
7 Day CHG~0.00%
Published-12 Nov, 2021 | 22:15
Updated-17 Sep, 2024 | 00:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerScale Nodes contain a hardware design flaw. This may allow a local unauthenticated user to escalate privileges. This also affects Compliance mode and for Compliance mode clusters, is a critical vulnerability. Dell EMC recommends applying the workaround at your earliest opportunity.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_nodes_a3000_firmwareemc_powerscale_nodes_h5600_firmwareemc_powerscale_nodes_f810_firmwareemc_powerscale_nodes_h400_firmwareemc_powerscale_nodes_h700emc_powerscale_nodes_h5600emc_powerscale_nodes_h700_firmwareemc_powerscale_nodes_x410emc_powerscale_nodes_a200_firmwareemc_powerscale_nodes_f200_firmwareemc_powerscale_nodes_x210emc_powerscale_nodes_a100_firmwareemc_powerscale_nodes_s210_firmwareemc_powerscale_nodes_f800_firmwareemc_powerscale_nodes_f600_firmwareemc_powerscale_nodes_f600emc_powerscale_nodes_a300_firmwareemc_powerscale_nodes_a200emc_powerscale_nodes_a3000emc_powerscale_nodes_h7000_firmwareemc_powerscale_nodes_x210_firmwareemc_powerscale_nodes_a2000emc_powerscale_nodes_f200emc_powerscale_nodes_h500_firmwareemc_powerscale_nodes_s210emc_powerscale_nodes_nl410emc_powerscale_nodes_h400emc_powerscale_nodes_h7000emc_powerscale_nodes_h600emc_powerscale_nodes_nl410_firmwareemc_powerscale_nodes_a100emc_powerscale_nodes_x410_firmwareemc_powerscale_nodes_a300emc_powerscale_nodes_a2000_firmwareemc_powerscale_nodes_f810emc_powerscale_nodes_h500emc_powerscale_nodes_f800emc_powerscale_nodes_h600_firmwarePowerScale Nodes
CVE-2021-36324
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.04% / 10.88%
||
7 Day CHG~0.00%
Published-12 Nov, 2021 | 22:15
Updated-16 Sep, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Action-Not Available
Vendor-Dell Inc.
Product-inspiron_15_7570_firmwarelatitude_5401g7_7590inspiron_3470latitude_e7270optiplex_7770_firmwarevostro_3669inspiron_5491_firmwareprecision_7820_firmwareinspiron_5477_firmwarelatitude_5179inspiron_15_7577latitude_7380_firmwarevostro_3888xps_13_9370inspiron_5570vostro_3888_firmwarewyse_7040latitude_e5270precision_7540alienware_15_r3_firmwareprecision_3420wyse_5070inspiron_5490_firmwarealienware_area_51m_r1_firmwarelatitude_5590optiplex_5080latitude_5511inspiron_7580_firmwarealienware_m15_r1_firmwareprecision_7720precision_7920alienware_m17_r3_firmwarelatitude_5300vostro_5581_firmwarelatitude_3380_firmwareprecision_5530_firmwareoptiplex_5040latitude_rugged_5420vostro_15_7580inspiron_14_5468optiplex_5050alienware_aurora_r11latitude_3470latitude_7300g5_5590xps_13_9360vostro_14_3478_firmwareoptiplex_3060_firmwarelatitude_3590_firmwarelatitude_7490_firmwarealienware_m15_r2precision_5520latitude_7400latitude_5591precision_3620precision_5820inspiron_3471latitude_3390optiplex_5050_firmwareprecision_7520_firmwareoptiplex_7071_firmwarelatitude_5175_firmwareinspiron_7586optiplex_3040_firmwareoptiplex_5070precision_3630_firmwareprecision_3430g5_5000inspiron_7700inspiron_13_5378_firmwarelatitude_7285_firmwarexps_13_9370_firmwarevostro_3581_firmwarelatitude_7275vostro_3581xps_15_9575latitude_9410inspiron_7777optiplex_7070latitude_3570optiplex_7080_firmwareoptiplex_5480_firmwareinspiron_15_5578_firmwarelatitude_5310latitude_rugged_7424_firmwarevostro_3268_firmwarevostro_3660alienware_aurora_r8alienware_x15_r1inspiron_5400latitude_7480_firmwarevostro_14_5468_firmwarelatitude_e5470_firmwarechengming_3977vostro_5090latitude_3190vostro_5370alienware_aurora_r8_firmwareinspiron_5580_firmwareinspiron_3881_firmwarelatitude_rugged_7424latitude_5488g3_3590optiplex_5260latitude_7380precision_3540alienware_aurora_r11_firmwarevostro_14_5468optiplex_7780optiplex_3280xps_15_9560inspiron_3580_firmwareinspiron_3781_firmwarevostro_5370_firmwarewyse_5070_firmwarevostro_3670_firmwarelatitude_7275_firmwareinspiron_3280_firmwarelatitude_3310precision_7520vostro_15_3578_firmwarevostro_3660_firmwareinspiron_5482latitude_7290g7_7587_firmwarealienware_area_51m_r1precision_7540_firmwareoptiplex_7760latitude_7480vostro_3881wyse_5470_firmwareinspiron_7580inspiron_3668inspiron_5770alienware_m17_r2_firmwarelatitude_3580inspiron_3668_firmwarelatitude_5285optiplex_7780_firmwareinspiron_5480_firmwarelatitude_3551optiplex_xe3_firmwareinspiron_7590vostro_5880vostro_3268optiplex_7070_firmwarevostro_3584optiplex_xe3precision_5510inspiron_7370precision_3240vostro_3481_firmwarelatitude_5491optiplex_3240_firmwareoptiplex_7040inspiron_7386alienware_aurora_r12latitude_7280latitude_5400latitude_5410inspiron_7373_firmwareprecision_3541xps_8940optiplex_7050_firmwareprecision_7730_firmwarelatitude_3379_firmwarelatitude_5401_firmwarealienware_m17_r3precision_7730inspiron_7380precision_3240_firmwarelatitude_7285latitude_5400_firmwareprecision_3420_firmwarevostro_3671_firmwareprecision_3440latitude_rugged_7220ex_firmwareprecision_7510_firmwareg5_5000_firmwareoptiplex_7460_firmwareoptiplex_5250_firmwareinspiron_5680_firmwarealienware_m15_r3_firmwareinspiron_3576inspiron_3671_firmwareprecision_3550_firmwarevostro_3668_firmwarelatitude_3310_firmwarevostro_15_7580_firmwareinspiron_3781inspiron_3576_firmwareg7_7588_firmwarelatitude_3570_firmwareoptiplex_3050_firmwareinspiron_7590_firmwarelatitude_rugged_5414_firmwareprecision_7740_firmwareinspiron_15_3567alienware_m15_r2_firmwarelatitude_7389vostro_3681inspiron_5570_firmwareinspiron_3481inspiron_3780_firmwareprecision_3530g7_7588latitude_5411_firmwareinspiron_3470_firmwareinspiron_5370inspiron_7467_firmwareprecision_7740inspiron_3481_firmwareprecision_5530latitude_7310_firmwareinspiron_15_5579_firmwarelatitude_9510inspiron_5770_firmwareinspiron_7586_firmwarelatitude_rugged_extreme_7214latitude_3180_firmwarevostro_3681_firmwarealienware_m17_r1_firmwarevostro_3580_firmwareinspiron_3581_firmwareinspiron_17_7773latitude_9510_firmwarelatitude_3490_firmwareprecision_5720_firmwareg7_7587vostro_3668optiplex_7770optiplex_5270latitude_7280_firmwarevostro_3670latitude_5280latitude_5179_firmwareinspiron_5490inspiron_15_5578latitude_5300_firmwareinspiron_3880inspiron_5580latitude_5480_firmwareinspiron_3277precision_7550xps_7590_firmwareoptiplex_3080alienware_m17_r1latitude_3480latitude_rugged_5424_firmwarevostro_3671inspiron_7591latitude_7310inspiron_7790g3_3590_firmwareinspiron_7790_firmwarealienware_13_r3latitude_3379vostro_3584_firmwarechengming_3990_firmwarevostro_15_5568precision_3520_firmwarechengming_3980inspiron_7567_firmwareoptiplex_7060vostro_14_3468_firmwarelatitude_5290_firmwareinspiron_13_5379_firmwareg5_5090_firmwarelatitude_7390latitude_3390_firmwareprecision_7750_firmwarealienware_aurora_r12_firmwareprecision_3431precision_7510vostro_3480_firmwarechengming_3991_firmwarevostro_7590_firmwareprecision_3510_firmwareinspiron_7370_firmwarelatitude_7389_firmwarelatitude_e7470optiplex_5040_firmwareinspiron_3581latitude_rugged_tablet_7212_firmwareoptiplex_7480inspiron_5400_firmwareinspiron_15_5566_firmwarelatitude_5488_firmwarealienware_17_r5_firmwareoptiplex_5480precision_3541_firmwarealienware_m15_r1precision_7920_firmwareinspiron_15_7572alienware_aurora_r7_firmwareinspiron_3476_firmwareinspiron_5680vostro_3881_firmwareinspiron_7373latitude_5511_firmwareinspiron_15_7573_firmwareoptiplex_7040_firmwareprecision_3550latitude_7370latitude_7370_firmwareoptiplex_7440_firmwareoptiplex_5070_firmwarealienware_15_r4latitude_5490alienware_m17_r2inspiron_7567vostro_3070_firmwarelatitude_rugged_extreme_7414xps_7590optiplex_7071vostro_3481inspiron_7786latitude_9410_firmwarevostro_7590latitude_e7270_firmwarelatitude_5280_firmwareg5_5587_firmwarelatitude_3180inspiron_3268latitude_e5470optiplex_3070_firmwarelatitude_7410_firmwarevostro_3667latitude_e7470_firmwareprecision_7720_firmwareinspiron_3476inspiron_13_5378inspiron_3780inspiron_7380_firmwarelatitude_7390_firmwarelatitude_5500_firmwareprecision_7710latitude_5410_firmwarevostro_5090_firmwareprecision_3520inspiron_17_7773_firmwareg7_7790latitude_e5570inspiron_3880_firmwareg5_5090optiplex_3050optiplex_5080_firmwareinspiron_15_7570latitude_e5270_firmwareoptiplex_7480_firmwarevostro_3471latitude_rugged_5420_firmwarelatitude_rugged_extreme_7214_firmwareinspiron_3480_firmwareg5_5590_firmwarealienware_m15_r3inspiron_7700_firmwareoptiplex_5060_firmwarelatitude_3470_firmwareprecision_7530_firmwarealienware_x17_r1latitude_rugged_5424vostro_3583_firmwareinspiron_15_5566latitude_3190_firmwarealienware_aurora_ryzen_edition_firmwareg3_3779_firmwarevostro_15_3578latitude_5500inspiron_15_5582precision_7550_firmwarewyse_7040_firmwarelatitude_5285_firmwareinspiron_5477chengming_3991latitude_5288_firmwarelatitude_rugged_extreme_7414_firmwareinspiron_5480inspiron_3471_firmwarevostro_3669_firmwarelatitude_5501latitude_7400_firmwareprecision_7710_firmwarelatitude_3590inspiron_7472_firmwareoptiplex_5260_firmwarechengming_3990vostro_3583latitude_5491_firmwarevostro_5880_firmwareprecision_3630xps_15_9560_firmwarevostro_14_3468optiplex_3060optiplex_5060chengming_3988_firmwareinspiron_5491inspiron_5482_firmwarevostro_5481inspiron_7467precision_3530_firmwareprecision_3930_firmwarelatitude_rugged_tablet_7212latitude_5580_firmwarelatitude_7200inspiron_3477_firmwarelatitude_3189vostro_3580precision_7750inspiron_7472latitude_5175inspiron_14_3467_firmwareprecision_3620_firmwareoptiplex_3280_firmwarevostro_15_3568embedded_box_pc_5000inspiron_3580vostro_3267_firmwarevostro_3470_firmwareg3_3579inspiron_7386_firmwareoptiplex_7080alienware_aurora_r9alienware_area_51m_r2_firmwareoptiplex_7440latitude_5480alienware_15_r3vostro_5471_firmwareoptiplex_7470optiplex_3046xps_15_9575_firmwarelatitude_7210_firmwareinspiron_15_5582_firmwarealienware_x15_r1_firmwarelatitude_7300_firmwarelatitude_5510wyse_5470inspiron_5481precision_3440_firmwarealienware_x17_r1_firmwarexps_8930xps_27_7760inspiron_7786_firmwareprecision_3640_firmwareinspiron_15_5579vostro_15_3568_firmwarelatitude_7410latitude_5501_firmwarexps_27_7760_firmwareprecision_3430_firmwarelatitude_5411optiplex_7450_firmwareoptiplex_7450inspiron_15_3567_firmwareg3_3579_firmwarevostro_15_5568_firmwarelatitude_3480_firmwarelatitude_3189_firmwarexps_13_9360_firmwarealienware_17_r5optiplex_7760_firmwareinspiron_14_5468_firmwareinspiron_7591_firmwarelatitude_5290alienware_aurora_r7latitude_5289_firmwarechengming_3980_firmwarelatitude_5590_firmwareinspiron_15_7572_firmwarevostro_5481_firmwarelatitude_rugged_5414vostro_3267inspiron_14_3467inspiron_3671precision_5540alienware_17_r4precision_3930inspiron_3480latitude_3490inspiron_3670latitude_3300_firmwarevostro_5471alienware_15_r4_firmwarevostro_5581latitude_7200_firmwareg7_7790_firmwarelatitude_5510_firmwareinspiron_3670_firmwarevostro_15_7570latitude_e5570_firmwareprecision_3540_firmwareinspiron_7777_firmwareoptiplex_3046_firmwarelatitude_3380latitude_7210latitude_5289precision_7820vostro_3471_firmwareoptiplex_3080_firmwareoptiplex_3240precision_5510_firmwarelatitude_rugged_7220inspiron_3881xps_13_9380alienware_area_51m_r2latitude_5490_firmwarelatitude_5591_firmwarealienware_13_r3_firmwarelatitude_5310_firmwarevostro_3070inspiron_5481_firmwareprecision_5520_firmwarechengming_3988xps_15_7590inspiron_3477latitude_3300latitude_5580precision_5540_firmwareinspiron_3277_firmwareinspiron_5401_firmwarexps_8940_firmwareinspiron_3268_firmwarevostro_3480latitude_rugged_7220_firmwareprecision_3640alienware_17_r4_firmwarelatitude_rugged_7220exg5_5587latitude_3580_firmwarevostro_3470alienware_aurora_r9_firmwareoptiplex_3070inspiron_3280optiplex_3040precision_5720latitude_7290_firmwareoptiplex_5270_firmwareprecision_7530inspiron_5370_firmwarelatitude_3551_firmwarexps_8930_firmwarechengming_3977_firmwareoptiplex_7470_firmwareoptiplex_7460g7_7590_firmwarexps_15_7590_firmwareembedded_box_pc_5000_firmwareinspiron_15_7573optiplex_7050precision_3431_firmwareprecision_3510vostro_14_3478xps_13_9380_firmwareinspiron_13_5379latitude_5288latitude_7490optiplex_7060_firmwareg3_3779precision_5820_firmwareinspiron_5401optiplex_5250vostro_3667_firmwarealienware_aurora_ryzen_editioninspiron_15_7577_firmwarevostro_15_7570_firmwareCPG BIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2021-21518
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 9.52%
||
7 Day CHG~0.00%
Published-12 Mar, 2021 | 20:10
Updated-16 Sep, 2024 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. A local user with low privileges could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with SYSTEM privileges.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_business_pcssupportassist_for_home_pcssupportassist_client_promanageDell SupportAssist Client
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-21555
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.1||MEDIUM
EPSS-0.15% / 36.32%
||
7 Day CHG~0.00%
Published-14 Jun, 2021 | 19:10
Updated-16 Sep, 2024 | 22:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a heap-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.

Action-Not Available
Vendor-Dell Inc.
Product-poweredge_r740_firmwarepoweredge_r940xapoweredge_mx740c_firmwarepoweredge_r640_firmwarepoweredge_r940xa_firmwarepoweredge_r640poweredge_t640_firmwarepoweredge_r840poweredge_mx840cpoweredge_t640poweredge_mx740cpoweredge_r940_firmwarepoweredge_r840_firmwarepoweredge_r740xd_firmwarepoweredge_r940poweredge_r740poweredge_mx840c_firmwarepoweredge_r740xdPowerEdge BIOS Intel 15G
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21526
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6||MEDIUM
EPSS-0.03% / 5.96%
||
7 Day CHG~0.00%
Published-20 Apr, 2021 | 16:45
Updated-17 Sep, 2024 | 00:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS 8.1.0 - 9.1.0 contains a privilege escalation in SmartLock compliance mode that may allow compadmin to execute arbitrary commands as root.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-21556
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.1||MEDIUM
EPSS-0.05% / 14.69%
||
7 Day CHG~0.00%
Published-14 Jun, 2021 | 19:10
Updated-17 Sep, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a stack-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.

Action-Not Available
Vendor-Dell Inc.
Product-poweredge_r740_firmwarepoweredge_r940xapoweredge_mx740c_firmwarepoweredge_r640_firmwarepoweredge_r940xa_firmwarepoweredge_r640poweredge_t640_firmwarepoweredge_r840poweredge_mx840cpoweredge_t640poweredge_mx740cpoweredge_r940_firmwarepoweredge_r840_firmwarepoweredge_r740xd_firmwarepoweredge_r940poweredge_r740poweredge_mx840c_firmwarepoweredge_r740xdPowerEdge BIOS Intel 15G
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-5348
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 30.88%
||
7 Day CHG~0.00%
Published-03 Apr, 2020 | 23:20
Updated-17 Sep, 2024 | 03:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a UAF vulnerability in EFI_BOOT_SERVICES in system management mode. A local unauthenticated attacker may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in system management mode.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_7202_firmwarelatitude_7202CPG BIOS
CWE ID-CWE-416
Use After Free
CVE-2020-5363
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.6||HIGH
EPSS-0.05% / 14.43%
||
7 Day CHG~0.00%
Published-10 Jun, 2020 | 20:40
Updated-16 Sep, 2024 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell's manageability interface without knowledge of the current BIOS Admin password. This could potentially allow an unauthorized actor, with physical access and/or OS administrator privileges to the device, to gain privileged access to the platform and the hard drive.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_7300latitude_5401precision_7740_firmwareprecision_3541precision_3541_firmwarelatitude_5401_firmwareprecision_7540_firmwarelatitude_5500_firmwareprecision_3540_firmwarelatitude_5300_firmwarexps_13_9300xps_7390_2-in-1_firmwarelatitude_7300_firmwarelatitude_5500latitude_7400latitude_5400_firmwarelatitude_7200_2_in_1_firmwarelatitude_7220_firmwareprecision_7540precision_7740latitude_7220ex_rugged_extreme_tabletxps_7590_firmwarelatitude_7220ex_rugged_extreme_tablet_firmwarexps_7590latitude_7220latitude_7200_2_in_1latitude_5501latitude_5300latitude_7400_firmwareprecision_3540xps_13_9300_firmwarexps_7390_2-in-1latitude_5501_firmwarelatitude_5300_2-in-1latitude_5300_2-in-1_firmwarelatitude_5400Dell Client Consumer and Commercial platforms
CWE ID-CWE-158
Improper Neutralization of Null Byte or NUL Character
CVE-2020-5358
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 2.48%
||
7 Day CHG~0.00%
Published-15 Jun, 2020 | 20:20
Updated-17 Sep, 2024 | 01:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Encryption versions prior to 10.7 and Dell Endpoint Security Suite versions prior to 2.7 contain a privilege escalation vulnerability due to incorrect permissions. A local malicious user with low privileges could potentially exploit this vulnerability to gain elevated privilege on the affected system with the help of a symbolic link.

Action-Not Available
Vendor-Dell Inc.
Product-encryptionendpoint_security_suite_enterpriseDell Encryption Enterprise
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
  • Previous
  • 1
  • 2
  • Next
Details not found