Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-3717

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-05 Aug, 2019 | 16:38
Updated At-16 Sep, 2024 | 16:43
Rejected At-
Credits

Select Dell Client Commercial and Consumer platforms contain an Improper Access Vulnerability. An unauthenticated attacker with physical access to the system could potentially bypass intended Secure Boot restrictions to run unsigned and untrusted code on expansion cards installed in the system during platform boot. Refer to https://www.dell.com/support/article/us/en/04/sln317683/dsa-2019-043-dell-client-improper-access-control-vulnerability?lang=en for versions affected by this vulnerability.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:05 Aug, 2019 | 16:38
Updated At:16 Sep, 2024 | 16:43
Rejected At:
▼CVE Numbering Authority (CNA)

Select Dell Client Commercial and Consumer platforms contain an Improper Access Vulnerability. An unauthenticated attacker with physical access to the system could potentially bypass intended Secure Boot restrictions to run unsigned and untrusted code on expansion cards installed in the system during platform boot. Refer to https://www.dell.com/support/article/us/en/04/sln317683/dsa-2019-043-dell-client-improper-access-control-vulnerability?lang=en for versions affected by this vulnerability.

Affected Products
Vendor
Dell Inc.Dell
Product
Dell Client Commercial and Consumer platforms
Versions
Affected
  • https://www.dell.com/support/article/us/en/04/sln317683/dsa-2019-043-dell-client-improper-access-control-vulnerability?lang=en
Problem Types
TypeCWE IDDescription
textN/AImproper Access Control
Type: text
CWE ID: N/A
Description: Improper Access Control
Metrics
VersionBase scoreBase severityVector
3.07.1HIGH
CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:H
Version: 3.0
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/article/us/en/04/sln317683/dsa-2019-043-dell-client-improper-access-control-vulnerability?lang=en
x_refsource_CONFIRM
Hyperlink: https://www.dell.com/support/article/us/en/04/sln317683/dsa-2019-043-dell-client-improper-access-control-vulnerability?lang=en
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/article/us/en/04/sln317683/dsa-2019-043-dell-client-improper-access-control-vulnerability?lang=en
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.dell.com/support/article/us/en/04/sln317683/dsa-2019-043-dell-client-improper-access-control-vulnerability?lang=en
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:05 Aug, 2019 | 17:15
Updated At:10 Feb, 2023 | 02:26

Select Dell Client Commercial and Consumer platforms contain an Improper Access Vulnerability. An unauthenticated attacker with physical access to the system could potentially bypass intended Secure Boot restrictions to run unsigned and untrusted code on expansion cards installed in the system during platform boot. Refer to https://www.dell.com/support/article/us/en/04/sln317683/dsa-2019-043-dell-client-improper-access-control-vulnerability?lang=en for versions affected by this vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.8MEDIUM
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.07.1HIGH
CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:H
Primary2.07.2HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 6.8
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.0
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:H
Type: Primary
Version: 2.0
Base score: 7.2
Base severity: HIGH
Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
Dell Inc.
dell
>>chengming_3967>>-
cpe:2.3:h:dell:chengming_3967:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>chengming_3967_firmware>>Versions before 1.5.0(exclusive)
cpe:2.3:o:dell:chengming_3967_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>chengming_3977>>-
cpe:2.3:h:dell:chengming_3977:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>chengming_3977_firmware>>Versions before 1.6.0(exclusive)
cpe:2.3:o:dell:chengming_3977_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>chengming_3980>>-
cpe:2.3:h:dell:chengming_3980:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>chengming_3980_firmware>>Versions before 1.5.21(exclusive)
cpe:2.3:o:dell:chengming_3980_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>g3_3579>>-
cpe:2.3:h:dell:g3_3579:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>g3_3579_firmware>>Versions before 1.9.0(exclusive)
cpe:2.3:o:dell:g3_3579_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>g3_3779>>-
cpe:2.3:h:dell:g3_3779:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>g3_3779_firmware>>Versions before 1.9.0(exclusive)
cpe:2.3:o:dell:g3_3779_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>g5_5587>>-
cpe:2.3:h:dell:g5_5587:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>g5_5587_firmware>>Versions before 1.10.0(exclusive)
cpe:2.3:o:dell:g5_5587_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>g5_5590_firmware>>Versions before 1.3.1(exclusive)
cpe:2.3:o:dell:g5_5590_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>g5_5590>>-
cpe:2.3:h:dell:g5_5590:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>g7_7588_firmware>>Versions before 1.10.0(exclusive)
cpe:2.3:o:dell:g7_7588_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>g7_7588>>-
cpe:2.3:h:dell:g7_7588:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>g7_7590_firmware>>Versions before 1.3.1(exclusive)
cpe:2.3:o:dell:g7_7590_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>g7_7590>>-
cpe:2.3:h:dell:g7_7590:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>g7_7790_firmware>>Versions before 1.3.1(exclusive)
cpe:2.3:o:dell:g7_7790_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>g7_7790>>-
cpe:2.3:h:dell:g7_7790:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>embedded_box_pc_5000_firmware>>Versions before 1.5.6(exclusive)
cpe:2.3:o:dell:embedded_box_pc_5000_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>embedded_box_pc_5000>>-
cpe:2.3:h:dell:embedded_box_pc_5000:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_3153_firmware>>Versions before 1.22.0(exclusive)
cpe:2.3:o:dell:inspiron_3153_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_3153>>-
cpe:2.3:h:dell:inspiron_3153:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_3158_firmware>>Versions before 1.22.0(exclusive)
cpe:2.3:o:dell:inspiron_3158_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_3158>>-
cpe:2.3:h:dell:inspiron_3158:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_5368_firmware>>Versions before 1.19.0(exclusive)
cpe:2.3:o:dell:inspiron_5368_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_5368>>-
cpe:2.3:h:dell:inspiron_5368:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_5378_firmware>>Versions before 1.27.0(exclusive)
cpe:2.3:o:dell:inspiron_5378_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_5378>>-
cpe:2.3:h:dell:inspiron_5378:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_5379_firmware>>Versions before 1.11.0(exclusive)
cpe:2.3:o:dell:inspiron_5379_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_5379>>-
cpe:2.3:h:dell:inspiron_5379:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_7353_firmware>>Versions before 1.22.0(exclusive)
cpe:2.3:o:dell:inspiron_7353_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_7353>>-
cpe:2.3:h:dell:inspiron_7353:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_7359_firmware>>Versions before 1.22.0(exclusive)
cpe:2.3:o:dell:inspiron_7359_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_7359>>-
cpe:2.3:h:dell:inspiron_7359:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_7368_firmware>>Versions before 1.19.0(exclusive)
cpe:2.3:o:dell:inspiron_7368_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_7368>>-
cpe:2.3:h:dell:inspiron_7368:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_7373_firmware>>Versions before 1.13.1(exclusive)
cpe:2.3:o:dell:inspiron_7373_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_7373>>-
cpe:2.3:h:dell:inspiron_7373:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_7378_firmware>>Versions before 1.27.0(exclusive)
cpe:2.3:o:dell:inspiron_7378_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_7378>>-
cpe:2.3:h:dell:inspiron_7378:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_7370_firmware>>Versions before 1.13.1(exclusive)
cpe:2.3:o:dell:inspiron_7370_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_7370>>-
cpe:2.3:h:dell:inspiron_7370:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_3459_firmware>>Versions before 1.9.0(exclusive)
cpe:2.3:o:dell:inspiron_3459_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_3459>>-
cpe:2.3:h:dell:inspiron_3459:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_3467_firmware>>Versions before 2.9.0(exclusive)
cpe:2.3:o:dell:inspiron_3467_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_3467>>-
cpe:2.3:h:dell:inspiron_3467:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_3468_firmware>>Versions before 1.12.0(exclusive)
cpe:2.3:o:dell:inspiron_3468_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>inspiron_3468>>-
cpe:2.3:h:dell:inspiron_3468:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.dell.com/support/article/us/en/04/sln317683/dsa-2019-043-dell-client-improper-access-control-vulnerability?lang=ensecurity_alert@emc.com
Vendor Advisory
Hyperlink: https://www.dell.com/support/article/us/en/04/sln317683/dsa-2019-043-dell-client-improper-access-control-vulnerability?lang=en
Source: security_alert@emc.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

80Records found
CVE-2022-24416
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.11% / 30.00%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 21:45
Updated-16 Sep, 2024 | 17:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_m15_r4_firmwarealienware_m17_r4_firmwarealienware_x17_r1alienware_15_r3inspiron_3465latitude_3379_firmwareedge_gateway_3000alienware_m17_r3inspiron_15_5566vostro_3669edge_gateway_5100_firmwarewyse_7040_thin_client_firmwarevostro_3268_firmwareinspiron_3482_firmwarevostro_3660alienware_aurora_r8alienware_x15_r1_firmwarealienware_x15_r1embedded_box_pc_3000inspiron_3277wyse_7040_thin_clientvostro_14_5468_firmwarealienware_15_r3_firmwarealienware_15_r4vostro_3572_firmwareinspiron_3482alienware_m17_r4alienware_area_51m_r1_firmwarealienware_m17_r2inspiron_3510_firmwarealienware_area_51m_r2alienware_x17_r1_firmwarealienware_aurora_r8_firmwarexps_8930vostro_3572vostro_3669_firmwarealienware_m15_r3_firmwarealienware_13_r3_firmwareinspiron_3782_firmwarealienware_m17_r3_firmwareedge_gateway_5000vostro_14_5468alienware_m15_r4vostro_3668_firmwareinspiron_3565_firmwareinspiron_3477alienware_13_r3vostro_3667inspiron_3510latitude_3379edge_gateway_3000_firmwareinspiron_3277_firmwarevostro_3660_firmwarevostro_15_5568_firmwarevostro_15_5568alienware_17_r5alienware_m15_r2_firmwareinspiron_15_3573_firmwarealienware_area_51m_r1inspiron_3782inspiron_3582alienware_17_r4_firmwarealienware_m15_r2inspiron_3565edge_gateway_5000_firmwarevostro_3582_firmwareinspiron_3582_firmwarealienware_m17_r2_firmwareinspiron_3465_firmwareinspiron_3502_firmwarevostro_3267edge_gateway_5100xps_8930_firmwareinspiron_3477_firmwarealienware_17_r4inspiron_15_3573inspiron_14_3473vostro_3268embedded_box_pc_5000_firmwareembedded_box_pc_5000embedded_box_pc_3000_firmwarealienware_m15_r3inspiron_3502vostro_3267_firmwareinspiron_14_3473_firmwarealienware_15_r4_firmwarevostro_3582vostro_3667_firmwareinspiron_15_5566_firmwarealienware_area_51m_r2_firmwarealienware_17_r5_firmwarevostro_3668CPG BIOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-24426
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.66%
||
7 Day CHG~0.00%
Published-01 Apr, 2022 | 20:00
Updated-16 Sep, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command | Update, Dell Update, and Alienware Update version 4.4.0 contains a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_updatecommand_updateupdateDell Command Update (DCU)
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-24421
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.04% / 11.38%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 21:45
Updated-17 Sep, 2024 | 03:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_m15_r4_firmwarealienware_m17_r4_firmwarealienware_x17_r1alienware_15_r3inspiron_3465latitude_3379_firmwareedge_gateway_3000alienware_m17_r3inspiron_15_5566vostro_3669edge_gateway_5100_firmwarewyse_7040_thin_client_firmwarevostro_3268_firmwareinspiron_3482_firmwarevostro_3660alienware_aurora_r8alienware_x15_r1_firmwarealienware_x15_r1embedded_box_pc_3000inspiron_3277wyse_7040_thin_clientvostro_14_5468_firmwarealienware_15_r3_firmwarealienware_15_r4vostro_3572_firmwareinspiron_3482alienware_m17_r4alienware_area_51m_r1_firmwarealienware_m17_r2inspiron_3510_firmwarealienware_area_51m_r2alienware_x17_r1_firmwarealienware_aurora_r8_firmwarexps_8930vostro_3572vostro_3669_firmwarealienware_m15_r3_firmwarealienware_13_r3_firmwareinspiron_3782_firmwarealienware_m17_r3_firmwareedge_gateway_5000vostro_14_5468alienware_m15_r4vostro_3668_firmwareinspiron_3565_firmwareinspiron_3477alienware_13_r3vostro_3667inspiron_3510latitude_3379edge_gateway_3000_firmwareinspiron_3277_firmwarevostro_3660_firmwarevostro_15_5568_firmwarevostro_15_5568alienware_17_r5alienware_m15_r2_firmwareinspiron_15_3573_firmwarealienware_area_51m_r1inspiron_3782inspiron_3582alienware_17_r4_firmwarealienware_m15_r2inspiron_3565edge_gateway_5000_firmwarevostro_3582_firmwareinspiron_3582_firmwarealienware_m17_r2_firmwareinspiron_3465_firmwareinspiron_3502_firmwarevostro_3267edge_gateway_5100xps_8930_firmwareinspiron_3477_firmwarealienware_17_r4inspiron_15_3573inspiron_14_3473vostro_3268embedded_box_pc_5000_firmwareembedded_box_pc_5000embedded_box_pc_3000_firmwarealienware_m15_r3inspiron_3502vostro_3267_firmwareinspiron_14_3473_firmwarealienware_15_r4_firmwarevostro_3582vostro_3667_firmwareinspiron_15_5566_firmwarealienware_area_51m_r2_firmwarealienware_17_r5_firmwarevostro_3668CPG BIOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-24418
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.05% / 14.27%
||
7 Day CHG~0.00%
Published-26 May, 2022 | 15:20
Updated-17 Sep, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

Action-Not Available
Vendor-Dell Inc.
Product-inspiron_5515_firmwarevostro_5515_firmwareinspiron_3180vostro_3515_firmwareinspiron_3185_firmwareinspiron_22-3275_firmwaredell_g5_5505_firmwareinspiron_3185inspiron_3585inspiron_7405_firmwareinspiron_5515inspiron_5675_firmwareinspiron_5415_firmwareinspiron_5405_firmwareinspiron_27_7775_firmwareinspiron_3505_firmwareinspiron_5585inspiron_5775_firmwareinspiron_7375_firmwareinspiron_5575_firmwareinspiron_3785vostro_5415inspiron_7415_firmwareinspiron_3515inspiron_5415inspiron_3785_firmwareinspiron_7415vostro_3405_firmwareinspiron_3195inspiron_24-3475vostro_3515inspiron_3515_firmwareinspiron_3180_firmwareinspiron_5575inspiron_24-3475_firmwareinspiron_3195_firmwareinspiron_5505inspiron_3505inspiron_3595inspiron_27_7775inspiron_5505_firmwarevostro_5515dell_g5_5505inspiron_3595_firmwareinspiron_7375inspiron_3585_firmwareinspiron_5485_firmwareinspiron_5585_firmwareinspiron_7405inspiron_22-3275inspiron_5675vostro_5415_firmwareinspiron_5405inspiron_5775vostro_3405inspiron_5485CPG BIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2022-24420
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.04% / 11.38%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 21:45
Updated-17 Sep, 2024 | 00:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_m15_r4_firmwarealienware_m17_r4_firmwarealienware_x17_r1alienware_15_r3inspiron_3465latitude_3379_firmwareedge_gateway_3000alienware_m17_r3inspiron_15_5566vostro_3669edge_gateway_5100_firmwarewyse_7040_thin_client_firmwarevostro_3268_firmwareinspiron_3482_firmwarevostro_3660alienware_aurora_r8alienware_x15_r1_firmwarealienware_x15_r1embedded_box_pc_3000inspiron_3277wyse_7040_thin_clientvostro_14_5468_firmwarealienware_15_r3_firmwarealienware_15_r4vostro_3572_firmwareinspiron_3482alienware_m17_r4alienware_area_51m_r1_firmwarealienware_m17_r2inspiron_3510_firmwarealienware_area_51m_r2alienware_x17_r1_firmwarealienware_aurora_r8_firmwarexps_8930vostro_3572vostro_3669_firmwarealienware_m15_r3_firmwarealienware_13_r3_firmwareinspiron_3782_firmwarealienware_m17_r3_firmwareedge_gateway_5000vostro_14_5468alienware_m15_r4vostro_3668_firmwareinspiron_3565_firmwareinspiron_3477alienware_13_r3vostro_3667inspiron_3510latitude_3379edge_gateway_3000_firmwareinspiron_3277_firmwarevostro_3660_firmwarevostro_15_5568_firmwarevostro_15_5568alienware_17_r5alienware_m15_r2_firmwareinspiron_15_3573_firmwarealienware_area_51m_r1inspiron_3782inspiron_3582alienware_17_r4_firmwarealienware_m15_r2inspiron_3565edge_gateway_5000_firmwarevostro_3582_firmwareinspiron_3582_firmwarealienware_m17_r2_firmwareinspiron_3465_firmwareinspiron_3502_firmwarevostro_3267edge_gateway_5100xps_8930_firmwareinspiron_3477_firmwarealienware_17_r4inspiron_15_3573inspiron_14_3473vostro_3268embedded_box_pc_5000_firmwareembedded_box_pc_5000embedded_box_pc_3000_firmwarealienware_m15_r3inspiron_3502vostro_3267_firmwareinspiron_14_3473_firmwarealienware_15_r4_firmwarevostro_3582vostro_3667_firmwareinspiron_15_5566_firmwarealienware_area_51m_r2_firmwarealienware_17_r5_firmwarevostro_3668CPG BIOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-24419
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.04% / 11.38%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 21:45
Updated-16 Sep, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_m15_r4_firmwarealienware_m17_r4_firmwarealienware_x17_r1alienware_15_r3inspiron_3465latitude_3379_firmwareedge_gateway_3000alienware_m17_r3inspiron_15_5566vostro_3669edge_gateway_5100_firmwarewyse_7040_thin_client_firmwarevostro_3268_firmwareinspiron_3482_firmwarevostro_3660alienware_aurora_r8alienware_x15_r1_firmwarealienware_x15_r1embedded_box_pc_3000inspiron_3277wyse_7040_thin_clientvostro_14_5468_firmwarealienware_15_r3_firmwarealienware_15_r4vostro_3572_firmwareinspiron_3482alienware_m17_r4alienware_area_51m_r1_firmwarealienware_m17_r2inspiron_3510_firmwarealienware_area_51m_r2alienware_x17_r1_firmwarealienware_aurora_r8_firmwarexps_8930vostro_3572vostro_3669_firmwarealienware_m15_r3_firmwarealienware_13_r3_firmwareinspiron_3782_firmwarealienware_m17_r3_firmwareedge_gateway_5000vostro_14_5468alienware_m15_r4vostro_3668_firmwareinspiron_3565_firmwareinspiron_3477alienware_13_r3vostro_3667inspiron_3510latitude_3379edge_gateway_3000_firmwareinspiron_3277_firmwarevostro_3660_firmwarevostro_15_5568_firmwarevostro_15_5568alienware_17_r5alienware_m15_r2_firmwareinspiron_15_3573_firmwarealienware_area_51m_r1inspiron_3782inspiron_3582alienware_17_r4_firmwarealienware_m15_r2inspiron_3565edge_gateway_5000_firmwarevostro_3582_firmwareinspiron_3582_firmwarealienware_m17_r2_firmwareinspiron_3465_firmwareinspiron_3502_firmwarevostro_3267edge_gateway_5100xps_8930_firmwareinspiron_3477_firmwarealienware_17_r4inspiron_15_3573inspiron_14_3473vostro_3268embedded_box_pc_5000_firmwareembedded_box_pc_5000embedded_box_pc_3000_firmwarealienware_m15_r3inspiron_3502vostro_3267_firmwareinspiron_14_3473_firmwarealienware_15_r4_firmwarevostro_3582vostro_3667_firmwareinspiron_15_5566_firmwarealienware_area_51m_r2_firmwarealienware_17_r5_firmwarevostro_3668CPG BIOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-24417
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.05% / 14.27%
||
7 Day CHG~0.00%
Published-26 May, 2022 | 15:20
Updated-16 Sep, 2024 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

Action-Not Available
Vendor-Dell Inc.
Product-inspiron_5515_firmwarevostro_5515_firmwareinspiron_3180vostro_3515_firmwareinspiron_3185_firmwareinspiron_22-3275_firmwaredell_g5_5505_firmwareinspiron_3185inspiron_3585inspiron_7405_firmwareinspiron_5515inspiron_5675_firmwareinspiron_5415_firmwareinspiron_5405_firmwareinspiron_27_7775_firmwareinspiron_3505_firmwareinspiron_5585inspiron_5775_firmwareinspiron_7375_firmwareinspiron_5575_firmwareinspiron_3785vostro_5415inspiron_7415_firmwareinspiron_3515inspiron_5415inspiron_3785_firmwareinspiron_7415vostro_3405_firmwareinspiron_3195inspiron_24-3475vostro_3515inspiron_3515_firmwareinspiron_3180_firmwareinspiron_5575inspiron_24-3475_firmwareinspiron_3195_firmwareinspiron_5505inspiron_3505inspiron_3595inspiron_27_7775inspiron_5505_firmwarevostro_5515dell_g5_5505inspiron_3595_firmwareinspiron_7375inspiron_3585_firmwareinspiron_5485_firmwareinspiron_5585_firmwareinspiron_7405inspiron_22-3275inspiron_5675vostro_5415_firmwareinspiron_5405inspiron_5775vostro_3405inspiron_5485CPG BIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2018-1203
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-1.08% / 76.95%
||
7 Day CHG~0.00%
Published-26 Mar, 2018 | 18:00
Updated-16 Sep, 2024 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary with root privileges. In versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, the tcpdump binary, being run with sudo, may potentially be used by compadmin to execute arbitrary code with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-emc_isilon_onefsIsilon OneFS
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-1185
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-1.52% / 80.49%
||
7 Day CHG~0.00%
Published-03 Feb, 2018 | 01:00
Updated-05 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Admin CLI may allow a malicious user with admin privileges to escape from the restricted shell to an interactive shell and run arbitrary commands with root privileges.

Action-Not Available
Vendor-n/aDell Inc.
Product-emc_recoverpointemc_recoverpoint_for_virtual_machinesEMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, EMC RecoverPoint versions prior to 5.0.1.3
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-1184
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.25% / 47.88%
||
7 Day CHG~0.00%
Published-03 Feb, 2018 | 01:00
Updated-05 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Boxmgmt CLI may allow a malicious user with boxmgmt privileges to bypass Boxmgmt CLI and run arbitrary commands with root privileges.

Action-Not Available
Vendor-n/aDell Inc.
Product-emc_recoverpointemc_recoverpoint_for_virtual_machinesEMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, EMC RecoverPoint versions prior to 5.0.1.3
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-21553
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.03% / 7.80%
||
7 Day CHG~0.00%
Published-02 Aug, 2021 | 23:45
Updated-17 Sep, 2024 | 03:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 8.1.0-9.1.0 contain an Incorrect User Management vulnerability.under some specific conditions, this can allow the CompAdmin user to elevate privileges and break out of Compliance mode. This is a critical vulnerability and Dell recommends upgrading at the earliest.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-286
Incorrect User Management
CVE-2021-21554
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.1||MEDIUM
EPSS-0.05% / 14.69%
||
7 Day CHG~0.00%
Published-14 Jun, 2021 | 19:10
Updated-16 Sep, 2024 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and, Dell Precision 7920 Rack Workstation BIOS contain a stack-based buffer overflow vulnerability in systems with Intel Optane DC Persistent Memory installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.

Action-Not Available
Vendor-Dell Inc.
Product-poweredge_r740_firmwarepoweredge_r940xapoweredge_mx740c_firmwareprecision_7920_firmwarepoweredge_r640_firmwareprecision_7920poweredge_r940xa_firmwarepoweredge_r640poweredge_r840poweredge_mx840cpoweredge_mx740cpoweredge_r940_firmwarepoweredge_r840_firmwarepoweredge_r740xd_firmwarepoweredge_r940poweredge_r740poweredge_mx840c_firmwarepoweredge_r740xdPowerEdge BIOS Intel 15G
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21550
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6||MEDIUM
EPSS-0.05% / 16.77%
||
7 Day CHG~0.00%
Published-06 May, 2021 | 12:40
Updated-16 Sep, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability can allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-21552
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.2||MEDIUM
EPSS-0.14% / 34.60%
||
7 Day CHG~0.00%
Published-21 May, 2021 | 20:05
Updated-16 Sep, 2024 | 23:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse Windows Embedded System versions WIE10 LTSC 2019 and earlier contain an improper authorization vulnerability. A local authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass the restricted environment and perform unauthorized actions on the affected system.

Action-Not Available
Vendor-Microsoft CorporationDell Inc.
Product-wyse_5070_thin_clientwyse_5470_all-in-one_thin_clientwyse_5470_thin_clientwindows_10Wyse Windows Embedded (WES)
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-21557
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.1||HIGH
EPSS-0.04% / 11.71%
||
7 Day CHG~0.00%
Published-14 Jun, 2021 | 19:10
Updated-16 Sep, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge Server BIOS and select Dell Precision Rack BIOS contain an out-of-bounds array access vulnerability. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of service, arbitrary code execution, or information disclosure in System Management Mode.

Action-Not Available
Vendor-Dell Inc.
Product-poweredge_r7515poweredge_m640ppoweredge_t140_firmwarepoweredge_r6515_firmwarepoweredge_r240poweredge_r7515_firmwarepoweredge_r440_firmwarepoweredge_m640poweredge_mx740c_firmwarepoweredge_r640_firmwarepoweredge_t440poweredge_m640p_firmwarepoweredge_r940xa_firmwarepoweredge_r7525_firmwarepoweredge_mx840cpoweredge_r6525poweredge_t640poweredge_mx740cpoweredge_r7525poweredge_r840_firmwarepoweredge_c4140_firmwarepoweredge_r940poweredge_r540poweredge_m640_firmwarepoweredge_mx840c_firmwarepoweredge_r540_firmwarepoweredge_r740xdpoweredge_r740_firmwarepoweredge_t340_firmwarepoweredge_r6415poweredge_r440poweredge_r740xd2_firmwarepoweredge_r340_firmwarepoweredge_c6525_firmwarepoweredge_c6525poweredge_xr2_firmwarepoweredge_r6515poweredge_r940xapoweredge_r340poweredge_r6415_firmwarepoweredge_r6525_firmwarepoweredge_c6420poweredge_fc640_firmwarepoweredge_r640poweredge_t640_firmwarepoweredge_c6420_firmwarepoweredge_r740xd2poweredge_r840poweredge_r7415_firmwarepoweredge_r7425poweredge_fc640poweredge_t340poweredge_r240_firmwarepoweredge_r7415poweredge_r7425_firmwarepoweredge_c4140poweredge_r940_firmwarepoweredge_t440_firmwarepoweredge_r740xd_firmwarepoweredge_t140poweredge_r740poweredge_xr2PowerEdge BIOS Intel 15G
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-44297
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.03% / 5.19%
||
7 Day CHG~0.00%
Published-05 Dec, 2023 | 15:52
Updated-02 Aug, 2024 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information disclosure, information tampering, code execution, denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-poweredge_r660xs_firmwarepoweredge_r760xapoweredge_hs5620poweredge_r760xs_firmwarepoweredge_t560_firmwarepoweredge_r660_firmwarepoweredge_hs5610_firmwarepoweredge_r760poweredge_t560poweredge_r760xa_firmwarepoweredge_r960poweredge_c6620poweredge_c6620_firmwarepoweredge_r960_firmwarepoweredge_r760xspoweredge_mx760c_firmwarepoweredge_r660xspoweredge_r760xd2poweredge_r660poweredge_hs5610poweredge_mx760cpoweredge_r860poweredge_r760xd2_firmwarepoweredge_r860_firmwarepoweredge_hs5620_firmwarepoweredge_r760_firmwarePowerEdge BIOS
CWE ID-CWE-1234
Hardware Internal or Debug Modes Allow Override of Locks
CWE ID-CWE-667
Improper Locking
CVE-2022-22557
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.11% / 30.50%
||
7 Day CHG~0.00%
Published-02 Jun, 2022 | 21:00
Updated-16 Sep, 2024 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PowerStore contains Plain-Text Password Storage Vulnerability in PowerStore X & T environments running versions 2.0.0.x and 2.0.1.x A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

Action-Not Available
Vendor-Dell Inc.
Product-powerstore_xpowerstore_tpowerstoreosPowerStore
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-22566
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 11.71%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 20:00
Updated-17 Sep, 2024 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Select Dell Client Commercial and Consumer platforms contain a pre-boot direct memory access (DMA) vulnerability. An authenticated attacker with physical access to the system may potentially exploit this vulnerability in order to execute arbitrary code on the device.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_5401vostro_5391_firmwarexps_15_9510_firmwareinspiron_5583inspiron_7500_firmwareinspiron_7300_firmwarelatitude_3520precision_3541_firmwareinspiron_5591_2-in-1g5_5500precision_3561_firmwareinspiron_7506_2-in-1xps_17_9710_firmwareg7_7500precision_7560inspiron_5590_firmwarevostro_3881_firmwarevostro_3490_firmwarelatitude_7200_2-in-1latitude_5511_firmwareinspiron_5493precision_3550vostro_3888inspiron_3891_firmwareoptiplex_3090_ultra_firmwareinspiron_7490vostro_3888_firmwarexps_13_7390_2-in-1_firmwarelatitude_7420_firmwareprecision_7540inspiron_5501vostro_5501_firmwarelatitude_3310_2-in-1inspiron_5390_firmwarelatitude_9420inspiron_5490_firmwareoptiplex_3090_ultraalienware_area_51m_r1_firmwareoptiplex_5080inspiron_5400_aioinspiron_5502latitude_5511inspiron_7501precision_5550inspiron_7300_2-in-1xps_17_9700inspiron_7390_firmwarexps_7590alienware_m17_r3_firmwarelatitude_5300vostro_3400inspiron_3891vostro_5310g3_3500latitude_9410_firmwarevostro_7590optiplex_7090_firmwareinspiron_7300_2-in-1_firmwareinspiron_7706_2-in-1_firmwarelatitude_5300_2-in-1g15_5511_firmwarelatitude_7410_firmwarelatitude_7320latitude_7300optiplex_7090latitude_5310_2-in-1inspiron_5490_aio_firmwareinspiron_5491_aiolatitude_3420inspiron_14_5418_firmwareg5_5500_firmwarelatitude_rugged_7330_firmwarevostro_5491_firmwarelatitude_5500_firmwarelatitude_5410_firmwarelatitude_5310_2-in-1_firmwarexps_13_7390inspiron_7490_firmwareinspiron_5409latitude_3400_firmwarevostro_3890latitude_7400latitude_3510precision_3560_firmwareinspiron_5584precision_3520vostro_5401_firmwareinspiron_3880_firmwareinspiron_3511_firmwareinspiron_5310_firmwareinspiron_5501_firmwareoptiplex_5080_firmwareinspiron_14_5410inspiron_5493_firmwarelatitude_3400xps_17_9700_firmwarelatitude_3420_firmwarealienware_m15_r3g5_5000vostro_3590vostro_5390inspiron_5491_2-in-1_firmwareinspiron_15_5510vostro_5590_firmwareinspiron_7506_2-in-1_firmwarealienware_m17_r4_firmwarelatitude_7320_detachable_firmwarelatitude_9410inspiron_3790optiplex_7080_firmwareinspiron_5491_aio_firmwarelatitude_5310vostro_5391inspiron_5494latitude_3301inspiron_5594optiplex_7090_ultra_firmwarexps_13_9300xps_15_9500latitude_5500precision_3450inspiron_5508_firmwareprecision_7550_firmwarelatitude_3500_firmwarechengming_3991vostro_5591precision_5560inspiron_5400_aio_firmwareinspiron_7501_firmwareinspiron_7500_2-in-1_blackg15_5510_firmwareinspiron_3881_firmwarevostro_7510_firmwarelatitude_5521g3_3590vostro_7510optiplex_5480_all-in-one_firmwareinspiron_7791precision_3540latitude_5501inspiron_7510_firmwarelatitude_7400_firmwarevostro_3501latitude_7520inspiron_7500_2-in-1_black_firmwareprecision_3450_firmwarechengming_3990inspiron_5301latitude_3310g7_7700_firmwarevostro_5880_firmwarexps_17_9710inspiron_3493vostro_5410alienware_area_51m_r1inspiron_5402precision_7540_firmwareprecision_5750_firmwareinspiron_7700_aiovostro_3401_firmwareinspiron_7391_firmwarevostro_3881vostro_5401inspiron_5593latitude_5420_firmwareprecision_3561vostro_5390_firmwarelatitude_5520latitude_3410_firmwareinspiron_7510vostro_5300inspiron_7400_firmwareoptiplex_7490_aio_firmwareinspiron_3493_firmwareprecision_3530_firmwarelatitude_3320vostro_5301inspiron_5583_firmwarexps_13_9310_2-in-1_firmwarexps_15_9510inspiron_3590latitude_7210_2-in-1inspiron_7590vostro_5880precision_7750alienware_m15_r6_firmwarelatitude_3301_firmwarelatitude_3320_firmwarelatitude_rugged_7220_extreme_firmwarelatitude_9520_firmwareprecision_5560_firmwarevostro_3690_firmwareoptiplex_7080g15_5510latitude_5520_firmwareoptiplex_5090optiplex_5480_all-in-oneinspiron_15_5518inspiron_5591_2-in-1_firmwarealienware_area_51m_r2_firmwarevostro_7500_firmwarelatitude_5400alienware_m15_r4_firmwarelatitude_5410precision_3541xps_8940inspiron_5310vostro_5510_firmwareprecision_3551latitude_5401_firmwarealienware_m17_r3vostro_5491inspiron_7610latitude_rugged_7330vostro_5301_firmwarelatitude_7300_firmwarelatitude_5421vostro_5890latitude_9420_firmwarelatitude_5510inspiron_5400_2-in-1inspiron_5401_aio_firmwarelatitude_5400_firmwareinspiron_7610_firmwarevostro_5300_firmwareoptiplex_5090_firmwarevostro_3501_firmwareinspiron_5400_2-in-1_firmwareinspiron_7391inspiron_3593_firmwarealienware_m17_r4optiplex_7780_all-in-one_firmwareprecision_3440inspiron_5494_firmwareprecision_3440_firmwarevostro_5402optiplex_7090_ultrag5_5000_firmwareprecision_3640_firmwarelatitude_3310_2-in-1_firmwarealienware_m15_r3_firmwarelatitude_5320precision_3550_firmwarelatitude_7410latitude_3310_firmwareinspiron_3590_firmwarelatitude_5501_firmwarexps_13_7390_2-in-1vostro_3690optiplex_3280_all-in-one_firmwarexps_15_9500_firmwarelatitude_5411inspiron_5300_firmwareprecision_7760vostro_7500vostro_3500_firmwareinspiron_7306_2-in-1_firmwareinspiron_7590_firmwareinspiron_7791_firmwareprecision_7740_firmwarelatitude_7320_detachablelatitude_9520latitude_rugged_7220_extremeinspiron_5509vostro_3590_firmwareinspiron_5406_2-in-1_firmwareinspiron_5498vostro_3681inspiron_7500_2-in-1_silver_firmwarelatitude_7420inspiron_7591_firmwareinspiron_5300inspiron_7706_2-in-1latitude_7400_2-in-1_firmwareinspiron_5508precision_5550_firmwareinspiron_5491_2-in-1precision_3530g7_7500_firmwarelatitude_5411_firmwarelatitude_3510_firmwarelatitude_3120_firmwareinspiron_5590vostro_5490inspiron_3593inspiron_15_5518_firmwareprecision_7740inspiron_5301_firmwareinspiron_5408_firmwarelatitude_7310_firmwareinspiron_5498_firmwareprecision_5540vostro_5490_firmwareinspiron_7306_2-in-1xps_13_9310_firmwareinspiron_3790_firmwarexps_13_7390_firmwarelatitude_9510optiplex_3280_all-in-onelatitude_7520_firmwareprecision_5760_firmwarelatitude_5420inspiron_7300inspiron_3793_firmwareinspiron_5402_firmwarevostro_3681_firmwareinspiron_7390vostro_5890_firmwareprecision_7560_firmwarelatitude_9510_firmwareinspiron_5406_2-in-1precision_3650latitude_7400_2-in-1optiplex_5490_aio_firmwareprecision_7760_firmwareoptiplex_7070_ufflatitude_5300_2-in-1_firmwarevostro_5510inspiron_3511inspiron_3490latitude_7210_2-in-1_firmwarelatitude_rugged_5430_firmwarexps_13_9310inspiron_5410latitude_5510_firmwareg7_7700vostro_5502vostro_3510_firmwareoptiplex_7490_aioinspiron_5410_firmwareoptiplex_7780_all-in-oneinspiron_15_5510_firmwareinspiron_5490inspiron_3501_firmwareinspiron_5408vostro_5410_firmwarevostro_5502_firmwareprecision_3540_firmwarelatitude_5300_firmwareinspiron_3880g3_3500_firmwareoptiplex_3080_firmwarelatitude_3410precision_7550vostro_5402_firmwarevostro_3490latitude_rugged_7220inspiron_5391inspiron_3881inspiron_5598xps_13_9380latitude_5320_firmwarexps_7590_firmwareoptiplex_3080alienware_area_51m_r2inspiron_7500_2-in-1_silverinspiron_3501latitude_5310_firmwarelatitude_3500xps_13_9300_firmwareprecision_5750alienware_m15_r4inspiron_3793latitude_rugged_5430xps_9305_firmwarealienware_m15_r6inspiron_7591vostro_3890_firmwareoptiplex_5490_aiolatitude_7310inspiron_14_5410_firmwareinspiron_7790latitude_5421_firmwareg3_3590_firmwareinspiron_7500inspiron_7790_firmwareg15_5511inspiron_5584_firmwareprecision_5540_firmwareprecision_5760vostro_5590inspiron_5401_firmwarevostro_5501optiplex_7480_all-in-onechengming_3990_firmwarexps_8940_firmwarelatitude_7320_firmwarelatitude_3120latitude_rugged_7220_firmwareprecision_3520_firmwareprecision_3560inspiron_5594_firmwareprecision_3551_firmwareinspiron_5401_aioprecision_3640inspiron_7700_aio_firmwarevostro_3400_firmwarevostro_5310_firmwareinspiron_5509_firmwareinspiron_5593_firmwarelatitude_7200_2-in-1_firmwareinspiron_5598_firmwareoptiplex_7480_all-in-one_firmwareprecision_3650_firmwarevostro_3500xps_9305precision_3240_compactprecision_7750_firmwareinspiron_5391_firmwarelatitude_3520_firmwarevostro_3401inspiron_5490_aioinspiron_5502_firmwarechengming_3991_firmwarevostro_7590_firmwareinspiron_14_5418inspiron_3490_firmwareinspiron_5409_firmwareinspiron_7400xps_13_9380_firmwareinspiron_5390optiplex_7070_uff_firmwareprecision_3240_compact_firmwarelatitude_5521_firmwarevostro_3510inspiron_5401xps_13_9310_2-in-1vostro_5591_firmwareCPG BIOS
CWE ID-CWE-1190
DMA Device Enabled Too Early in Boot Phase
CVE-2020-5385
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.32%
||
7 Day CHG~0.00%
Published-18 Aug, 2020 | 20:40
Updated-17 Sep, 2024 | 02:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Encryption versions prior to 10.8 and Dell Endpoint Security Suite versions prior to 2.8 contain a privilege escalation vulnerability because of an incomplete fix for CVE-2020-5358. A local malicious user with low privileges could potentially exploit this vulnerability to gain elevated privilege on the affected system with the help of a symbolic link.

Action-Not Available
Vendor-Dell Inc.
Product-encryptionendpoint_security_suite_enterpriseDell Encryption Enterprise
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2023-32480
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.06% / 18.38%
||
7 Day CHG~0.00%
Published-23 Jun, 2023 | 10:50
Updated-29 Nov, 2024 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an Improper Input Validation vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability to perform arbitrary code execution.

Action-Not Available
Vendor-Dell Inc.
Product-precision_5760inspiron_7420inspiron_16_7620_2-in-1_firmwareinspiron_5410vostro_3520inspiron_5620vostro_5510_firmwarexps_17_9710latitude_3520vostro_5410inspiron_7420_firmwarelatitude_3420inspiron_3520inspiron_16_7620_2-in-1inspiron_5410_firmwareinspiron_14_5418_firmwareinspiron_15_5510_firmwarexps_17_9710_firmwarevostro_5410_firmwareinspiron_7610latitude_3430_firmwarelatitude_3530_firmwareinspiron_7510inspiron_5420xps_17_9720inspiron_7610_firmwareinspiron_15_5518_firmwarelatitude_3320precision_5770xps_13_9315_2-in-1vostro_5620_firmwarexps_13_9315_2-in-1_firmwareinspiron_3520_firmwareinspiron_5620_firmwarelatitude_3520_firmwareinspiron_14_5410vostro_5620g15_5510_firmwarevostro_3420vostro_7510_firmwarealienware_m15_r7_firmwareinspiron_14_5418precision_5770_firmwarelatitude_3430vostro_7510g15_5520latitude_3320_firmwareinspiron_7510_firmwarelatitude_3420_firmwareprecision_5760_firmwarevostro_3520_firmwarevostro_3420_firmwarevostro_5510g15_5510inspiron_14_5410_firmwareinspiron_5420_firmwareinspiron_15_5518xps_17_9720_firmwareg15_5520_firmwarelatitude_3530inspiron_15_5510alienware_m15_r7CPG BIOScpg_bios
CWE ID-CWE-20
Improper Input Validation
CVE-2021-43587
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.2||HIGH
EPSS-0.03% / 8.07%
||
7 Day CHG~0.00%
Published-21 Dec, 2021 | 17:05
Updated-17 Sep, 2024 | 03:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerPath Management Appliance, versions 3.2, 3.1, 3.0 P01, 3.0, and 2.6, use hard-coded cryptographic key. A local high-privileged malicious user may potentially exploit this vulnerability to gain access to secrets and elevate to gain higher privileges.

Action-Not Available
Vendor-Dell Inc.
Product-powerpath_management_appliancePowerPath Management Appliance
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CVE-2021-36315
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.04% / 12.76%
||
7 Day CHG~0.00%
Published-12 Nov, 2021 | 22:15
Updated-17 Sep, 2024 | 00:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerScale Nodes contain a hardware design flaw. This may allow a local unauthenticated user to escalate privileges. This also affects Compliance mode and for Compliance mode clusters, is a critical vulnerability. Dell EMC recommends applying the workaround at your earliest opportunity.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_nodes_a3000_firmwareemc_powerscale_nodes_h5600_firmwareemc_powerscale_nodes_f810_firmwareemc_powerscale_nodes_h400_firmwareemc_powerscale_nodes_h700emc_powerscale_nodes_h5600emc_powerscale_nodes_h700_firmwareemc_powerscale_nodes_x410emc_powerscale_nodes_a200_firmwareemc_powerscale_nodes_f200_firmwareemc_powerscale_nodes_x210emc_powerscale_nodes_a100_firmwareemc_powerscale_nodes_s210_firmwareemc_powerscale_nodes_f800_firmwareemc_powerscale_nodes_f600_firmwareemc_powerscale_nodes_f600emc_powerscale_nodes_a300_firmwareemc_powerscale_nodes_a200emc_powerscale_nodes_a3000emc_powerscale_nodes_h7000_firmwareemc_powerscale_nodes_x210_firmwareemc_powerscale_nodes_a2000emc_powerscale_nodes_f200emc_powerscale_nodes_h500_firmwareemc_powerscale_nodes_s210emc_powerscale_nodes_nl410emc_powerscale_nodes_h400emc_powerscale_nodes_h7000emc_powerscale_nodes_h600emc_powerscale_nodes_nl410_firmwareemc_powerscale_nodes_a100emc_powerscale_nodes_x410_firmwareemc_powerscale_nodes_a300emc_powerscale_nodes_a2000_firmwareemc_powerscale_nodes_f810emc_powerscale_nodes_h500emc_powerscale_nodes_f800emc_powerscale_nodes_h600_firmwarePowerScale Nodes
CVE-2021-36324
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.04% / 10.88%
||
7 Day CHG~0.00%
Published-12 Nov, 2021 | 22:15
Updated-16 Sep, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Action-Not Available
Vendor-Dell Inc.
Product-inspiron_15_7570_firmwarelatitude_5401g7_7590inspiron_3470latitude_e7270optiplex_7770_firmwarevostro_3669inspiron_5491_firmwareprecision_7820_firmwareinspiron_5477_firmwarelatitude_5179inspiron_15_7577latitude_7380_firmwarevostro_3888xps_13_9370inspiron_5570vostro_3888_firmwarewyse_7040latitude_e5270precision_7540alienware_15_r3_firmwareprecision_3420wyse_5070inspiron_5490_firmwarealienware_area_51m_r1_firmwarelatitude_5590optiplex_5080latitude_5511inspiron_7580_firmwarealienware_m15_r1_firmwareprecision_7720precision_7920alienware_m17_r3_firmwarelatitude_5300vostro_5581_firmwarelatitude_3380_firmwareprecision_5530_firmwareoptiplex_5040latitude_rugged_5420vostro_15_7580inspiron_14_5468optiplex_5050alienware_aurora_r11latitude_3470latitude_7300g5_5590xps_13_9360vostro_14_3478_firmwareoptiplex_3060_firmwarelatitude_3590_firmwarelatitude_7490_firmwarealienware_m15_r2precision_5520latitude_7400latitude_5591precision_3620precision_5820inspiron_3471latitude_3390optiplex_5050_firmwareprecision_7520_firmwareoptiplex_7071_firmwarelatitude_5175_firmwareinspiron_7586optiplex_3040_firmwareoptiplex_5070precision_3630_firmwareprecision_3430g5_5000inspiron_7700inspiron_13_5378_firmwarelatitude_7285_firmwarexps_13_9370_firmwarevostro_3581_firmwarelatitude_7275vostro_3581xps_15_9575latitude_9410inspiron_7777optiplex_7070latitude_3570optiplex_7080_firmwareoptiplex_5480_firmwareinspiron_15_5578_firmwarelatitude_5310latitude_rugged_7424_firmwarevostro_3268_firmwarevostro_3660alienware_aurora_r8alienware_x15_r1inspiron_5400latitude_7480_firmwarevostro_14_5468_firmwarelatitude_e5470_firmwarechengming_3977vostro_5090latitude_3190vostro_5370alienware_aurora_r8_firmwareinspiron_5580_firmwareinspiron_3881_firmwarelatitude_rugged_7424latitude_5488g3_3590optiplex_5260latitude_7380precision_3540alienware_aurora_r11_firmwarevostro_14_5468optiplex_7780optiplex_3280xps_15_9560inspiron_3580_firmwareinspiron_3781_firmwarevostro_5370_firmwarewyse_5070_firmwarevostro_3670_firmwarelatitude_7275_firmwareinspiron_3280_firmwarelatitude_3310precision_7520vostro_15_3578_firmwarevostro_3660_firmwareinspiron_5482latitude_7290g7_7587_firmwarealienware_area_51m_r1precision_7540_firmwareoptiplex_7760latitude_7480vostro_3881wyse_5470_firmwareinspiron_7580inspiron_3668inspiron_5770alienware_m17_r2_firmwarelatitude_3580inspiron_3668_firmwarelatitude_5285optiplex_7780_firmwareinspiron_5480_firmwarelatitude_3551optiplex_xe3_firmwareinspiron_7590vostro_5880vostro_3268optiplex_7070_firmwarevostro_3584optiplex_xe3precision_5510inspiron_7370precision_3240vostro_3481_firmwarelatitude_5491optiplex_3240_firmwareoptiplex_7040inspiron_7386alienware_aurora_r12latitude_7280latitude_5400latitude_5410inspiron_7373_firmwareprecision_3541xps_8940optiplex_7050_firmwareprecision_7730_firmwarelatitude_3379_firmwarelatitude_5401_firmwarealienware_m17_r3precision_7730inspiron_7380precision_3240_firmwarelatitude_7285latitude_5400_firmwareprecision_3420_firmwarevostro_3671_firmwareprecision_3440latitude_rugged_7220ex_firmwareprecision_7510_firmwareg5_5000_firmwareoptiplex_7460_firmwareoptiplex_5250_firmwareinspiron_5680_firmwarealienware_m15_r3_firmwareinspiron_3576inspiron_3671_firmwareprecision_3550_firmwarevostro_3668_firmwarelatitude_3310_firmwarevostro_15_7580_firmwareinspiron_3781inspiron_3576_firmwareg7_7588_firmwarelatitude_3570_firmwareoptiplex_3050_firmwareinspiron_7590_firmwarelatitude_rugged_5414_firmwareprecision_7740_firmwareinspiron_15_3567alienware_m15_r2_firmwarelatitude_7389vostro_3681inspiron_5570_firmwareinspiron_3481inspiron_3780_firmwareprecision_3530g7_7588latitude_5411_firmwareinspiron_3470_firmwareinspiron_5370inspiron_7467_firmwareprecision_7740inspiron_3481_firmwareprecision_5530latitude_7310_firmwareinspiron_15_5579_firmwarelatitude_9510inspiron_5770_firmwareinspiron_7586_firmwarelatitude_rugged_extreme_7214latitude_3180_firmwarevostro_3681_firmwarealienware_m17_r1_firmwarevostro_3580_firmwareinspiron_3581_firmwareinspiron_17_7773latitude_9510_firmwarelatitude_3490_firmwareprecision_5720_firmwareg7_7587vostro_3668optiplex_7770optiplex_5270latitude_7280_firmwarevostro_3670latitude_5280latitude_5179_firmwareinspiron_5490inspiron_15_5578latitude_5300_firmwareinspiron_3880inspiron_5580latitude_5480_firmwareinspiron_3277precision_7550xps_7590_firmwareoptiplex_3080alienware_m17_r1latitude_3480latitude_rugged_5424_firmwarevostro_3671inspiron_7591latitude_7310inspiron_7790g3_3590_firmwareinspiron_7790_firmwarealienware_13_r3latitude_3379vostro_3584_firmwarechengming_3990_firmwarevostro_15_5568precision_3520_firmwarechengming_3980inspiron_7567_firmwareoptiplex_7060vostro_14_3468_firmwarelatitude_5290_firmwareinspiron_13_5379_firmwareg5_5090_firmwarelatitude_7390latitude_3390_firmwareprecision_7750_firmwarealienware_aurora_r12_firmwareprecision_3431precision_7510vostro_3480_firmwarechengming_3991_firmwarevostro_7590_firmwareprecision_3510_firmwareinspiron_7370_firmwarelatitude_7389_firmwarelatitude_e7470optiplex_5040_firmwareinspiron_3581latitude_rugged_tablet_7212_firmwareoptiplex_7480inspiron_5400_firmwareinspiron_15_5566_firmwarelatitude_5488_firmwarealienware_17_r5_firmwareoptiplex_5480precision_3541_firmwarealienware_m15_r1precision_7920_firmwareinspiron_15_7572alienware_aurora_r7_firmwareinspiron_3476_firmwareinspiron_5680vostro_3881_firmwareinspiron_7373latitude_5511_firmwareinspiron_15_7573_firmwareoptiplex_7040_firmwareprecision_3550latitude_7370latitude_7370_firmwareoptiplex_7440_firmwareoptiplex_5070_firmwarealienware_15_r4latitude_5490alienware_m17_r2inspiron_7567vostro_3070_firmwarelatitude_rugged_extreme_7414xps_7590optiplex_7071vostro_3481inspiron_7786latitude_9410_firmwarevostro_7590latitude_e7270_firmwarelatitude_5280_firmwareg5_5587_firmwarelatitude_3180inspiron_3268latitude_e5470optiplex_3070_firmwarelatitude_7410_firmwarevostro_3667latitude_e7470_firmwareprecision_7720_firmwareinspiron_3476inspiron_13_5378inspiron_3780inspiron_7380_firmwarelatitude_7390_firmwarelatitude_5500_firmwareprecision_7710latitude_5410_firmwarevostro_5090_firmwareprecision_3520inspiron_17_7773_firmwareg7_7790latitude_e5570inspiron_3880_firmwareg5_5090optiplex_3050optiplex_5080_firmwareinspiron_15_7570latitude_e5270_firmwareoptiplex_7480_firmwarevostro_3471latitude_rugged_5420_firmwarelatitude_rugged_extreme_7214_firmwareinspiron_3480_firmwareg5_5590_firmwarealienware_m15_r3inspiron_7700_firmwareoptiplex_5060_firmwarelatitude_3470_firmwareprecision_7530_firmwarealienware_x17_r1latitude_rugged_5424vostro_3583_firmwareinspiron_15_5566latitude_3190_firmwarealienware_aurora_ryzen_edition_firmwareg3_3779_firmwarevostro_15_3578latitude_5500inspiron_15_5582precision_7550_firmwarewyse_7040_firmwarelatitude_5285_firmwareinspiron_5477chengming_3991latitude_5288_firmwarelatitude_rugged_extreme_7414_firmwareinspiron_5480inspiron_3471_firmwarevostro_3669_firmwarelatitude_5501latitude_7400_firmwareprecision_7710_firmwarelatitude_3590inspiron_7472_firmwareoptiplex_5260_firmwarechengming_3990vostro_3583latitude_5491_firmwarevostro_5880_firmwareprecision_3630xps_15_9560_firmwarevostro_14_3468optiplex_3060optiplex_5060chengming_3988_firmwareinspiron_5491inspiron_5482_firmwarevostro_5481inspiron_7467precision_3530_firmwareprecision_3930_firmwarelatitude_rugged_tablet_7212latitude_5580_firmwarelatitude_7200inspiron_3477_firmwarelatitude_3189vostro_3580precision_7750inspiron_7472latitude_5175inspiron_14_3467_firmwareprecision_3620_firmwareoptiplex_3280_firmwarevostro_15_3568embedded_box_pc_5000inspiron_3580vostro_3267_firmwarevostro_3470_firmwareg3_3579inspiron_7386_firmwareoptiplex_7080alienware_aurora_r9alienware_area_51m_r2_firmwareoptiplex_7440latitude_5480alienware_15_r3vostro_5471_firmwareoptiplex_7470optiplex_3046xps_15_9575_firmwarelatitude_7210_firmwareinspiron_15_5582_firmwarealienware_x15_r1_firmwarelatitude_7300_firmwarelatitude_5510wyse_5470inspiron_5481precision_3440_firmwarealienware_x17_r1_firmwarexps_8930xps_27_7760inspiron_7786_firmwareprecision_3640_firmwareinspiron_15_5579vostro_15_3568_firmwarelatitude_7410latitude_5501_firmwarexps_27_7760_firmwareprecision_3430_firmwarelatitude_5411optiplex_7450_firmwareoptiplex_7450inspiron_15_3567_firmwareg3_3579_firmwarevostro_15_5568_firmwarelatitude_3480_firmwarelatitude_3189_firmwarexps_13_9360_firmwarealienware_17_r5optiplex_7760_firmwareinspiron_14_5468_firmwareinspiron_7591_firmwarelatitude_5290alienware_aurora_r7latitude_5289_firmwarechengming_3980_firmwarelatitude_5590_firmwareinspiron_15_7572_firmwarevostro_5481_firmwarelatitude_rugged_5414vostro_3267inspiron_14_3467inspiron_3671precision_5540alienware_17_r4precision_3930inspiron_3480latitude_3490inspiron_3670latitude_3300_firmwarevostro_5471alienware_15_r4_firmwarevostro_5581latitude_7200_firmwareg7_7790_firmwarelatitude_5510_firmwareinspiron_3670_firmwarevostro_15_7570latitude_e5570_firmwareprecision_3540_firmwareinspiron_7777_firmwareoptiplex_3046_firmwarelatitude_3380latitude_7210latitude_5289precision_7820vostro_3471_firmwareoptiplex_3080_firmwareoptiplex_3240precision_5510_firmwarelatitude_rugged_7220inspiron_3881xps_13_9380alienware_area_51m_r2latitude_5490_firmwarelatitude_5591_firmwarealienware_13_r3_firmwarelatitude_5310_firmwarevostro_3070inspiron_5481_firmwareprecision_5520_firmwarechengming_3988xps_15_7590inspiron_3477latitude_3300latitude_5580precision_5540_firmwareinspiron_3277_firmwareinspiron_5401_firmwarexps_8940_firmwareinspiron_3268_firmwarevostro_3480latitude_rugged_7220_firmwareprecision_3640alienware_17_r4_firmwarelatitude_rugged_7220exg5_5587latitude_3580_firmwarevostro_3470alienware_aurora_r9_firmwareoptiplex_3070inspiron_3280optiplex_3040precision_5720latitude_7290_firmwareoptiplex_5270_firmwareprecision_7530inspiron_5370_firmwarelatitude_3551_firmwarexps_8930_firmwarechengming_3977_firmwareoptiplex_7470_firmwareoptiplex_7460g7_7590_firmwarexps_15_7590_firmwareembedded_box_pc_5000_firmwareinspiron_15_7573optiplex_7050precision_3431_firmwareprecision_3510vostro_14_3478xps_13_9380_firmwareinspiron_13_5379latitude_5288latitude_7490optiplex_7060_firmwareg3_3779precision_5820_firmwareinspiron_5401optiplex_5250vostro_3667_firmwarealienware_aurora_ryzen_editioninspiron_15_7577_firmwarevostro_15_7570_firmwareCPG BIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2021-21518
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.04% / 9.52%
||
7 Day CHG~0.00%
Published-12 Mar, 2021 | 20:10
Updated-16 Sep, 2024 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. A local user with low privileges could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with SYSTEM privileges.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_business_pcssupportassist_for_home_pcssupportassist_client_promanageDell SupportAssist Client
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-21555
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.1||MEDIUM
EPSS-0.15% / 36.32%
||
7 Day CHG~0.00%
Published-14 Jun, 2021 | 19:10
Updated-16 Sep, 2024 | 22:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a heap-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.

Action-Not Available
Vendor-Dell Inc.
Product-poweredge_r740_firmwarepoweredge_r940xapoweredge_mx740c_firmwarepoweredge_r640_firmwarepoweredge_r940xa_firmwarepoweredge_r640poweredge_t640_firmwarepoweredge_r840poweredge_mx840cpoweredge_t640poweredge_mx740cpoweredge_r940_firmwarepoweredge_r840_firmwarepoweredge_r740xd_firmwarepoweredge_r940poweredge_r740poweredge_mx840c_firmwarepoweredge_r740xdPowerEdge BIOS Intel 15G
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21526
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6||MEDIUM
EPSS-0.03% / 5.96%
||
7 Day CHG~0.00%
Published-20 Apr, 2021 | 16:45
Updated-17 Sep, 2024 | 00:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS 8.1.0 - 9.1.0 contains a privilege escalation in SmartLock compliance mode that may allow compadmin to execute arbitrary commands as root.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-21556
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.1||MEDIUM
EPSS-0.05% / 14.69%
||
7 Day CHG~0.00%
Published-14 Jun, 2021 | 19:10
Updated-17 Sep, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a stack-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.

Action-Not Available
Vendor-Dell Inc.
Product-poweredge_r740_firmwarepoweredge_r940xapoweredge_mx740c_firmwarepoweredge_r640_firmwarepoweredge_r940xa_firmwarepoweredge_r640poweredge_t640_firmwarepoweredge_r840poweredge_mx840cpoweredge_t640poweredge_mx740cpoweredge_r940_firmwarepoweredge_r840_firmwarepoweredge_r740xd_firmwarepoweredge_r940poweredge_r740poweredge_mx840c_firmwarepoweredge_r740xdPowerEdge BIOS Intel 15G
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-5348
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 30.88%
||
7 Day CHG~0.00%
Published-03 Apr, 2020 | 23:20
Updated-17 Sep, 2024 | 03:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a UAF vulnerability in EFI_BOOT_SERVICES in system management mode. A local unauthenticated attacker may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in system management mode.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_7202_firmwarelatitude_7202CPG BIOS
CWE ID-CWE-416
Use After Free
CVE-2020-5363
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8.6||HIGH
EPSS-0.05% / 14.43%
||
7 Day CHG~0.00%
Published-10 Jun, 2020 | 20:40
Updated-16 Sep, 2024 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell's manageability interface without knowledge of the current BIOS Admin password. This could potentially allow an unauthorized actor, with physical access and/or OS administrator privileges to the device, to gain privileged access to the platform and the hard drive.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_7300latitude_5401precision_7740_firmwareprecision_3541precision_3541_firmwarelatitude_5401_firmwareprecision_7540_firmwarelatitude_5500_firmwareprecision_3540_firmwarelatitude_5300_firmwarexps_13_9300xps_7390_2-in-1_firmwarelatitude_7300_firmwarelatitude_5500latitude_7400latitude_5400_firmwarelatitude_7200_2_in_1_firmwarelatitude_7220_firmwareprecision_7540precision_7740latitude_7220ex_rugged_extreme_tabletxps_7590_firmwarelatitude_7220ex_rugged_extreme_tablet_firmwarexps_7590latitude_7220latitude_7200_2_in_1latitude_5501latitude_5300latitude_7400_firmwareprecision_3540xps_13_9300_firmwarexps_7390_2-in-1latitude_5501_firmwarelatitude_5300_2-in-1latitude_5300_2-in-1_firmwarelatitude_5400Dell Client Consumer and Commercial platforms
CWE ID-CWE-158
Improper Neutralization of Null Byte or NUL Character
CVE-2020-5358
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 2.48%
||
7 Day CHG~0.00%
Published-15 Jun, 2020 | 20:20
Updated-17 Sep, 2024 | 01:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Encryption versions prior to 10.7 and Dell Endpoint Security Suite versions prior to 2.7 contain a privilege escalation vulnerability due to incorrect permissions. A local malicious user with low privileges could potentially exploit this vulnerability to gain elevated privilege on the affected system with the help of a symbolic link.

Action-Not Available
Vendor-Dell Inc.
Product-encryptionendpoint_security_suite_enterpriseDell Encryption Enterprise
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
  • Previous
  • 1
  • 2
  • Next
Details not found