DSA-2023-076 Dell Precision 7910 and 7920 Rack Security Update for BIOS Vulnerabilities
Samenvatting: Dell Precision 7910 and 7920 Rack BIOS remediations are available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Dit artikel is van toepassing op
Dit artikel is niet van toepassing op
Dit artikel is niet gebonden aan een specifiek product.
Niet alle productversies worden in dit artikel vermeld.
Impact
High
Gegevens
| Proprietary Code CVE(s) | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-34377 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. | 1.9 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L |
| CVE-2022-34376 | Dell PowerEdge BIOS and Dell Precision BIOS contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause a denial of service during SMM. | 3.9 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L |
| CVE-2022-34406 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. | 7.5 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVE-2022-34407 | |||
| CVE-2022-34408 | |||
| CVE-2022-34409 | |||
| CVE-2022-34410 | |||
| CVE-2022-34411 | |||
| CVE-2022-34412 | |||
| CVE-2022-34413 | |||
| CVE-2022-34414 | |||
| CVE-2022-34415 | |||
| CVE-2022-34416 | |||
| CVE-2022-34417 | |||
| CVE-2022-34418 | |||
| CVE-2022-34419 | |||
| CVE-2022-34420 | |||
| CVE-2022-34421 | |||
| CVE-2022-34422 | |||
| CVE-2022-34423 |
| Proprietary Code CVE(s) | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-34377 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. | 1.9 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L |
| CVE-2022-34376 | Dell PowerEdge BIOS and Dell Precision BIOS contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause a denial of service during SMM. | 3.9 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L |
| CVE-2022-34406 | Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. | 7.5 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVE-2022-34407 | |||
| CVE-2022-34408 | |||
| CVE-2022-34409 | |||
| CVE-2022-34410 | |||
| CVE-2022-34411 | |||
| CVE-2022-34412 | |||
| CVE-2022-34413 | |||
| CVE-2022-34414 | |||
| CVE-2022-34415 | |||
| CVE-2022-34416 | |||
| CVE-2022-34417 | |||
| CVE-2022-34418 | |||
| CVE-2022-34419 | |||
| CVE-2022-34420 | |||
| CVE-2022-34421 | |||
| CVE-2022-34422 | |||
| CVE-2022-34423 |
Getroffen producten en herstel
| CVE(s) Addressed | Product | Affected Version(s) | Updated Version(s) | Link to Update |
| CVE-2022-34377 | Precision Rack 7910 |
Versions prior to 2.16.0 |
2.16.0 | Precision Rack 7910 Drivers and Downloads |
| CVE-2022-34376 | ||||
| CVE-2022-34406 | ||||
| CVE-2022-34407 | ||||
| CVE-2022-34408 | ||||
| CVE-2022-34409 | ||||
| CVE-2022-34410 | ||||
| CVE-2022-34411 | ||||
| CVE-2022-34412 | ||||
| CVE-2022-34413 | ||||
| CVE-2022-34414 | ||||
| CVE-2022-34415 | ||||
| CVE-2022-34416 | ||||
| CVE-2022-34417 | ||||
| CVE-2022-34418 | ||||
| CVE-2022-34419 | ||||
| CVE-2022-34420 | ||||
| CVE-2022-34421 | ||||
| CVE-2022-34422 | ||||
| CVE-2022-34423 | ||||
| CVE-2022-34376 | Precision 7920 Rack |
Versions prior to 2.16.2 | 2.16.2 | Precision 7920 Rack Drivers and Downloads |
| CVE(s) Addressed | Product | Affected Version(s) | Updated Version(s) | Link to Update |
| CVE-2022-34377 | Precision Rack 7910 |
Versions prior to 2.16.0 |
2.16.0 | Precision Rack 7910 Drivers and Downloads |
| CVE-2022-34376 | ||||
| CVE-2022-34406 | ||||
| CVE-2022-34407 | ||||
| CVE-2022-34408 | ||||
| CVE-2022-34409 | ||||
| CVE-2022-34410 | ||||
| CVE-2022-34411 | ||||
| CVE-2022-34412 | ||||
| CVE-2022-34413 | ||||
| CVE-2022-34414 | ||||
| CVE-2022-34415 | ||||
| CVE-2022-34416 | ||||
| CVE-2022-34417 | ||||
| CVE-2022-34418 | ||||
| CVE-2022-34419 | ||||
| CVE-2022-34420 | ||||
| CVE-2022-34421 | ||||
| CVE-2022-34422 | ||||
| CVE-2022-34423 | ||||
| CVE-2022-34376 | Precision 7920 Rack |
Versions prior to 2.16.2 | 2.16.2 | Precision 7920 Rack Drivers and Downloads |
Tijdelijke oplossingen en risicobeperking
None.
Revisiegeschiedenis
| Revision | Date | Description |
| 1.0 | 2023-03-14 | Initial Release |
Bevestigingen
Dell Technologies would like to thank Yngwei for reporting CVE-2022-34377 and CVE-2022-34376.
Verwante informatie
Juridische verklaring van afstand
Getroffen producten
Precision 7920 Rack, Precision Rack 7910, Product Security InformationArtikeleigenschappen
Artikelnummer: 000209466
Artikeltype: Dell Security Advisory
Laatst aangepast: 14 mrt. 2023
Vind antwoorden op uw vragen via andere Dell gebruikers
Support Services
Controleer of uw apparaat wordt gedekt door Support Services.