MidnightBSD

Advisories for dell

CVE-2001-1105 HIGH

RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
dell bsafe_ssl-j 3.0.1
dell bsafe_ssl-j 3.0
cisco icdn 2.0
dell bsafe_ssl-j 3.1
CVE-2004-0079 MEDIUM

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
cisco pix_firewall_software 6.2(2)
hp apache-based_web_server 2.0.43.04
avaya sg5 4.3
securecomputing sidewinder 5.2.0.03
lite speed_technologies_litespeed_web_server 1.3.1
stonesoft stonebeat_fullcluster 1_3.0
hp hp-ux 11.23
cisco pix_firewall_software 6.3(1)
avaya sg200 4.4
checkpoint firewall-1 next_generation_fp2
avaya s8500 r2.0.0
cisco firewall_services_module *
cisco pix_firewall_software 6.0(4)
openssl openssl 0.9.7a
avaya intuity_audix *
cisco firewall_services_module 1.1_(3.005)
stonesoft stonegate 2.1
cisco ios 12.1(11b)e12
openssl openssl 0.9.6g
novell edirectory 8.7.1
cisco pix_firewall_software 6.0(3)
freebsd freebsd 5.1
bluecoat cacheos_ca_sa 4.1.12
novell imanager 2.0
cisco gss_4490_global_site_selector *
stonesoft stonegate 2.2.4
cisco pix_firewall_software 6.2(3)
checkpoint vpn-1 next_generation_fp0
sco openserver 5.0.7
stonesoft stonegate 1.5.18
freebsd freebsd 4.9
avaya s8300 r2.0.1
stonesoft servercluster 2.5
cisco ios 12.1(11b)e
neoteris instant_virtual_extranet 3.2
redhat linux 8.0
neoteris instant_virtual_extranet 3.0
lite speed_technologies_litespeed_web_server 1.0.3
hp wbem a.02.00.01
checkpoint vpn-1 vsx_ng_with_application_intelligence
checkpoint firewall-1 next_generation_fp1
redhat openssl 0.9.6b-3
lite speed_technologies_litespeed_web_server 1.2.2
stonesoft stonegate_vpn_client 1.7
avaya s8300 r2.0.0
cisco webns 7.2_0.0.03
vmware gsx_server 2.5.1_build_5336
openssl openssl 0.9.6e
openssl openssl 0.9.7
openssl openssl 0.9.7b
hp hp-ux 11.11
cisco pix_firewall_software 6.2
avaya intuity_audix 5.1.46
avaya vsu 10000_r2.0.1
vmware gsx_server 2.0.1_build_2129
securecomputing sidewinder 5.2.0.01
bluecoat cacheos_ca_sa 4.1.10
neoteris instant_virtual_extranet 3.3.1
stonesoft servercluster 2.5.2
cisco ios 12.2(14)sy1
stonesoft stonebeat_fullcluster 2.5
cisco ios 12.2(14)sy
dell bsafe_ssl-j 3.1
cisco pix_firewall_software 6.1(4)
avaya sg208 4.4
cisco pix_firewall_software 6.0(4.101)
sco openserver 5.0.6
apple mac_os_x 10.3.3
checkpoint vpn-1 next_generation_fp1
stonesoft stonebeat_fullcluster 1_2.0
openbsd openbsd 3.3
cisco webns 6.10
sgi propack 2.4
checkpoint vpn-1 next_generation_fp2
hp apache-based_web_server 2.0.43.00
cisco css_secure_content_accelerator 2.0
cisco pix_firewall_software 6.3(3.102)
dell bsafe_ssl-j 3.0.1
sgi propack 3.0
cisco css11000_content_services_switch *
lite speed_technologies_litespeed_web_server 1.3_rc1
openssl openssl 0.9.6c
avaya sg5 4.2
checkpoint firewall-1 *
cisco pix_firewall_software 6.0(2)
avaya s8500 r2.0.1
stonesoft stonegate 1.7
lite speed_technologies_litespeed_web_server 1.0.1
stonesoft stonegate_vpn_client 2.0.7
avaya vsu 2000_r2.0.1
tarantella tarantella_enterprise 3.30
4d webstar 5.3
lite speed_technologies_litespeed_web_server 1.2_rc2
lite speed_technologies_litespeed_web_server 1.2.1
cisco threat_response *
tarantella tarantella_enterprise 3.40
4d webstar 5.2.1
freebsd freebsd 5.2
cisco call_manager *
stonesoft stonegate 1.7.1
tarantella tarantella_enterprise 3.20
checkpoint firewall-1 2.0
cisco ios 12.1(11)e
cisco ciscoworks_common_management_foundation 2.1
openssl openssl 0.9.6i
stonesoft stonegate_vpn_client 1.7.2
novell edirectory 8.5
stonesoft stonegate_vpn_client 2.0
redhat enterprise_linux_desktop 3.0
neoteris instant_virtual_extranet 3.1
stonesoft stonegate 2.0.6
hp wbem a.01.05.08
hp hp-ux 11.00
4d webstar 5.2.4
avaya sg200 4.31.29
cisco pix_firewall_software 6.1
apple mac_os_x_server 10.3.3
stonesoft stonegate 1.5.17
cisco mds_9000 *
stonesoft stonegate 2.0.5
vmware gsx_server 2.0
stonesoft stonegate 2.0.7
cisco pix_firewall_software 6.2(3.100)
stonesoft stonebeat_webcluster 2.0
cisco ciscoworks_common_services 2.2
stonesoft stonegate 2.2
lite speed_technologies_litespeed_web_server 1.0.2
cisco webns 7.1_0.2.06
novell edirectory 8.6.2
cisco firewall_services_module 1.1.3
securecomputing sidewinder 5.2.0.04
cisco pix_firewall_software 6.2(1)
avaya s8700 r2.0.1
lite speed_technologies_litespeed_web_server 1.1.1
stonesoft stonegate 1.6.3
securecomputing sidewinder 5.2.0.02
novell edirectory 8.5.12a
novell imanager 1.5
openssl openssl 0.9.6k
securecomputing sidewinder 5.2.1.02
avaya vsu 100_r2.0.1
cisco ios 12.1(11b)e14
stonesoft stonebeat_fullcluster 3.0
cisco ios 12.1(19)e1
cisco pix_firewall_software 6.0
cisco access_registrar *
4d webstar 5.2.3
stonesoft stonegate 1.6.2
hp aaa_server *
avaya sg5 4.4
stonesoft stonegate 2.0.1
stonesoft stonegate 1.7.2
securecomputing sidewinder 5.2.1
avaya intuity_audix s3210
openbsd openbsd 3.4
4d webstar 4.0
avaya s8700 r2.0.0
cisco pix_firewall 6.2.2_.111
openssl openssl 0.9.7c
avaya vsu 5000_r2.0.1
lite speed_technologies_litespeed_web_server 1.1
cisco webns 7.1_0.1.02
cisco css_secure_content_accelerator 1.0
openssl openssl 0.9.6j
stonesoft stonebeat_webcluster 2.5
securecomputing sidewinder 5.2
stonesoft stonebeat_securitycluster 2.0
openssl openssl 0.9.6f
vmware gsx_server 2.5.1
cisco ios 12.2sy
bluecoat proxysg *
redhat linux 7.2
redhat enterprise_linux 3.0
cisco ios 12.1(13)e9
cisco pix_firewall_software 6.1(5)
cisco firewall_services_module 1.1.2
sgi propack 2.3
stonesoft stonegate 2.2.1
lite speed_technologies_litespeed_web_server 1.2_rc1
checkpoint firewall-1 next_generation_fp0
avaya vsu 5x
cisco pix_firewall_software 6.3(2)
checkpoint provider-1 4.1
cisco secure_content_accelerator 10000
cisco firewall_services_module 2.1_(0.208)
cisco pix_firewall_software 6.3
hp hp-ux 8.05
4d webstar 5.2.2
freebsd freebsd 4.8
cisco pix_firewall_software 6.3(3.109)
cisco okena_stormwatch 3.2
symantec clientless_vpn_gateway_4400 5.0
avaya vsu 5
lite speed_technologies_litespeed_web_server 1.3
4d webstar 5.2
cisco pix_firewall_software 6.1(3)
neoteris instant_virtual_extranet 3.3
dell bsafe_ssl-j 3.0
hp wbem a.02.00.00
cisco webns 6.10_b4
avaya sg208 *
avaya vsu 500
lite speed_technologies_litespeed_web_server 1.3_rc2
cisco pix_firewall_software 6.1(1)
4d webstar 5.3.1
stonesoft stonegate 2.0.8
cisco gss_4480_global_site_selector *
cisco ios 12.2za
openssl openssl 0.9.6d
vmware gsx_server 3.0_build_7592
redhat linux 7.3
stonesoft stonegate 2.0.4
novell edirectory 8.5.27
avaya sg203 4.31.29
avaya vsu 7500_r2.0.1
avaya sg203 4.4
lite speed_technologies_litespeed_web_server 1.3_rc3
stonesoft stonegate_vpn_client 2.0.8
stonesoft stonebeat_fullcluster 2.0
freebsd freebsd 5.2.1
cisco content_services_switch_11500 *
redhat openssl 0.9.6-15
stonesoft stonegate_vpn_client 2.0.9
openssl openssl 0.9.6h
cisco application_and_content_networking_software *
novell edirectory 8.0
avaya converged_communications_server 2.0
avaya intuity_audix s3400
cisco pix_firewall_software 6.0(1)
stonesoft stonebeat_securitycluster 2.5
redhat openssl 0.9.7a-2
cisco pix_firewall_software 6.1(2)
cisco webns 7.10
novell edirectory 8.7
cisco webns 7.10_.0.06s
stonesoft stonegate 2.0.9
sun crypto_accelerator_4000 1.0
CVE-2004-0081 MEDIUM

OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cisco pix_firewall_software 6.2(2)
hp apache-based_web_server 2.0.43.04
avaya sg5 4.3
securecomputing sidewinder 5.2.0.03
lite speed_technologies_litespeed_web_server 1.3.1
stonesoft stonebeat_fullcluster 1_3.0
hp hp-ux 11.23
cisco pix_firewall_software 6.3(1)
avaya sg200 4.4
checkpoint firewall-1 next_generation_fp2
avaya s8500 r2.0.0
cisco firewall_services_module *
cisco pix_firewall_software 6.0(4)
openssl openssl 0.9.7a
avaya intuity_audix *
cisco firewall_services_module 1.1_(3.005)
stonesoft stonegate 2.1
cisco ios 12.1(11b)e12
openssl openssl 0.9.6g
novell edirectory 8.7.1
cisco pix_firewall_software 6.0(3)
freebsd freebsd 5.1
bluecoat cacheos_ca_sa 4.1.12
novell imanager 2.0
cisco gss_4490_global_site_selector *
stonesoft stonegate 2.2.4
cisco pix_firewall_software 6.2(3)
checkpoint vpn-1 next_generation_fp0
sco openserver 5.0.7
stonesoft stonegate 1.5.18
freebsd freebsd 4.9
avaya s8300 r2.0.1
stonesoft servercluster 2.5
cisco ios 12.1(11b)e
neoteris instant_virtual_extranet 3.2
redhat linux 8.0
neoteris instant_virtual_extranet 3.0
lite speed_technologies_litespeed_web_server 1.0.3
hp wbem a.02.00.01
checkpoint vpn-1 vsx_ng_with_application_intelligence
checkpoint firewall-1 next_generation_fp1
redhat openssl 0.9.6b-3
lite speed_technologies_litespeed_web_server 1.2.2
stonesoft stonegate_vpn_client 1.7
avaya s8300 r2.0.0
cisco webns 7.2_0.0.03
vmware gsx_server 2.5.1_build_5336
openssl openssl 0.9.6e
openssl openssl 0.9.7
openssl openssl 0.9.7b
hp hp-ux 11.11
cisco pix_firewall_software 6.2
avaya intuity_audix 5.1.46
avaya vsu 10000_r2.0.1
vmware gsx_server 2.0.1_build_2129
securecomputing sidewinder 5.2.0.01
bluecoat cacheos_ca_sa 4.1.10
neoteris instant_virtual_extranet 3.3.1
stonesoft servercluster 2.5.2
cisco ios 12.2(14)sy1
stonesoft stonebeat_fullcluster 2.5
cisco ios 12.2(14)sy
dell bsafe_ssl-j 3.1
cisco pix_firewall_software 6.1(4)
avaya sg208 4.4
cisco pix_firewall_software 6.0(4.101)
sco openserver 5.0.6
apple mac_os_x 10.3.3
checkpoint vpn-1 next_generation_fp1
stonesoft stonebeat_fullcluster 1_2.0
openbsd openbsd 3.3
cisco webns 6.10
sgi propack 2.4
hp apache-based_web_server 2.0.43.00
cisco css_secure_content_accelerator 2.0
cisco pix_firewall_software 6.3(3.102)
dell bsafe_ssl-j 3.0.1
sgi propack 3.0
cisco css11000_content_services_switch *
lite speed_technologies_litespeed_web_server 1.3_rc1
openssl openssl 0.9.6c
avaya sg5 4.2
checkpoint firewall-1 *
cisco pix_firewall_software 6.0(2)
avaya s8500 r2.0.1
stonesoft stonegate 1.7
lite speed_technologies_litespeed_web_server 1.0.1
stonesoft stonegate_vpn_client 2.0.7
avaya vsu 2000_r2.0.1
tarantella tarantella_enterprise 3.30
4d webstar 5.3
lite speed_technologies_litespeed_web_server 1.2_rc2
lite speed_technologies_litespeed_web_server 1.2.1
cisco threat_response *
tarantella tarantella_enterprise 3.40
4d webstar 5.2.1
freebsd freebsd 5.2
cisco call_manager *
stonesoft stonegate 1.7.1
tarantella tarantella_enterprise 3.20
checkpoint firewall-1 2.0
cisco ios 12.1(11)e
cisco ciscoworks_common_management_foundation 2.1
openssl openssl 0.9.6i
stonesoft stonegate_vpn_client 1.7.2
novell edirectory 8.5
stonesoft stonegate_vpn_client 2.0
redhat enterprise_linux_desktop 3.0
neoteris instant_virtual_extranet 3.1
stonesoft stonegate 2.0.6
hp wbem a.01.05.08
hp hp-ux 11.00
4d webstar 5.2.4
avaya sg200 4.31.29
cisco pix_firewall_software 6.1
apple mac_os_x_server 10.3.3
stonesoft stonegate 1.5.17
cisco mds_9000 *
stonesoft stonegate 2.0.5
vmware gsx_server 2.0
stonesoft stonegate 2.0.7
cisco pix_firewall_software 6.2(3.100)
stonesoft stonebeat_webcluster 2.0
cisco ciscoworks_common_services 2.2
stonesoft stonegate 2.2
lite speed_technologies_litespeed_web_server 1.0.2
cisco webns 7.1_0.2.06
novell edirectory 8.6.2
cisco firewall_services_module 1.1.3
securecomputing sidewinder 5.2.0.04
cisco pix_firewall_software 6.2(1)
avaya s8700 r2.0.1
lite speed_technologies_litespeed_web_server 1.1.1
stonesoft stonegate 1.6.3
securecomputing sidewinder 5.2.0.02
novell edirectory 8.5.12a
novell imanager 1.5
openssl openssl 0.9.6k
securecomputing sidewinder 5.2.1.02
avaya vsu 100_r2.0.1
cisco ios 12.1(11b)e14
stonesoft stonebeat_fullcluster 3.0
cisco ios 12.1(19)e1
cisco pix_firewall_software 6.0
cisco access_registrar *
4d webstar 5.2.3
stonesoft stonegate 1.6.2
hp aaa_server *
avaya sg5 4.4
stonesoft stonegate 2.0.1
stonesoft stonegate 1.7.2
securecomputing sidewinder 5.2.1
avaya intuity_audix s3210
openbsd openbsd 3.4
4d webstar 4.0
avaya s8700 r2.0.0
cisco pix_firewall 6.2.2_.111
openssl openssl 0.9.7c
avaya vsu 5000_r2.0.1
lite speed_technologies_litespeed_web_server 1.1
cisco webns 7.1_0.1.02
cisco css_secure_content_accelerator 1.0
openssl openssl 0.9.6j
stonesoft stonebeat_webcluster 2.5
securecomputing sidewinder 5.2
stonesoft stonebeat_securitycluster 2.0
openssl openssl 0.9.6f
vmware gsx_server 2.5.1
cisco ios 12.2sy
bluecoat proxysg *
redhat linux 7.2
redhat enterprise_linux 3.0
cisco ios 12.1(13)e9
cisco pix_firewall_software 6.1(5)
cisco firewall_services_module 1.1.2
sgi propack 2.3
stonesoft stonegate 2.2.1
lite speed_technologies_litespeed_web_server 1.2_rc1
checkpoint firewall-1 next_generation_fp0
avaya vsu 5x
cisco pix_firewall_software 6.3(2)
checkpoint provider-1 4.1
cisco secure_content_accelerator 10000
cisco firewall_services_module 2.1_(0.208)
cisco pix_firewall_software 6.3
hp hp-ux 8.05
4d webstar 5.2.2
freebsd freebsd 4.8
cisco pix_firewall_software 6.3(3.109)
cisco okena_stormwatch 3.2
symantec clientless_vpn_gateway_4400 5.0
avaya vsu 5
lite speed_technologies_litespeed_web_server 1.3
4d webstar 5.2
cisco pix_firewall_software 6.1(3)
neoteris instant_virtual_extranet 3.3
dell bsafe_ssl-j 3.0
hp wbem a.02.00.00
cisco webns 6.10_b4
avaya sg208 *
avaya vsu 500
lite speed_technologies_litespeed_web_server 1.3_rc2
cisco pix_firewall_software 6.1(1)
4d webstar 5.3.1
stonesoft stonegate 2.0.8
checkpoint vpn-1 next_generation
cisco gss_4480_global_site_selector *
cisco ios 12.2za
openssl openssl 0.9.6d
vmware gsx_server 3.0_build_7592
redhat linux 7.3
stonesoft stonegate 2.0.4
novell edirectory 8.5.27
avaya sg203 4.31.29
avaya vsu 7500_r2.0.1
avaya sg203 4.4
lite speed_technologies_litespeed_web_server 1.3_rc3
stonesoft stonegate_vpn_client 2.0.8
stonesoft stonebeat_fullcluster 2.0
freebsd freebsd 5.2.1
cisco content_services_switch_11500 *
redhat openssl 0.9.6-15
stonesoft stonegate_vpn_client 2.0.9
openssl openssl 0.9.6h
cisco application_and_content_networking_software *
novell edirectory 8.0
avaya converged_communications_server 2.0
avaya intuity_audix s3400
cisco pix_firewall_software 6.0(1)
stonesoft stonebeat_securitycluster 2.5
redhat openssl 0.9.7a-2
cisco pix_firewall_software 6.1(2)
cisco webns 7.10
novell edirectory 8.7
cisco webns 7.10_.0.06s
stonesoft stonegate 2.0.9
sun crypto_accelerator_4000 1.0
CVE-2004-0112 MEDIUM

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
forcepoint stonegate 1.6.2
cisco pix_firewall_software 6.2(2)
forcepoint stonegate 1.5.17
hp apache-based_web_server 2.0.43.04
avaya sg5 4.3
securecomputing sidewinder 5.2.0.03
stonesoft stonebeat_fullcluster 1_3.0
hp hp-ux 11.23
cisco pix_firewall_software 6.3(1)
avaya sg200 4.4
checkpoint firewall-1 next_generation_fp2
avaya s8500 r2.0.0
cisco firewall_services_module *
cisco pix_firewall_software 6.0(4)
openssl openssl 0.9.7a
avaya intuity_audix *
cisco firewall_services_module 1.1_(3.005)
cisco ios 12.1(11b)e12
openssl openssl 0.9.6g
novell edirectory 8.7.1
cisco pix_firewall_software 6.0(3)
freebsd freebsd 5.1
bluecoat cacheos_ca_sa 4.1.12
novell imanager 2.0
cisco gss_4490_global_site_selector *
cisco pix_firewall_software 6.2(3)
checkpoint vpn-1 next_generation_fp0
sco openserver 5.0.7
freebsd freebsd 4.9
avaya s8300 r2.0.1
stonesoft servercluster 2.5
forcepoint stonegate 2.2.4
cisco ios 12.1(11b)e
neoteris instant_virtual_extranet 3.2
redhat linux 8.0
neoteris instant_virtual_extranet 3.0
hp wbem a.02.00.01
forcepoint stonegate 1.7.2
checkpoint vpn-1 vsx_ng_with_application_intelligence
checkpoint firewall-1 next_generation_fp1
redhat openssl 0.9.6b-3
avaya s8300 r2.0.0
cisco webns 7.2_0.0.03
litespeedtech litespeed_web_server 1.0.1
vmware gsx_server 2.5.1_build_5336
openssl openssl 0.9.6e
openssl openssl 0.9.7
openssl openssl 0.9.7b
hp hp-ux 11.11
cisco pix_firewall_software 6.2
avaya intuity_audix 5.1.46
avaya vsu 10000_r2.0.1
vmware gsx_server 2.0.1_build_2129
securecomputing sidewinder 5.2.0.01
bluecoat cacheos_ca_sa 4.1.10
neoteris instant_virtual_extranet 3.3.1
stonesoft servercluster 2.5.2
cisco ios 12.2(14)sy1
stonesoft stonebeat_fullcluster 2.5
cisco ios 12.2(14)sy
dell bsafe_ssl-j 3.1
cisco pix_firewall_software 6.1(4)
avaya sg208 4.4
cisco pix_firewall_software 6.0(4.101)
sco openserver 5.0.6
apple mac_os_x 10.3.3
checkpoint vpn-1 next_generation_fp1
stonesoft stonebeat_fullcluster 1_2.0
openbsd openbsd 3.3
cisco webns 6.10
sgi propack 2.4
checkpoint vpn-1 next_generation_fp2
hp apache-based_web_server 2.0.43.00
cisco css_secure_content_accelerator 2.0
cisco pix_firewall_software 6.3(3.102)
dell bsafe_ssl-j 3.0.1
sgi propack 3.0
cisco css11000_content_services_switch *
openssl openssl 0.9.6c
avaya sg5 4.2
checkpoint firewall-1 *
cisco pix_firewall_software 6.0(2)
avaya s8500 r2.0.1
avaya vsu 2000_r2.0.1
tarantella tarantella_enterprise 3.30
4d webstar 5.3
cisco threat_response *
tarantella tarantella_enterprise 3.40
4d webstar 5.2.1
freebsd freebsd 5.2
forcepoint stonegate 2.0.5
cisco call_manager *
tarantella tarantella_enterprise 3.20
checkpoint firewall-1 2.0
cisco ios 12.1(11)e
cisco ciscoworks_common_management_foundation 2.1
openssl openssl 0.9.6i
forcepoint stonegate 2.0.9
novell edirectory 8.5
forcepoint stonegate 2.0.1
redhat enterprise_linux_desktop 3.0
neoteris instant_virtual_extranet 3.1
hp wbem a.01.05.08
hp hp-ux 11.00
forcepoint stonegate 2.0.7
4d webstar 5.2.4
avaya sg200 4.31.29
cisco pix_firewall_software 6.1
apple mac_os_x_server 10.3.3
cisco mds_9000 *
vmware gsx_server 2.0
forcepoint stonegate 2.0.6
cisco pix_firewall_software 6.2(3.100)
stonesoft stonebeat_webcluster 2.0
cisco ciscoworks_common_services 2.2
cisco webns 7.1_0.2.06
novell edirectory 8.6.2
cisco firewall_services_module 1.1.3
securecomputing sidewinder 5.2.0.04
cisco pix_firewall_software 6.2(1)
avaya s8700 r2.0.1
securecomputing sidewinder 5.2.0.02
novell edirectory 8.5.12a
novell imanager 1.5
openssl openssl 0.9.6k
securecomputing sidewinder 5.2.1.02
avaya vsu 100_r2.0.1
cisco ios 12.1(11b)e14
stonesoft stonebeat_fullcluster 3.0
cisco ios 12.1(19)e1
cisco pix_firewall_software 6.0
forcepoint stonegate 2.0.8
cisco access_registrar *
4d webstar 5.2.3
forcepoint stonegate 1.7
forcepoint stonegate 1.5.18
hp aaa_server *
avaya sg5 4.4
securecomputing sidewinder 5.2.1
avaya intuity_audix s3210
openbsd openbsd 3.4
4d webstar 4.0
avaya s8700 r2.0.0
cisco pix_firewall 6.2.2_.111
openssl openssl 0.9.7c
avaya vsu 5000_r2.0.1
cisco webns 7.1_0.1.02
cisco css_secure_content_accelerator 1.0
openssl openssl 0.9.6j
stonesoft stonebeat_webcluster 2.5
securecomputing sidewinder 5.2
stonesoft stonebeat_securitycluster 2.0
openssl openssl 0.9.6f
vmware gsx_server 2.5.1
forcepoint stonegate 2.0.4
cisco ios 12.2sy
bluecoat proxysg *
redhat linux 7.2
redhat enterprise_linux 3.0
cisco ios 12.1(13)e9
cisco pix_firewall_software 6.1(5)
cisco firewall_services_module 1.1.2
sgi propack 2.3
forcepoint stonegate 2.1
checkpoint firewall-1 next_generation_fp0
forcepoint stonegate 2.2.1
avaya vsu 5x
cisco pix_firewall_software 6.3(2)
checkpoint provider-1 4.1
cisco secure_content_accelerator 10000
cisco firewall_services_module 2.1_(0.208)
cisco pix_firewall_software 6.3
hp hp-ux 8.05
4d webstar 5.2.2
freebsd freebsd 4.8
cisco pix_firewall_software 6.3(3.109)
cisco okena_stormwatch 3.2
symantec clientless_vpn_gateway_4400 5.0
avaya vsu 5
4d webstar 5.2
cisco pix_firewall_software 6.1(3)
neoteris instant_virtual_extranet 3.3
dell bsafe_ssl-j 3.0
hp wbem a.02.00.00
forcepoint stonegate 2.2
cisco webns 6.10_b4
avaya sg208 *
avaya vsu 500
cisco pix_firewall_software 6.1(1)
4d webstar 5.3.1
forcepoint stonegate 1.6.3
cisco gss_4480_global_site_selector *
cisco ios 12.2za
openssl openssl 0.9.6d
vmware gsx_server 3.0_build_7592
redhat linux 7.3
novell edirectory 8.5.27
avaya sg203 4.31.29
avaya vsu 7500_r2.0.1
avaya sg203 4.4
forcepoint stonegate 1.7.1
stonesoft stonebeat_fullcluster 2.0
freebsd freebsd 5.2.1
cisco content_services_switch_11500 *
redhat openssl 0.9.6-15
openssl openssl 0.9.6h
cisco application_and_content_networking_software *
novell edirectory 8.0
avaya converged_communications_server 2.0
avaya intuity_audix s3400
cisco pix_firewall_software 6.0(1)
stonesoft stonebeat_securitycluster 2.5
redhat openssl 0.9.7a-2
cisco pix_firewall_software 6.1(2)
cisco webns 7.10
novell edirectory 8.7
cisco webns 7.10_.0.06s
sun crypto_accelerator_4000 1.0
CVE-2004-0331 MEDIUM

Heap-based buffer overflow in Dell OpenManage Web Server 3.4.0 allows remote attackers to cause a denial of service (crash) via a HTTP POST with a long application variable.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
dell openmanage 3.2
dell openmanage 3.7
dell openmanage 3.7.1
dell openmanage 3.4
CVE-2004-2359 HIGH

Dell TrueMobile 1300 WLAN Mini-PCI Card Util TrayApplet 3.10.39.0 does not properly drop SYSTEM privileges when started from the systray applet, which allows local users to gain privileges by accessing the Help functionality.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
dell truemobile_1300_wlan_mini-pci_card_util_trayapplet 3.10.39.0
CVE-2005-3661 MEDIUM

Dell TrueMobile 2300 Wireless Broadband Router running firmware 3.0.0.8 and 5.1.1.6, and possibly other versions, allows remote attackers to reset authentication credentials, then change configuration or firmware, via a direct request to apply.cgi with the Page parameter set to adv_password.asp.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
dell truemobile_2300_wireless_broadband_router 5.1.1.6
dell truemobile_2300_wireless_broadband_router 3.0.0.8
CVE-2006-3470 HIGH

The Dell Openmanage CD launches X11 and SSH daemons that do not require authentication, which allows remote attackers to gain privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
dell openmanage_cd *
CVE-2009-0693 HIGH

Multiple buffer overflows in Wyse Device Manager (WDM) 4.7.x allow remote attackers to execute arbitrary code via (1) the User-Agent HTTP header to hserver.dll or (2) unspecified input to hagent.exe.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
dell wyse_device_manager 4.7.1
dell wyse_device_manager 4.7.2
dell wyse_device_manager 4.7.0
CVE-2009-0695 HIGH

hagent.exe in Wyse Device Manager (WDM) 4.7.x does not require authentication for commands, which allows remote attackers to obtain management access via a crafted query, as demonstrated by a V52 query that triggers a power-off action.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
dell wyse_device_manager 4.7.1
dell wyse_device_manager 4.7.2
dell wyse_device_manager 4.7.0
CVE-2011-0329 MEDIUM

Directory traversal vulnerability in the GetData method in the Dell DellSystemLite.Scanner ActiveX control in DellSystemLite.ocx 1.0.0.0 allows remote attackers to read arbitrary files via directory traversal sequences in the fileID parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
dell dellsystemlite.scanner_activex_control 1.0.0.0
CVE-2011-0330 MEDIUM

The Dell DellSystemLite.Scanner ActiveX control in DellSystemLite.ocx 1.0.0.0 does not properly restrict the values of the WMIAttributesOfInterest property, which allows remote attackers to execute arbitrary WMI Query Language (WQL) statements via a crafted value, as demonstrated by a value that triggers disclosure of information about installed software.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
dell dellsystemlite.scanner_activex_control 1.0.0.0
CVE-2011-1672 MEDIUM

The Dell KACE K2000 Systems Deployment Appliance 3.3.36822 and earlier contains a peinst CIFS share, which allows remote attackers to obtain sensitive information by reading the (1) unattend.xml or (2) sysprep.inf file, as demonstrated by reading a password.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
dell kace_k2000_systems_deployment_appliance *
CVE-2011-4046 MEDIUM

The Dell KACE K2000 System Deployment Appliance stores the recovery account password in cleartext within a PHP script, which allows context-dependent attackers to obtain sensitive information by examining script source code.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
dell kace_k2000_systems_deployment_appliance *
CVE-2011-4047 HIGH

The Dell KACE K2000 System Deployment Appliance allows remote attackers to execute arbitrary commands by leveraging database write access.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
dell kace_k2000_systems_deployment_appliance *
CVE-2011-4048 MEDIUM

The Dell KACE K2000 System Deployment Appliance has a default username and password for the read-only reporting account, which makes it easier for remote attackers to obtain sensitive information from the database by leveraging the default credentials.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-255,

Products Affected

Vendor Product Version
dell kace_k2000_systems_deployment_appliance *
CVE-2011-4436 LOW

Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface on the Dell KACE K2000 System Deployment Appliance allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
dell kace_k2000_systems_deployment_appliance *
CVE-2012-1841 MEDIUM

Absolute path traversal vulnerability in logShow.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to read arbitrary files via a full pathname in the file parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
quantum scalar_i500_firmware i6.1
quantum scalar_i500_firmware sp4.2
quantum scalar_i500_firmware sp4
dell powervault_ml6000_firmware 585g.gs003
quantum scalar_i500_firmware i2
dell powervault_ml6010 5u
quantum scalar_i500 5u
quantum scalar_i500_firmware i3
quantum scalar_i500_firmware i5
quantum scalar_i500_firmware i6
quantum scalar_i500_firmware i3.1
dell powervault_ml6030 23u
dell powervault_ml6020 14u
quantum scalar_i500_firmware i7.0.1
quantum scalar_i500_firmware i4
dell powervault_ml6000 32u
quantum scalar_i500 23u
dell powervault_ml6000 41u
quantum scalar_i500 14u
quantum scalar_i500_firmware *
quantum scalar_i500_firmware i5.1
quantum scalar_i500_firmware i7
CVE-2012-1842 LOW

Cross-site scripting (XSS) vulnerability in checkQKMProg.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
quantum scalar_i500_firmware i6.1
quantum scalar_i500_firmware sp4.2
quantum scalar_i500_firmware sp4
dell powervault_ml6000_firmware 585g.gs003
quantum scalar_i500_firmware i2
dell powervault_ml6010 5u
quantum scalar_i500 5u
quantum scalar_i500_firmware i3
quantum scalar_i500_firmware i5
quantum scalar_i500_firmware i6
quantum scalar_i500_firmware i3.1
dell powervault_ml6030 23u
dell powervault_ml6020 14u
quantum scalar_i500_firmware i7.0.1
quantum scalar_i500_firmware i4
dell powervault_ml6000 32u
quantum scalar_i500 23u
dell powervault_ml6000 41u
quantum scalar_i500 14u
quantum scalar_i500_firmware *
quantum scalar_i500_firmware i5.1
quantum scalar_i500_firmware i7
CVE-2012-1843 MEDIUM

Cross-site request forgery (CSRF) vulnerability in saveRestore.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to hijack the authentication of users for requests that execute Linux commands via the fileName parameter, related to a "command-injection vulnerability."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
quantum scalar_i500_firmware i6.1
quantum scalar_i500_firmware sp4.2
quantum scalar_i500_firmware sp4
dell powervault_ml6000_firmware 585g.gs003
quantum scalar_i500_firmware i2
dell powervault_ml6010 5u
quantum scalar_i500 5u
quantum scalar_i500_firmware i3
quantum scalar_i500_firmware i5
quantum scalar_i500_firmware i6
quantum scalar_i500_firmware i3.1
dell powervault_ml6030 23u
dell powervault_ml6020 14u
quantum scalar_i500_firmware i7.0.1
quantum scalar_i500_firmware i4
dell powervault_ml6000 32u
quantum scalar_i500 23u
dell powervault_ml6000 41u
quantum scalar_i500 14u
quantum scalar_i500_firmware *
quantum scalar_i500_firmware i5.1
quantum scalar_i500_firmware i7
CVE-2012-1844 HIGH

The Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100) and the IBM TS3310 tape library with firmware before R6C (606G.GS001), uses default passwords for unspecified user accounts, which makes it easier for remote attackers to obtain access via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,

Products Affected

Vendor Product Version
quantum scalar_i500_firmware i6.1
quantum scalar_i500_firmware sp4.2
dell powervault_ml6010 5u
quantum scalar_i500 5u
quantum scalar_i500_firmware i6
quantum scalar_i500_firmware i3.1
dell powervault_ml6030 23u
dell powervault_ml6020 14u
quantum scalar_i500_firmware i7.0.1
quantum scalar_i500_firmware i4
ibm ts3310_tape_library_firmware *
ibm ts3310_tape_library 3576
quantum scalar_i500_firmware *
quantum scalar_i500_firmware i5.1
quantum scalar_i500_firmware i7
quantum scalar_i500_firmware sp4
dell powervault_ml6000_firmware 585g.gs003
quantum scalar_i500_firmware i2
quantum scalar_i500_firmware i3
quantum scalar_i500_firmware i5
dell powervault_ml6000 32u
quantum scalar_i500 23u
dell powervault_ml6000 41u
quantum scalar_i500 14u
ibm ts3310_tape_library 3573
CVE-2012-6272 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Dell OpenManage Server Administrator 6.5.0.1, 7.0.0.1, and 7.1.0.1 allow remote attackers to inject arbitrary web script or HTML via the topic parameter to html/index_main.htm in (1) help/sm/en/Output/wwhelp/wwhimpl/js/, (2) help/sm/es/Output/wwhelp/wwhimpl/js/, (3) help/sm/ja/Output/wwhelp/wwhimpl/js/, (4) help/sm/de/Output/wwhelp/wwhimpl/js/, (5) help/sm/fr/Output/wwhelp/wwhimpl/js/, (6) help/sm/zh/Output/wwhelp/wwhimpl/js/, (7) help/hip/en/msgguide/wwhelp/wwhimpl/js/, or (8) help/hip/en/msgguide/wwhelp/wwhimpl/common/.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
dell openmanage_server_administrator 6.5.0.1
dell openmanage_server_administrator 7.1.0.1
dell openmanage_server_administrator 7.0.0.1
CVE-2013-0120 HIGH

The web interface on Dell PowerConnect 6248P switches allows remote attackers to cause a denial of service (device crash) via a malformed request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
dell powerconnect_6248p -
CVE-2013-0740 MEDIUM

Open redirect vulnerability in Dell OpenManage Server Administrator (OMSA) before 7.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the file parameter to HelpViewer.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
dell openmanage_server_administrator 7.1.0
dell openmanage_server_administrator 7.1.0.1
dell openmanage_server_administrator 7.0.0
dell openmanage_server_administrator 7.0.0.1
dell openmanage_server_administrator *
CVE-2013-3287 LOW

EMC Unisphere for VMAX before 1.6.1.6, when using an unspecified level of debug logging in LDAP configurations, allows local users to discover the cleartext LDAP bind password by reading the console.

CVSS 2.0

Severity: LOW

Problem Type: CWE-310,

Products Affected

Vendor Product Version
dell emc_unisphere 1.1
dell emc_unisphere 1.5
dell emc_unisphere *
dell emc_unisphere 1.0
CVE-2013-3304 MEDIUM

Directory traversal vulnerability in Dell EqualLogic PS4000 with firmware 6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
dell equallogic_ps4000_firmware 6.0
CVE-2013-3582 HIGH

Buffer overflow in Dell BIOS on Dell Latitude D###, E####, XT2, and Z600 devices, and Dell Precision M#### devices, allows local users to bypass intended BIOS signing requirements and install arbitrary BIOS images by leveraging administrative privileges and providing a crafted rbu_packet.pktNum value in conjunction with a crafted rbu_packet.pktSize value.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
dell latitude_e6500 -
dell precision_m2300 -
dell latitude_d630 -
dell latitude_e6400_atg -
dell latitude_e5500 -
dell latitude_e6400 -
dell precision_m6300 -
dell latitude_e4200 -
dell latitude_d830 -
dell latitude_e4300 -
dell precision_m4300 -
dell latitude_z600 -
dell latitude_d530 -
dell latitude_d531 -
dell latitude_xt2 -
dell latitude_d631 -
dell latitude_e6400_atg_xfr -
dell precision_m2400 -
dell precision_m4400 -
dell precision_m6400 -
dell precision_m6500 -
dell latitude_e5400 -
CVE-2013-3589 MEDIUM

Cross-site scripting (XSS) vulnerability in the login page in the Administrative Web Interface on Dell iDRAC6 monolithic devices with firmware before 1.96 and iDRAC7 devices with firmware before 1.46.45 allows remote attackers to inject arbitrary web script or HTML via the ErrorMsg parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
dell idrac7_firmware *
dell idrac7_firmware 1.10.10
dell idrac6_firmware 1.1
dell idrac6_firmware 1.2
dell idrac7_firmware 1.23.23
dell idrac7_firmware 1.37.35
dell idrac7 -
dell idrac6_firmware 1.3
dell idrac6_firmware 1.8
dell idrac6_firmware 1.5
dell idrac6_monolithic -
dell idrac6_firmware *
dell idrac6_firmware 1.6
dell idrac7_firmware 1.00.00
dell idrac7_firmware 1.06.06
dell idrac7_firmware 1.20.20
dell idrac6_firmware 1.0
CVE-2013-3594 HIGH

The SSH service on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote attackers to cause a denial of service (device reset) or possibly execute arbitrary code by sending many packets to TCP port 22.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
dell powerconnect_3524p 2.0.0.48
dell powerconnect_5324 2.0.1.4
dell powerconnect_3348 1.2.1.3
CVE-2013-3595 MEDIUM

The OpenManage web application 2.5 build 1.19 on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote authenticated users to cause a denial of service (device reset) via a direct request to an unspecified OSPF URL.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
dell powerconnect_3524p 2.0.0.48
dell powerconnect_5324 2.0.1.4
dell powerconnect_3348 1.2.1.3
CVE-2013-3606 HIGH

The login page in the GoAhead web server on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote attackers to cause a denial of service (device outage) via a long username.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
dell powerconnect_3524p 2.0.0.48
dell powerconnect_5324 2.0.1.4
dell powerconnect_3348 1.2.1.3
CVE-2013-4783 HIGH

The Dell iDRAC6 with firmware 1.x before 1.92 and 2.x and 3.x before 3.42, and iDRAC7 with firmware before 1.23.23, allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password. NOTE: the vendor disputes the significance of this issue, stating "DRAC's are intended to be on a separate management network; they are not designed nor intended to be placed on or connected to the Internet."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
dell idrac6_bmc *
CVE-2013-4785 HIGH

The web interface on the Dell iDRAC6 with firmware before 1.95 allows remote attackers to modify the CLP interface for arbitrary users and possibly have other impact via a request to an unspecified form that is accessible from testurls.html. NOTE: the vendor disputes the significance of this issue, stating "DRAC's are intended to be on a separate management network; they are not designed nor intended to be placed on or connected to the Internet."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
dell idrac6_firmware 1.7
CVE-2013-6246 MEDIUM

The Dell Quest One Password Manager, possibly 5.0, allows remote attackers to bypass CAPTCHA protections and obtain sensitive information (user's full name) by sending a login request with a valid domain and username but without the CaptchaType, UseCaptchaEveryTime, and CaptchaResponse parameters.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
dell quest_one_password_manager 5.0
CVE-2014-0330 MEDIUM

Cross-site scripting (XSS) vulnerability in adminui/user_list.php on the Dell KACE K1000 management appliance 5.5.90545 allows remote attackers to inject arbitrary web script or HTML via the LABEL_ID parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
dell kace_k1000_systems_management_appliance -
dell kace_k1000_systems_management_appliance_software 5.5.90545
CVE-2014-0625 MEDIUM

The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service (memory consumption) by triggering application-data processing during the TLS handshake, a time at which the data is internally buffered.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
emc rsa_bsafe_ssl-j 6.0.1
emc rsa_bsafe_ssl-j 5.1.1
dell bsafe_ssl-j 5.1.2
dell bsafe_ssl-j 6.0
emc rsa_bsafe_ssl-j 5.1.0
emc rsa_bsafe_ssl-j 5.0
CVE-2014-0626 MEDIUM

The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
emc rsa_bsafe_ssl-j 6.0.1
emc rsa_bsafe_ssl-j 5.1.1
dell bsafe_ssl-j 5.1.2
dell bsafe_ssl-j 6.0
emc rsa_bsafe_ssl-j 5.1.0
emc rsa_bsafe_ssl-j 5.0
CVE-2014-0627 MEDIUM

The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a certain incomplete-handshake state.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
emc rsa_bsafe_ssl-j 6.0.1
emc rsa_bsafe_ssl-j 5.1.1
dell bsafe_ssl-j 5.1.2
dell bsafe_ssl-j 6.0
emc rsa_bsafe_ssl-j 5.1.0
emc rsa_bsafe_ssl-j 5.0
CVE-2014-0628 MEDIUM

The server in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.5 does not properly process certificate chains, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
dell bsafe_micro-edition-suite 4.0.4
dell bsafe_micro-edition-suite 4.0.1
dell bsafe_micro-edition-suite 4.0.0
dell bsafe_micro-edition-suite 4.0.3
dell bsafe_micro-edition-suite 4.0.2
CVE-2014-0636 MEDIUM

EMC RSA BSAFE Micro Edition Suite (MES) 3.2.x before 3.2.6 and 4.0.x before 4.0.5 does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate chain.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
dell bsafe_micro-edition-suite 4.0.4
dell bsafe_micro-edition-suite 3.2.1
dell bsafe_micro-edition-suite 3.2.0
dell bsafe_micro-edition-suite 4.0.1
dell bsafe_micro-edition-suite 4.0.0
dell bsafe_micro-edition-suite 3.2.2
dell bsafe_micro-edition-suite 3.2.3
dell bsafe_micro-edition-suite 4.0.3
dell bsafe_micro-edition-suite 4.0.2
dell bsafe_micro-edition-suite 3.2.4
dell bsafe_micro-edition-suite 3.2.5
CVE-2014-1671 MEDIUM

Multiple SQL injection vulnerabilities in Dell KACE K1000 5.4.76847 and possibly earlier allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the macAddress element in a (1) getUploadPath or (2) getKBot SOAP request to service/kbot_service.php; the ID parameter to (3) userui/advisory_detail.php or (4) userui/ticket.php; and the (5) ORDER[] parameter to userui/ticket_list.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
dell kace_k1000_systems_management_virtual_appliance -
dell kace_k1000_systems_management_appliance -
dell kace_k1100s_systems_management_appliance -
dell kace_k1200s_systems_management_appliance -
dell kace_k1000_systems_management_appliance_software 5.4.76847
CVE-2014-2959 HIGH

logViewer.htm on the Dell ML6000 tape backup system with firmware before i8.2.0.2 (641G.GS103) and the Quantum Scalar i500 tape backup system with firmware before i8.2.2.1 (646G.GS002) allows remote attackers to execute arbitrary commands via shell metacharacters in a pathname parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
dell powervault_ml6000 32u
quantum scalar_i500 23u
dell powervault_ml6000 41u
quantum scalar_i500 14u
dell powervault_ml6000_firmware *
quantum scalar_i500 5u
quantum scalar_i500_firmware *
CVE-2014-4191 MEDIUM

The TLS implementation in EMC RSA BSAFE-C Toolkits (aka Share for C and C++) sends a long series of random bytes during use of the Dual_EC_DRBG algorithm, which makes it easier for remote attackers to obtain plaintext from TLS sessions by recovering the algorithm's inner state, a different issue than CVE-2007-6755.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
dell bsafe_share -
CVE-2014-4192 MEDIUM

The Dual_EC_DRBG implementation in EMC RSA BSAFE-C Toolkits (aka Share for C and C++) processes certain requests for output bytes by considering only the requested byte count and not the use of cached bytes, which makes it easier for remote attackers to obtain plaintext from TLS sessions by recovering the algorithm's inner state, a different issue than CVE-2007-6755.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
dell bsafe_share -
CVE-2014-4193 MEDIUM

The TLS implementation in EMC RSA BSAFE-Java Toolkits (aka Share for Java) supports the Extended Random extension during use of the Dual_EC_DRBG algorithm, which makes it easier for remote attackers to obtain plaintext from TLS sessions by requesting long nonces from a server, a different issue than CVE-2007-6755.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
dell bsafe_share -
CVE-2014-4630 MEDIUM

EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
dell bsafe_micro-edition-suite 4.0.4
dell bsafe_micro-edition-suite 4.0.1
dell bsafe_micro-edition-suite 4.0.0
dell bsafe_micro-edition-suite 4.0.3
dell bsafe_micro-edition-suite 4.0.2
dell bsafe_ssl-j *
dell bsafe_micro-edition-suite 4.0.5
CVE-2014-8272 MEDIUM

The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
dell idrac7 *
dell idrac6_monolithic *
intel ipmi 1.5
dell idrac6_modular *
CVE-2015-0533 MEDIUM

EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier allow remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message, a similar issue to CVE-2014-3572.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-327,

Products Affected

Vendor Product Version
dell bsafe *
dell bsafe_ssl-c *
CVE-2015-0534 MEDIUM

EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2, RSA BSAFE SSL-J before 6.2, and RSA BSAFE SSL-C 2.8.9 and earlier do not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, a similar issue to CVE-2014-8275.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
dell bsafe *
dell bsafe_ssl-c *
dell bsafe_ssl-j *
CVE-2015-0535 MEDIUM

EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier do not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a similar issue to CVE-2015-0204.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-327,

Products Affected

Vendor Product Version
dell bsafe *
dell bsafe_ssl-c *
CVE-2015-0536 MEDIUM

EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allow remote attackers to cause a denial of service (daemon crash) via a ClientKeyExchange message with a length of zero, a similar issue to CVE-2015-1787.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
dell bsafe *
dell bsafe_ssl-c *
CVE-2015-0537 HIGH

Integer underflow in the base64-decoding implementation in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-C Micro Edition (Crypto-C ME) before 4.0.4 and 4.1, and RSA BSAFE SSL-C 2.8.9 and earlier allows remote attackers to cause a denial of service (memory corruption or segmentation fault) or possibly have unspecified other impact via crafted base64 data, a similar issue to CVE-2015-0292.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-191,

Products Affected

Vendor Product Version
dell bsafe_crypto-c *
dell bsafe *
dell bsafe_ssl-c *
CVE-2015-0949 MEDIUM

The System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09, HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09, and possibly other BIOS implementations does not ensure that function calls operate on SMRAM memory locations, which allows local users to bypass the Secure Boot protection mechanism and gain privileges by leveraging write access to physical memory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
dell latitude_e6430_firmware a09
hp elitebook_850_g1_firmware 01.09
CVE-2015-1605 HIGH

Multiple SQL injection vulnerabilities in Dell ScriptLogic Asset Manager (aka Quest Workspace Asset Manager) before 9.5 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to (1) GetClientPackage.aspx or (2) GetProcessedPackage.aspx.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
dell asset_manager *
CVE-2015-2890 HIGH

The BIOS implementation on Dell Latitude, OptiPlex, Precision Mobile Workstation, and Precision Workstation Client Solutions (CS) devices with model-dependent firmware before A21 does not enforce a BIOS_CNTL locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging console access, a similar issue to CVE-2015-3692.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 0.8 5.2

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
dell bios *
dell bios a13
CVE-2015-4056 LOW

The System Library in VCE Vision Intelligent Operations before 2.6.5 does not properly implement cryptography, which makes it easier for local users to discover credentials by leveraging administrative access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: LOW

Problem Type: CWE-310,

Products Affected

Vendor Product Version
dell vce_vision_intelligent_operations *
CVE-2015-4057 MEDIUM

The "Plug-in for VMware vCenter" in VCE Vision Intelligent Operations before 2.6.5 sends a cleartext HTTP response upon a request for the Settings screen, which allows remote attackers to discover the admin user password by sniffing the network.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
dell vce_vision_intelligent_operations *
CVE-2015-4067 HIGH

Integer overflow in the libnv6 module in Dell NetVault Backup before 10.0.5 allows remote attackers to execute arbitrary code via crafted template string specifiers in a serialized object, which triggers a heap-based buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
dell netvault_backup 10.0.5
CVE-2015-5696 MEDIUM

Dell Netvault Backup before 10.0.5 allows remote attackers to cause a denial of service (crash) via a crafted request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
dell netvault_backup *
CVE-2015-6312 HIGH

Cisco TelePresence Server 3.1 on 7010, Mobility Services Engine (MSE) 8710, Multiparty Media 310 and 320, and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (device reload) via malformed STUN packets, aka Bug ID CSCuv01348.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
zzinc keymouse_firmware 3.08
netgear jr6150_firmware *
dell emc_powerscale_onefs 8.2.2
zyxel gs1900-10hp_firmware *
CVE-2015-6856 HIGH

Dell Pre-Boot Authentication Driver (PBADRV.sys) 1.0.1.5 allows local users to write to arbitrary physical memory locations and gain privileges via a 0x0022201c IOCTL call.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
dell pre-boot_authentication_driver 1.0.1.5
CVE-2015-7270 MEDIUM

Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows directory traversal.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
dell integrated_remote_access_controller_firmware *
CVE-2015-7271 HIGH

Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has a format string issue in racadm getsystinfo.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-134,

Products Affected

Vendor Product Version
dell integrated_remote_access_controller_firmware *
CVE-2015-7272 HIGH

Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long SSH username or input.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
dell integrated_remote_access_controller_firmware *
CVE-2015-7273 HIGH

Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has XXE.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-611,

Products Affected

Vendor Product Version
dell integrated_remote_access_controller_firmware *
CVE-2015-7274 MEDIUM

Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 allows remote attackers to execute arbitrary administrative HTTP commands.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
dell integrated_remote_access_controller_firmware *
CVE-2015-7275 MEDIUM

Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 before 2.30.30.30 has XSS.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
dell integrated_remote_access_controller_firmware *
CVE-2015-7770 MEDIUM

Dell SonicWall TotalSecure TZ 100 devices with firmware before 5.9.1.0-22o allow remote attackers to cause a denial of service via a crafted packet.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
dell sonicwall_totalsecure_tz_100_firmware *
CVE-2016-0887 LOW

EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a private-key prime by conducting a Lenstra side-channel attack that leverages an application's failure to detect an RSA signature failure during a TLS session.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
dell bsafe_ssl-c *
dell bsafe_micro-edition-suite *
dell bsafe_crypto-c-micro-edition *
dell bsafe_ssl-j *
dell bsafe_crypto-j *
CVE-2016-0889 HIGH

An HTTP servlet in vApp Manager in EMC Unisphere for VMAX Virtual Appliance before 8.2.0 allows remote attackers to write to arbitrary files via a crafted pathname.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
dell emc_unisphere *
CVE-2016-0911 HIGH

EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 has a default no_root_squash option for NFS exports, which makes it easier for remote attackers to obtain filesystem access by leveraging client root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
dell emc_data_domain_os *
CVE-2016-0912 HIGH

EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 allows remote authenticated users to bypass intended password-change restrictions by leveraging access to (1) a different account with the same role as a target account or (2) an account's session at an unattended workstation.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
dell emc_data_domain_os *
CVE-2016-0923 MEDIUM

The client in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.9 and 4.1.x before 4.1.5 places the weakest algorithms first in a signature-algorithm list transmitted to a server, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging server behavior in which the first algorithm is used.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-327,

Products Affected

Vendor Product Version
dell bsafe *
CVE-2016-1346 HIGH

The kernel in Cisco TelePresence Server 3.0 through 4.2(4.18) on Mobility Services Engine (MSE) 8710 devices allows remote attackers to cause a denial of service (panic and reboot) via a crafted sequence of IPv6 packets, aka Bug ID CSCuu46673.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
samsung x14j_firmware t-ms14jakucb-1102.5
zzinc keymouse_firmware 3.08
netgear jr6150_firmware *
dell emc_powerscale_onefs 8.2.2
zyxel gs1900-10hp_firmware *
CVE-2016-2268 MEDIUM

Dell SecureWorks app before 2.1 for iOS does not validate SSL certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
dell secureworks 2.0.6
CVE-2016-4004 MEDIUM

Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a ..\ (dot dot backslash) in the file parameter to ViewFile.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
dell openmanage_server_administrator 8.2
CVE-2016-5685 HIGH

Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-74,

Products Affected

Vendor Product Version
dell idrac7_firmware *
dell idrac8_firmware *
CVE-2016-6257 LOW

The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system by leveraging proximity to the dongle, aka a "KeyJack injection attack."

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-310,

Products Affected

Vendor Product Version
dell km632_firmware -
logitech unifying_firmware *
lenovo ultraslim_firmware -
amazonbasics firmware -
dell km714_firmware *
CVE-2016-6645 HIGH

The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote authenticated users to execute arbitrary code via crafted input to the (1) GeneralCmdRequest, (2) PersistantDataRequest, or (3) GetCommandExecRequest class.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
dell emc_unisphere 8.1
emc solutions_enabler 8.1
dell emc_unisphere 8.0
emc solutions_enabler 8.0.3
emc solutions_enabler 8.0
emc solutions_enabler 8.1.2
dell emc_unisphere 8.2
emc solutions_enabler 8.2
dell emc_unisphere 8.1.2
emc unisphere 8.0.3
CVE-2016-6646 HIGH

The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote attackers to execute arbitrary code via crafted input to the (1) GetSymmCmdRequest or (2) RemoteServiceHandler class.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
dell emc_unisphere 8.1
emc solutions_enabler 8.1
dell emc_unisphere 8.0
emc solutions_enabler 8.0.3
emc solutions_enabler 8.3
emc solutions_enabler 8.0
emc solutions_enabler 8.1.2
dell emc_unisphere 8.2
dell emc_unisphere 8.1.2
emc unisphere 8.0.3
CVE-2016-8211 MEDIUM

EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446 has a path traversal vulnerability that may potentially be exploited by malicious users to compromise the affected system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
dell emc_data_protection_advisor 6.2.1
dell emc_data_protection_advisor 6.2.3
dell emc_data_protection_advisor 6.2.2
dell emc_data_protection_advisor 6.1
dell emc_data_protection_advisor 6.2
CVE-2016-8212 MEDIUM

An issue was discovered in EMC RSA BSAFE Crypto-J versions prior to 6.2.2. There is an Improper OCSP Validation Vulnerability. OCSP responses have two time values: thisUpdate and nextUpdate. These specify a validity period; however, both values are optional. Crypto-J treats the lack of a nextUpdate as indicating that the OCSP response is valid indefinitely instead of restricting its validity for a brief period surrounding the thisUpdate time. This vulnerability is similar to the issue described in CVE-2015-4748.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-404,

Products Affected

Vendor Product Version
dell bsafe_crypto-j *
CVE-2016-8216 HIGH

EMC Data Domain OS (DD OS) 5.4 all versions, EMC Data Domain OS (DD OS) 5.5 family all versions prior to 5.5.5.0, EMC Data Domain OS (DD OS) 5.6 family all versions prior to 5.6.2.0, EMC Data Domain OS (DD OS) 5.7 family all versions prior to 5.7.2.10 has a command injection vulnerability that could potentially be exploited by malicious users to compromise the affected system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
dell emc_data_domain_os 5.4
dell emc_data_domain_os 5.5
dell emc_data_domain_os 5.6
dell emc_data_domain_os 5.7
CVE-2016-8217 MEDIUM

EMC RSA BSAFE Crypto-J versions prior to 6.2.2 has a PKCS#12 Timing Attack Vulnerability. A possible timing attack could be carried out by modifying a PKCS#12 file that has an integrity MAC for which the password is not known. An attacker could then feed the modified PKCS#12 file to the toolkit and guess the current MAC one byte at a time. This is possible because Crypto-J uses a non-constant-time method to compare the stored MAC with the calculated MAC. This vulnerability is similar to the issue described in CVE-2015-2601.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 2.2 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
dell bsafe_crypto-j *
CVE-2016-9682 HIGH

The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to two Remote Command Injection vulnerabilities in its web administrative interface. These vulnerabilities occur in the diagnostics CGI (/cgi-bin/diagnostics) component responsible for emailing out information about the state of the system. The application doesn't properly escape the information passed in the 'tsrDeleteRestartedFile' or 'currentTSREmailTo' variables before making a call to system(), allowing for remote command injection. Exploitation of this vulnerability yields shell access to the remote machine under the nobody user account.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
dell sonicwall_secure_remote_access_server 8.1.0.2-14sv
CVE-2016-9683 HIGH

The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'extensionsettings' CGI (/cgi-bin/extensionsettings) component responsible for handling some of the server's internal configurations. The CGI application doesn't properly escape the information it's passed when processing a particular multi-part form request involving scripts. The filename of the 'scriptname' variable is read in unsanitized before a call to system() is performed - allowing for remote command injection. Exploitation of this vulnerability yields shell access to the remote machine under the nobody user account. This is SonicWall Issue ID 181195.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
dell sonicwall_secure_remote_access_server 8.1.0.2-14sv
CVE-2016-9684 HIGH

The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'viewcert' CGI (/cgi-bin/viewcert) component responsible for processing SSL certificate information. The CGI application doesn't properly escape the information it's passed in the 'CERT' variable before a call to system() is performed - allowing for remote command injection. Exploitation of this vulnerability yields shell access to the remote machine under the nobody user account.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
dell sonicwall_secure_remote_access_server 8.1.0.2-14sv
CVE-2017-10949 MEDIUM

Directory Traversal in Dell Storage Manager 2016 R2.1 causes Information Disclosure when the doGet method of the EmWebsiteServlet class doesn't properly validate user provided path before using it in file operations. Was ZDI-CAN-4459.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
dell storage_manager_2016 r2.1
CVE-2017-14374 HIGH

The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 (aka 2016 R3.20) is protected using a hard-coded password. A remote user with the knowledge of the password might potentially disable the SMI-S service via HTTP requests, affecting storage management and monitoring functionality via the SMI-S interface. This issue, aka DSM-30415, only affects a Windows installation of the Data Collector (not applicable to the virtual appliance).

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
dell storage_manager *
CVE-2017-14375 HIGH

EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to 8.4.0.15, EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.15, EMC VASA Virtual Appliance versions prior to 8.4.0.512, and EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier) contain an authentication bypass vulnerability that may potentially be exploited by malicious users to compromise the affected system.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-290,

Products Affected

Vendor Product Version
dell emc_unisphere *
emc vasa *
emc solutions_enabler *
emc vmax_emanagement *
CVE-2017-14383 MEDIUM

In Dell EMC VNX2 versions prior to Operating Environment for File 8.1.9.217 and VNX1 versions prior to Operating Environment for File 7.1.80.8, a web server error page in VNX Control Station is impacted by a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary HTML code in the user's browser session in the context of the affected web application.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
dell emc_vnx2_firmware *
dell emc_vnx1_firmware *
CVE-2017-14384 MEDIUM

In Dell Storage Manager versions earlier than 16.3.20, the EMConfigMigration service is affected by a directory traversal vulnerability. A remote malicious user could potentially exploit this vulnerability to read unauthorized files by supplying specially crafted strings in input parameters of the application. A malicious user cannot delete or modify any files via this vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
dell storage_manager *
CVE-2017-14386 MEDIUM

The web user interface of Dell 2335dn and 2355dn Multifunction Laser Printers, firmware versions prior to V2.70.06.26 A13 and V2.70.45.34 A10 respectively, are affected by a cross-site scripting vulnerability. Attackers could potentially exploit this vulnerability to execute arbitrary HTML or JavaScript code in the user's browser session in the context of the affected website.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
dell 2335dn_firmware *
dell 2355dn_firmware *
CVE-2017-2802 MEDIUM

An exploitable dll hijacking vulnerability exists in the poaService.exe service component of the Dell Precision Optimizer software version 3.5.5.0. A specifically named malicious dll file located in one of directories pointed to by the PATH environment variable will lead to privilege escalation. An attacker with local access to vulnerable system can exploit this vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-426,

Products Affected

Vendor Product Version
dell precision_optimizer 3.5.5.0
CVE-2017-4981 MEDIUM

EMC RSA BSAFE Cert-C before 2.9.0.5 contains a potential improper certificate processing vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
dell bsafe_cert-c *
CVE-2017-4983 MEDIUM

EMC Data Domain OS 5.2 through 5.7 before 5.7.3.0 and 6.0 before 6.0.1.0 is affected by a privilege escalation vulnerability that may potentially be exploited by attackers to compromise the affected system.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
dell emc_data_domain_os 5.4
dell emc_data_domain_os 5.5
dell emc_data_domain_os 5.6
dell emc_data_domain_os 5.2
dell emc_data_domain_os 5.7
dell emc_data_domain_os 6.0
CVE-2017-4997 HIGH

EMC VASA Provider Virtual Appliance versions 8.3.x and prior has an unauthenticated remote code execution vulnerability that could potentially be exploited by malicious users to compromise the affected system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
dell emc_vasa_provider_virtual_appliance *
CVE-2017-8001 LOW

An issue was discovered in EMC ScaleIO 2.0.1.x. In a Linux environment, one of the support scripts saves the credentials of the ScaleIO MDM user who executed the script in clear text in temporary log files. The temporary files may potentially be read by an unprivileged user with access to the server where the script was executed to recover exposed credentials.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.5 5.9

CVSS 2.0

Severity: LOW

Problem Type: CWE-532,

Products Affected

Vendor Product Version
dell emc_scaleio 2.0.1.3
dell emc_scaleio 2.0.1.0
dell emc_scaleio 2.0.1.2
dell emc_scaleio 2.0.1.1
CVE-2017-8007 MEDIUM

In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
dell emc_m&r *
dell emc_storage_monitoring_and_reporting *
dell emc_vipr_srm *
dell emc_vnx_monitoring_and_reporting *
CVE-2017-8011 HIGH

EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R for SAS Solution Packs (EMC ViPR SRM prior to 4.1, EMC Storage M&R prior to 4.1, EMC VNX M&R all versions, EMC M&R (Watch4Net) for SAS Solution Packs all versions) contain undocumented accounts with default passwords for Webservice Gateway and RMI JMX components. A remote attacker with the knowledge of the default password may potentially use these accounts to run arbitrary web service and remote procedure calls on the affected system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
dell emc_vnx_monitoring_and_reporting -
dell emc_vipr_srm *
dell emc_storage_monitoring_and_reporting 4.0.2
dell emc_m&r -
CVE-2017-8012 MEDIUM

In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Java Management Extensions (JMX) protocol used to communicate between components in the Alerting and/or Compliance components can be leveraged to create a denial of service (DoS) condition. Attackers with knowledge of JMX agent user credentials could potentially exploit this vulnerability to create arbitrary files on the affected system and create a DoS condition by leveraging inherent JMX protocol capabilities.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H 2.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
dell emc_m&r *
dell emc_storage_monitoring_and_reporting *
dell emc_vipr_srm *
dell emc_vnx_monitoring_and_reporting *
CVE-2017-8021 HIGH

EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-1188,

Products Affected

Vendor Product Version
dell elastic_cloud_storage *
CVE-2017-8023 HIGH

EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the Networker Client execution service (nsrexecd) when oldauth authentication method is used. An unauthenticated remote attacker could send arbitrary commands via RPC service to be executed on the host system with the privileges of the nsrexecd service, which runs with administrative privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
dell emc_networker *
CVE-2018-11048 MEDIUM

Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to read certain system files in the server or cause denial of service by supplying specially crafted Document Type Definitions (DTDs) in an XML request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
dell emc_data_protection_advisor 6.4
dell emc_integrated_data_protection_appliance 2.1
dell emc_integrated_data_protection_appliance 2.0
dell emc_data_protection_advisor 6.2
dell emc_data_protection_advisor 6.3
dell emc_data_protection_advisor 6.5
CVE-2018-11050 LOW

Dell EMC NetWorker versions between 9.0 and 9.1.1.8 through 9.2.1.3, and the version 18.1.0.1 contain a Clear-Text authentication over network vulnerability in the Rabbit MQ Advanced Message Queuing Protocol (AMQP) component. User credentials are sent unencrypted to the remote AMQP service. An unauthenticated attacker in the same network collision domain, could potentially sniff the password from the network and use it to access the component using the privileges of the compromised user.

CVSS 2.0

Severity: LOW

Problem Type: CWE-319,CWE-522,

Products Affected

Vendor Product Version
dell emc_networker 18.1.0.1
dell emc_networker *
CVE-2018-11053 MEDIUM

Dell EMC iDRAC Service Module for all supported Linux and XenServer versions v3.0.1, v3.0.2, v3.1.0, v3.2.0, when started, changes the default file permission of the hosts file of the host operating system (/etc/hosts) to world writable. A malicious low privileged operating system user or process could modify the host file and potentially redirect traffic from the intended destination to sites hosting malicious or unwanted content.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,

Products Affected

Vendor Product Version
dell emc_idrac_service_module 3.0.1
dell emc_idrac_service_module 3.0.2
dell emc_idrac_service_module 3.1.0
dell emc_idrac_service_module 3.2.0
CVE-2018-11054 MEDIUM

RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
oracle core_rdbms 11.2.0.4
oracle retail_predictive_application_server 15.0.3
oracle security_service 12.1.3.0.0
oracle real_user_experience_insight 13.3.1.0
oracle core_rdbms 19c
oracle communications_ip_service_activator 7.4.0
oracle goldengate_application_adapters 12.3.2.1.0
oracle retail_predictive_application_server 16.0.3
oracle real_user_experience_insight 13.1.2.1
oracle real_user_experience_insight 13.2.3.1
oracle communications_analytics 12.1.1
oracle application_testing_suite 13.3.0.1
oracle core_rdbms 18c
oracle core_rdbms 12.2.0.1
dell bsafe 4.1.6
oracle security_service 11.1.1.9.0
oracle communications_ip_service_activator 7.3.4
oracle security_service 12.2.1.2.0
oracle enterprise_manager_ops_center 12.3.3
oracle enterprise_manager_ops_center 12.4.0
oracle jd_edwards_enterpriseone_tools 9.2
oracle timesten_in-memory_database *
oracle core_rdbms 12.1.0.2
CVE-2018-11055 LOW

RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the unauthorized data by doing heap inspection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-404,

Products Affected

Vendor Product Version
oracle core_rdbms 11.2.0.4
oracle retail_predictive_application_server 15.0.3
oracle security_service 12.1.3.0.0
oracle real_user_experience_insight 13.3.1.0
oracle core_rdbms 19c
oracle communications_ip_service_activator 7.4.0
oracle retail_predictive_application_server 16.0.3.0
oracle goldengate_application_adapters 12.3.2.1.0
oracle real_user_experience_insight 13.1.2.1
oracle real_user_experience_insight 13.2.3.1
oracle communications_analytics 12.1.1
oracle application_testing_suite 13.3.0.1
oracle core_rdbms 18c
oracle security_service 12.2.1.3.0
oracle core_rdbms 12.2.0.1
oracle security_service 11.1.1.9.0
dell bsafe *
oracle enterprise_manager_ops_center 12.3.3
oracle enterprise_manager_ops_center 12.4.0
oracle communications_ip_service_activator 7.3.0
oracle jd_edwards_enterpriseone_tools 9.2
oracle timesten_in-memory_database *
oracle core_rdbms 12.1.0.2
CVE-2018-11056 MEDIUM

RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would exhaust the stack, potentially causing a Denial Of Service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
oracle security_service 12.1.3.0.0
oracle real_user_experience_insight 13.3.1.0
oracle core_rdbms 19c
oracle communications_ip_service_activator 7.4.0
oracle goldengate_application_adapters 12.3.2.1.0
oracle application_testing_suite 13.3.0.1
oracle core_rdbms 18c
oracle security_service 12.2.1.3.0
oracle core_rdbms 12.2.0.1
oracle security_service 11.1.1.9.0
dell bsafe *
oracle enterprise_manager_ops_center 12.3.3
oracle core_rdbms 11.2.0.4
oracle retail_predictive_application_server 15.0.3
oracle retail_predictive_application_server 16.0.3.0
oracle real_user_experience_insight 13.1.2.1
oracle real_user_experience_insight 13.2.3.1
oracle communications_analytics 12.1.1
dell bsafe_crypto-c *
oracle enterprise_manager_ops_center 12.4.0
oracle communications_ip_service_activator 7.3.0
oracle jd_edwards_enterpriseone_tools 9.2
oracle timesten_in-memory_database *
oracle core_rdbms 12.1.0.2
CVE-2018-11057 MEDIUM

RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-327,

Products Affected

Vendor Product Version
oracle core_rdbms 11.2.0.4
oracle retail_predictive_application_server 15.0.3
oracle security_service 12.1.3.0.0
oracle real_user_experience_insight 13.3.1.0
oracle core_rdbms 19c
oracle communications_ip_service_activator 7.4.0
oracle retail_predictive_application_server 16.0.3.0
oracle goldengate_application_adapters 12.3.2.1.0
oracle real_user_experience_insight 13.1.2.1
oracle real_user_experience_insight 13.2.3.1
oracle communications_analytics 12.1.1
oracle application_testing_suite 13.3.0.1
oracle core_rdbms 18c
oracle security_service 12.2.1.3.0
oracle core_rdbms 12.2.0.1
oracle security_service 11.1.1.9.0
dell bsafe *
oracle enterprise_manager_ops_center 12.3.3
oracle enterprise_manager_ops_center 12.4.0
oracle communications_ip_service_activator 7.3.0
oracle jd_edwards_enterpriseone_tools 9.2
oracle timesten_in-memory_database *
oracle core_rdbms 12.1.0.2
CVE-2018-11058 HIGH

RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would result in such issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-125,

Products Affected

Vendor Product Version
oracle security_service 12.1.3.0.0
oracle real_user_experience_insight 13.3.1.0
oracle core_rdbms 19c
oracle communications_ip_service_activator 7.4.0
oracle goldengate_application_adapters 12.3.2.1.0
oracle application_testing_suite 13.3.0.1
oracle core_rdbms 18c
oracle security_service 12.2.1.3.0
oracle core_rdbms 12.2.0.1
oracle security_service 11.1.1.9.0
dell bsafe *
oracle enterprise_manager_ops_center 12.3.3
oracle core_rdbms 11.2.0.4
oracle retail_predictive_application_server 15.0.3
oracle retail_predictive_application_server 16.0.3.0
oracle real_user_experience_insight 13.1.2.1
oracle real_user_experience_insight 13.2.3.1
oracle communications_analytics 12.1.1
dell bsafe_crypto-c *
oracle enterprise_manager_ops_center 12.4.0
oracle communications_ip_service_activator 7.3.0
oracle jd_edwards_enterpriseone_tools 9.2
oracle timesten_in-memory_database *
oracle core_rdbms 12.1.0.2
CVE-2018-11062 HIGH

Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named 'support' and 'admin' that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default passwords may potentially log in to the system and gain read and write access to certain system files.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
dell emc_integrated_data_protection_appliance *
CVE-2018-11063 MEDIUM

Dell WMS versions 1.1 and prior are impacted by multiple unquoted service path vulnerabilities. Affected software installs multiple services incorrectly by specifying the paths to the service executables without quotes. This could potentially allow a low-privileged local user to execute arbitrary executables with elevated privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-428,

Products Affected

Vendor Product Version
dell wyse_management_suite *
CVE-2018-11064 MEDIUM

Dell EMC Unity OE versions 4.3.0.x and 4.3.1.x and UnityVSA OE versions 4.3.0.x and 4.3.1.x contains an Incorrect File Permissions vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability to alter multiple library files in service tools that might result in arbitrary code execution with elevated privileges. No user file systems are directly affected by this vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,

Products Affected

Vendor Product Version
dell emc_unityvsa_operating_environment *
dell emc_unity_operating_environment *
CVE-2018-11066 HIGH

Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
dell emc_avamar 7.3.1
dell emc_integrated_data_protection_appliance 2.0
dell emc_avamar 7.5.0
dell emc_avamar 7.2.0
dell emc_avamar 7.2.1
vmware vsphere_data_protection 6.0.8
vmware vsphere_data_protection 6.0.4
vmware vsphere_data_protection 6.1.4
vmware vsphere_data_protection 6.0.2
vmware vsphere_data_protection 6.0.5
dell emc_avamar 7.5.1
vmware vsphere_data_protection 6.1.5
vmware vsphere_data_protection 6.1.3
dell emc_integrated_data_protection_appliance 2.2
vmware vsphere_data_protection 6.0.3
dell emc_avamar 7.4.1
vmware vsphere_data_protection 6.0.0
vmware vsphere_data_protection 6.0.1
dell emc_avamar 18.1
vmware vsphere_data_protection 6.1.1
vmware vsphere_data_protection 6.0.6
dell emc_avamar 7.4.0
dell emc_integrated_data_protection_appliance 2.1
dell emc_avamar 7.3.0
vmware vsphere_data_protection 6.0.7
vmware vsphere_data_protection 6.1.6
vmware vsphere_data_protection 6.1.8
vmware vsphere_data_protection 6.1.2
vmware vsphere_data_protection 6.1.0
vmware vsphere_data_protection 6.1.9
vmware vsphere_data_protection 6.1.7
CVE-2018-11067 MEDIUM

Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,

Products Affected

Vendor Product Version
dell emc_avamar 7.3.1
dell emc_integrated_data_protection_appliance 2.0
dell emc_avamar 7.5.0
dell emc_avamar 7.2.0
dell emc_avamar 7.2.1
vmware vsphere_data_protection 6.0.8
vmware vsphere_data_protection 6.0.4
vmware vsphere_data_protection 6.1.4
vmware vsphere_data_protection 6.0.2
vmware vsphere_data_protection 6.0.5
dell emc_avamar 7.5.1
vmware vsphere_data_protection 6.1.5
vmware vsphere_data_protection 6.1.3
dell emc_integrated_data_protection_appliance 2.2
vmware vsphere_data_protection 6.0.3
dell emc_avamar 7.4.1
vmware vsphere_data_protection 6.0.0
vmware vsphere_data_protection 6.0.1
dell emc_avamar 18.1
vmware vsphere_data_protection 6.1.1
vmware vsphere_data_protection 6.0.6
dell emc_avamar 7.4.0
dell emc_integrated_data_protection_appliance 2.1
dell emc_avamar 7.3.0
vmware vsphere_data_protection 6.0.7
vmware vsphere_data_protection 6.1.6
vmware vsphere_data_protection 6.1.8
vmware vsphere_data_protection 6.1.2
vmware vsphere_data_protection 6.1.0
vmware vsphere_data_protection 6.1.9
vmware vsphere_data_protection 6.1.7
CVE-2018-11068 LOW

RSA BSAFE SSL-J versions prior to 6.2.4 contain a Heap Inspection vulnerability that could allow an attacker with physical access to the system to recover sensitive key material.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.6 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 0.9 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-459,

Products Affected

Vendor Product Version
dell bsafe_ssl-j *
CVE-2018-11069 MEDIUM

RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-327,

Products Affected

Vendor Product Version
dell bsafe_ssl-j *
CVE-2018-11070 MEDIUM

RSA BSAFE Crypto-J versions prior to 6.2.4 and RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during PKCS #1 unpadding operations, also known as a Bleichenbacher attack. A remote attacker may be able to recover a RSA key.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-327,

Products Affected

Vendor Product Version
dell rsa_bsafe_ssl-j *
dell bsafe_crypto-j *
CVE-2018-11072 HIGH

Dell Digital Delivery versions prior to 3.5.1 contain a DLL Injection Vulnerability. A local authenticated malicious user with advance knowledge of the application workflow could potentially load and execute a malicious DLL with administrator privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-427,

Products Affected

Vendor Product Version
dell digital_delivery *
CVE-2018-11076 LOW

Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
dell emc_avamar 7.3.1
dell emc_integrated_data_protection_appliance 2.0
dell emc_avamar 7.2.0
dell emc_avamar 7.2.1
vmware vsphere_data_protection 6.0.8
vmware vsphere_data_protection 6.0.4
vmware vsphere_data_protection 6.1.4
vmware vsphere_data_protection 6.0.2
vmware vsphere_data_protection 6.0.5
vmware vsphere_data_protection 6.1.5
vmware vsphere_data_protection 6.1.3
vmware vsphere_data_protection 6.0.3
dell emc_avamar 7.4.1
vmware vsphere_data_protection 6.0.0
vmware vsphere_data_protection 6.0.1
vmware vsphere_data_protection 6.1.1
vmware vsphere_data_protection 6.0.6
dell emc_avamar 7.4.0
dell emc_avamar 7.3.0
vmware vsphere_data_protection 6.0.7
vmware vsphere_data_protection 6.1.6
vmware vsphere_data_protection 6.1.8
vmware vsphere_data_protection 6.1.2
vmware vsphere_data_protection 6.1.0
vmware vsphere_data_protection 6.1.9
vmware vsphere_data_protection 6.1.7
CVE-2018-11077 HIGH

'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
dell emc_avamar 7.3.1
dell emc_integrated_data_protection_appliance 2.0
dell emc_avamar 7.5.0
dell emc_avamar 7.2.0
dell emc_avamar 7.2.1
vmware vsphere_data_protection 6.0.8
vmware vsphere_data_protection 6.0.4
vmware vsphere_data_protection 6.1.4
vmware vsphere_data_protection 6.0.2
vmware vsphere_data_protection 6.0.5
dell emc_avamar 7.5.1
vmware vsphere_data_protection 6.1.5
vmware vsphere_data_protection 6.1.3
dell emc_integrated_data_protection_appliance 2.2
vmware vsphere_data_protection 6.0.3
dell emc_avamar 7.4.1
vmware vsphere_data_protection 6.0.0
vmware vsphere_data_protection 6.0.1
dell emc_avamar 18.1
vmware vsphere_data_protection 6.1.1
vmware vsphere_data_protection 6.0.6
dell emc_avamar 7.4.0
dell emc_integrated_data_protection_appliance 2.1
dell emc_avamar 7.3.0
vmware vsphere_data_protection 6.0.7
vmware vsphere_data_protection 6.1.6
vmware vsphere_data_protection 6.1.8
vmware vsphere_data_protection 6.1.2
vmware vsphere_data_protection 6.1.0
vmware vsphere_data_protection 6.1.9
vmware vsphere_data_protection 6.1.7
CVE-2018-11078 MEDIUM

Dell EMC VPlex GeoSynchrony, versions prior to 6.1, contains an Insecure File Permissions vulnerability. A remote authenticated malicious user could read from VPN configuration files on and potentially author a MITM attack on the VPN traffic.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,

Products Affected

Vendor Product Version
dell emc_vplex_geosynchrony *
CVE-2018-1183 HIGH

In Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.8, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.8, Dell EMC VASA Provider Virtual Appliance versions prior to 8.4.0.512, Dell EMC SMIS versions prior to 8.4.0.6, Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4.0.347, Dell EMC VNX2 Operating Environment (OE) for File versions prior to 8.1.9.231, Dell EMC VNX2 Operating Environment (OE) for Block versions prior to 05.33.009.5.231, Dell EMC VNX1 Operating Environment (OE) for File versions prior to 7.1.82.0, Dell EMC VNX1 Operating Environment (OE) for Block versions prior to 05.32.000.5.225, Dell EMC VNXe3200 Operating Environment (OE) all versions, Dell EMC VNXe1600 Operating Environment (OE) versions prior to 3.1.9.9570228, Dell EMC VNXe 3100/3150/3300 Operating Environment (OE) all versions, Dell EMC ViPR SRM versions 3.7, 3.7.1, 3.7.2 (only if using Dell EMC Host Interface for Windows), Dell EMC ViPR SRM versions 4.0, 4.0.1, 4.0.2, 4.0.3 (only if using Dell EMC Host Interface for Windows), Dell EMC XtremIO versions 4.x, Dell EMC VMAX eNAS version 8.x, Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968, ECOM is affected by a XXE injection vulnerability due to the configuration of the XML parser shipped with the product. XXE Injection attack may occur when XML input containing a reference to an external entity (defined by the attacker) is processed by an affected XML parser. XXE Injection may allow attackers to gain unauthorized access to files containing sensitive information or may be used to cause denial-of-service.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-611,

Products Affected

Vendor Product Version
dell emc_vmax_enas 8.0.1
dell emc_vnxe_3100_operating_environment -
dell emc_vasa_provider_virtual_appliance *
dell emc_vnxe1600_operating_environment *
dell emc_vnx1_operating_environment 7.1.82.0
dell emc_vnxe3200_operating_environment -
dell emc_unity_operating_environment *
dell emc_vnxe_3150_operating_environment -
dell emc_vipr_srm 3.7.2
dell emc_vipr_srm 4.0.3
dell emc_vipr_srm 3.7.1
dell emc_solutions_enabler_virtual_appliance *
dell emc_unisphere *
dell emc_vipr_srm 4.0
dell emc_vnxe_3300__operating_environment -
dell emc_vipr_srm 3.7
dell emc_vnx1_operating_environment 05.32.000.5.225
dell emc_smis *
dell emc_vipr_srm -
dell emc_vmax_embedded_management *
dell emc_xtremio 4.0.2
dell emc_vipr_srm 4.0.1
dell emc_vipr_srm 4.0.2
dell emc_xtremio 4.0
dell emc_vmax_enas 8.0
dell emc_vnx2_operating_environment *
CVE-2018-1184 HIGH

An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Boxmgmt CLI may allow a malicious user with boxmgmt privileges to bypass Boxmgmt CLI and run arbitrary commands with root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
dell emc_recoverpoint 5.1.0.0
dell emc_recoverpoint *
dell emc_recoverpoint_for_virtual_machines *
CVE-2018-1185 HIGH

An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Admin CLI may allow a malicious user with admin privileges to escape from the restricted shell to an interactive shell and run arbitrary commands with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
dell emc_recoverpoint 5.1.0.0
dell emc_recoverpoint *
dell emc_recoverpoint_for_virtual_machines *
CVE-2018-1186 LOW

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Cluster description of the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
dell emc_isilon 7.1.1.11
dell emc_isilon *
CVE-2018-1187 LOW

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6 is affected by a cross-site scripting vulnerability in the Network Configuration page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
dell emc_isilon *
CVE-2018-1188 LOW

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and versions 7.2.1.x is affected by a cross-site scripting vulnerability in the Authorization Providers page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
dell emc_isilon *
CVE-2018-1189 LOW

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Antivirus Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
dell emc_isilon 7.1.1.11
dell emc_isilon *
CVE-2018-1201 LOW

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Job Operations Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
dell emc_isilon 7.1.1.11
dell emc_isilon *
CVE-2018-1202 LOW

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the NDMP Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
dell emc_isilon 7.1.1.11
dell emc_isilon *
CVE-2018-1203 HIGH

In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary with root privileges. In versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, the tcpdump binary, being run with sudo, may potentially be used by compadmin to execute arbitrary code with root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-732,

Products Affected

Vendor Product Version
dell emc_isilon_onefs *
CVE-2018-1204 HIGH

Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a path traversal vulnerability in the isi_phone_home tool. A malicious compadmin may potentially exploit this vulnerability to execute arbitrary code with root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
dell emc_isilon_onefs 7.1.1.11
dell emc_isilon_onefs *
CVE-2018-1205 MEDIUM

Dell EMC ScaleIO, versions prior to 2.5, do not properly handle some packet data in the MDM service. As a result, a remote attacker could potentially send specifically crafted packet data to the MDM service causing it to crash.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
dell emc_scaleio *
CVE-2018-1207 HIGH

Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI variables to execute remote code.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
dell emc_idrac8 *
dell emc_idrac7 *
CVE-2018-1211 MEDIUM

Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path traversal vulnerability in its Web server's URI parser which could be used to obtain specific sensitive data without authentication. A remote unauthenticated attacker may be able to read configuration settings from the iDRAC by querying specific URI strings.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
dell emc_idrac8 *
dell emc_idrac7 *
CVE-2018-1212 HIGH

The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular all versions) contains a command injection vulnerability. A remote authenticated malicious iDRAC user with access to the diagnostics console could potentially exploit this vulnerability to execute arbitrary commands as root on the affected iDRAC system.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
dell idrac6_monolithic *
dell idrac6_modular *
CVE-2018-1213 MEDIUM

Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 and 8.1.0.2 is affected by a cross-site request forgery vulnerability. A malicious user may potentially exploit this vulnerability to send unauthorized requests to the server on behalf of authenticated users of the application.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
dell emc_isilon_onefs 8.1.0.2
dell emc_isilon_onefs 7.1.1.11
dell emc_isilon_onefs *
CVE-2018-1214 MEDIUM

Dell EMC SupportAssist Enterprise version 1.1 creates a local Windows user account named "OMEAdapterUser" with a default password as part of the installation process. This unnecessary user account also remains even after an upgrade from v1.1 to v1.2. Access to the management console can be achieved by someone with knowledge of the default password. If SupportAssist Enterprise is installed on a server running OpenManage Essentials (OME), the OmeAdapterUser user account is added as a member of the OmeAdministrators group for the OME. An unauthorized person with knowledge of the default password and access to the OME web console could potentially use this account to gain access to the affected installation of OME with OmeAdministrators privileges. This is fixed in version 1.2.1.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,

Products Affected

Vendor Product Version
dell emc_supportassist_enterprise 1.1
CVE-2018-1215 HIGH

An arbitrary file upload vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management (eManagement): Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.18, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.21, Dell EMC VASA Virtual Appliance versions prior to 8.4.0.514, and Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier). A remote authenticated malicious user may potentially upload arbitrary maliciously crafted files in any location on the web server. By chaining this vulnerability with CVE-2018-1216, the attacker may use the default account to exploit this vulnerability.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-434,

Products Affected

Vendor Product Version
dell emc_unisphere_for_vmax_virtual_appliance *
dell emc_solutions_enabler_virtual_appliance *
dell emc_vmax_embedded_management *
dell emc_vasa_virtual_appliance *
CVE-2018-1216 HIGH

A hard-coded password vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management (eManagement): Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.18, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.21, Dell EMC VASA Virtual Appliance versions prior to 8.4.0.514, and Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier). They contain an undocumented default account (smc) with a hard-coded password that may be used with certain web servlets. A remote attacker with the knowledge of the hard-coded password and the message format may use vulnerable servlets to gain unauthorized access to the system. Note: This account cannot be used to log in via the web user interface.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
dell emc_unisphere_for_vmax_virtual_appliance *
dell emc_solutions_enabler_virtual_appliance *
dell emc_vmax_embedded_management *
dell emc_vasa_virtual_appliance *
CVE-2018-1217 MEDIUM

Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Protection Appliance 2.0 and 2.1, is affected by a missing access control check vulnerability which could potentially allow a remote unauthenticated attacker to read or change the Local Download Service (LDLS) credentials. The LDLS credentials are used to connect to Dell EMC Online Support. If the LDLS configuration was changed to an invalid configuration, then Avamar Installation Manager may not be able to connect to Dell EMC Online Support web site successfully. The remote unauthenticated attacker can also read and use the credentials to login to Dell EMC Online Support, impersonating the AVI service actions using those credentials.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-862,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
dell emc_avamar 7.4.1
dell emc_integrated_data_protection_appliance 2.1
dell emc_avamar 7.3.1
dell emc_integrated_data_protection_appliance 2.0
dell emc_avamar 7.5.0
CVE-2018-1218 MEDIUM

In Dell EMC NetWorker versions prior to 9.2.1.1, versions prior to 9.1.1.6, 9.0.x, and versions prior to 8.2.4.11, the 'nsrd' daemon causes a buffer overflow condition when handling certain messages. A remote unauthenticated attacker could potentially exploit this vulnerability to cause a denial of service to the users of NetWorker systems.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
dell emc_networker *
CVE-2018-1237 MEDIUM

Dell EMC ScaleIO versions prior to 2.5, contain improper restriction of excessive authentication attempts on the Light installation Agent (LIA). This component is deployed on every server in the ScaleIO cluster and is used for central management of ScaleIO nodes. A remote malicious user, having network access to LIA, could potentially exploit this vulnerability to launch brute force guessing of user names and passwords of user accounts on the LIA.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
dell emc_scaleio *
CVE-2018-1238 HIGH

Dell EMC ScaleIO versions prior to 2.5, contain a command injection vulnerability in the Light Installation Agent (LIA). This component is used for central management of ScaleIO deployment and uses shell commands for certain actions. A remote malicious user, with network access to LIA and knowledge of the LIA administrative password, could potentially exploit this vulnerability to run arbitrary commands as root on the systems where LIAs are installed.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
dell emc_scaleio *
CVE-2018-1239 HIGH

Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968 are affected by multiple OS command injection vulnerabilities. A remote application admin user could potentially exploit the vulnerabilities to execute arbitrary OS commands as system root on the system where Dell EMC Unity is installed.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
dell emc_unityvsa_operating_environment *
dell emc_unity_operating_environment *
CVE-2018-1243 MEDIUM

Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. The sessions invoked via CGI binaries use 96-bit numeric-only session ID values, which makes it easier for remote attackers to perform bruteforce session guessing attacks.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-358,

Products Affected

Vendor Product Version
dell idrac9_firmware *
dell idrac7_firmware *
dell idrac6_firmware *
dell idrac8_firmware *
CVE-2018-1244 MEDIUM

Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contain a command injection vulnerability in the SNMP agent. A remote authenticated malicious iDRAC user with configuration privileges could potentially exploit this vulnerability to execute arbitrary commands on the iDRAC where SNMP alerting is enabled.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
dell idrac9_firmware *
dell idrac7_firmware *
dell idrac8_firmware *
CVE-2018-1246 MEDIUM

Dell EMC Unity and UnityVSA contains reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or Java Script code to Unisphere, which is then reflected back to the victim and executed by the web browser.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
dell emc_unityvsa_operating_environment *
dell emc_unity_operating_environment *
CVE-2018-1249 MEDIUM

Dell EMC iDRAC9 versions prior to 3.21.21.21 did not enforce the use of TLS/SSL for a connection to iDRAC web server for certain URLs. A man-in-the-middle attacker could use this vulnerability to strip the SSL/TLS protection from a connection between a client and a server.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
dell idrac9_firmware *
CVE-2018-1250 MEDIUM

Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains an Authorization Bypass vulnerability. A remote authenticated user could potentially exploit this vulnerability to read files in NAS server by directly interacting with certain APIs of Unity OE, bypassing Role-Based Authorization control implemented only in Unisphere GUI.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,

Products Affected

Vendor Product Version
dell emc_unity_firmware *
dell emc_unityvsa *
CVE-2018-1251 MEDIUM

Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains a URL Redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect Unity users to arbitrary web URLs by tricking the victim user to click on a maliciously crafted Unisphere URL. Attacker could potentially phish information, including Unisphere users' credentials, from the victim once they are redirected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,

Products Affected

Vendor Product Version
dell emc_unity_firmware *
dell emc_unityvsa *
CVE-2018-15748 MEDIUM

On Dell 2335dn printers with Printer Firmware Version 2.70.05.02, Engine Firmware Version 1.10.65, and Network Firmware Version V4.02.15(2335dn MFP) 11-22-2010, the admin interface allows an authenticated attacker to retrieve the configured SMTP or LDAP password by viewing the HTML source code of the Email Settings webpage. In some cases, authentication can be achieved with the blank default password for the admin account. NOTE: the vendor indicates that this is an "End Of Support Life" product.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-521,

Products Affected

Vendor Product Version
dell 2335dn_network_firmware v4.02.15(2335dn_mfp)_11-22-2010
dell 2335dn_printer_firmware 2.70.05.02
dell 2335dn_engine_firmware 1.10.65
CVE-2018-15765 LOW

Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains an Information Exposure vulnerability. The log file contents store sensitive data including executed commands to generate authentication tokens which may prove useful to an attacker for crafting malicious authentication tokens for querying the application and subsequent attacks.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
dell emc_secure_remote_services *
CVE-2018-15766 MEDIUM

On install, Dell Encryption versions prior 10.0.1 and Dell Endpoint Security Suite Enterprise versions prior 2.0.1 will overwrite and manually set the "Minimum Password Length" group policy object to a value of 1 on that device. This allows for users to bypass any existing policy for password length and potentially create insecure password on their device. This value is defined during the installation of the "Encryption Management Agent" or "EMAgent" application. There are no other known values modified.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-521,

Products Affected

Vendor Product Version
dell endpoint_security_suite_enterprise *
dell encryption *
CVE-2018-15767 HIGH

The Dell OpenManage Network Manager virtual appliance versions prior to 6.5.3 contain an improper authorization vulnerability caused by a misconfiguration in the /etc/sudoers file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-863,

Products Affected

Vendor Product Version
dell openmanage_network_manager *
CVE-2018-15768 MEDIUM

Dell OpenManage Network Manager versions prior to 6.5.0 enabled read/write access to the file system for MySQL users due to insecure default configuration setting for the embedded MySQL database.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,

Products Affected

Vendor Product Version
dell openmanage_network_manager *
CVE-2018-15769 MEDIUM

RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle core_rdbms 11.2.0.4
oracle retail_predictive_application_server 15.0.3
oracle security_service 12.1.3.0.0
oracle real_user_experience_insight 13.3.1.0
oracle core_rdbms 19c
oracle communications_ip_service_activator 7.4.0
oracle retail_predictive_application_server 16.0.3.0
oracle goldengate_application_adapters 12.3.2.1.0
oracle real_user_experience_insight 13.1.2.1
oracle real_user_experience_insight 13.2.3.1
oracle communications_analytics 12.1.1
oracle application_testing_suite 13.3.0.1
oracle core_rdbms 18c
oracle security_service 12.2.1.3.0
oracle core_rdbms 12.2.0.1
oracle security_service 11.1.1.9.0
dell bsafe *
oracle enterprise_manager_ops_center 12.3.3
oracle enterprise_manager_ops_center 12.4.0
oracle communications_ip_service_activator 7.3.0
oracle jd_edwards_enterpriseone_tools 9.2
oracle timesten_in-memory_database *
oracle core_rdbms 12.1.0.2
CVE-2018-15772 LOW

Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an uncontrolled resource consumption vulnerability. A malicious boxmgmt user may potentially be able to consume large amount of CPU bandwidth to make the system slow or to determine the existence of any system file via Boxmgmt CLI.

CVSS 2.0

Severity: LOW

Problem Type: CWE-400,

Products Affected

Vendor Product Version
dell emc_recoverpoint *
dell emc_recoverpoint_for_virtual_machines *
CVE-2018-15773 MEDIUM

Dell Encryption (formerly Dell Data Protection | Encryption) v10.1.0 and earlier contain an information disclosure vulnerability. A malicious user with physical access to the machine could potentially exploit this vulnerability to access the unencrypted RegBack folder that contains back-ups of sensitive system files.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
dell data_protection_|_encryption *
CVE-2018-15774 MEDIUM

Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could potentially exploit a permissions check flaw in the Redfish interface to gain administrator access.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,

Products Affected

Vendor Product Version
dell idrac9_firmware *
dell idrac7_firmware *
dell idrac8_firmware *
CVE-2018-15776 MEDIUM

Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an improper error handling vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to get access to the u-boot shell.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
dell idrac7_firmware *
dell idrac8_firmware *
CVE-2018-15778 HIGH

Dell OS10 versions prior to 10.4.2.1 contain a vulnerability caused by lack of proper input validation on the command-line interface (CLI).

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
dell networking_os10 *
CVE-2018-15781 HIGH

The Dell Wyse Password Encoder in ThinLinux2 versions prior to 2.1.0.01 contain a Hard-coded Cryptographic Key vulnerability. An unauthenticated remote attacker could reverse engineer the cryptographic system used in the Dell Wyse Password Encoder to discover the hard coded private key and decrypt locally stored cipher text.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
dell wyse_thinlinux *
CVE-2018-15784 MEDIUM

Dell Networking OS10 versions prior to 10.4.3.0 contain a vulnerability in the Phone Home feature which does not properly validate the server's certificate authority during TLS handshake. Use of an invalid or malicious certificate could potentially allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
dell networking_os10 *
CVE-2019-12280 MEDIUM

PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,

Products Affected

Vendor Product Version
dell supportassist_for_business_pcs 2.0.1
pc-doctor toolbox *
dell supportassist_for_home_pcs 3.2.2
CVE-2019-18571 LOW

The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a reflected cross-site scripting vulnerability in the My Access Live module [MAL]. An authenticated malicious local user could potentially exploit this vulnerability by sending crafted URL with scripts. When victim users access the module through their browsers, the malicious code gets injected and executed by the web browser in the context of the vulnerable web application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
dell rsa_identity_governance_and_lifecycle 7.1.0
dell rsa_identity_governance_and_lifecycle 7.0.1
dell rsa_identity_governance_and_lifecycle 7.0.2
dell rsa_identity_governance_and_lifecycle 7.0
dell rsa_identity_governance_and_lifecycle 7.1.1
CVE-2019-18572 HIGH

The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain an Improper Authentication vulnerability. A Java JMX agent running on the remote host is configured with plain text password authentication. An unauthenticated remote attacker can connect to the JMX agent and monitor and manage the Java application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,CWE-522,

Products Affected

Vendor Product Version
dell rsa_identity_governance_and_lifecycle 7.1.0
dell rsa_identity_governance_and_lifecycle 7.0.1
dell rsa_identity_governance_and_lifecycle 7.0.2
dell rsa_identity_governance_and_lifecycle 7.0
dell rsa_identity_governance_and_lifecycle 7.1.1
CVE-2019-18573 MEDIUM

The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a Session Fixation vulnerability. An authenticated malicious local user could potentially exploit this vulnerability as the session token is exposed as part of the URL. A remote attacker can gain access to victim’s session and perform arbitrary actions with privileges of the user within the compromised session.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-598,CWE-384,

Products Affected

Vendor Product Version
dell rsa_identity_governance_and_lifecycle 7.1.0
dell rsa_identity_governance_and_lifecycle 7.0.1
dell rsa_identity_governance_and_lifecycle 7.0.2
dell rsa_identity_governance_and_lifecycle 7.0
dell rsa_identity_governance_and_lifecycle 7.1.1
CVE-2019-18575 MEDIUM

Dell Command Configure versions prior to 4.2.1 contain an uncontrolled search path vulnerability. A locally authenticated malicious user could exploit this vulnerability by creating a symlink to a target file, allowing the attacker to overwrite or corrupt a specified file on the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,CWE-59,CWE-427,

Products Affected

Vendor Product Version
dell command|configure *
CVE-2019-18576 LOW

Dell EMC XtremIO XMS versions prior to 6.3.0 contain an information disclosure vulnerability where OS users’ passwords are logged in local files. Malicious local users with access to the log files may use the exposed passwords to gain access to XtremIO with the privileges of the compromised user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: LOW

Problem Type: CWE-532,CWE-532,

Products Affected

Vendor Product Version
dell xtremio_management_server *
CVE-2019-18577 HIGH

Dell EMC XtremIO XMS versions prior to 6.3.0 contain an incorrect permission assignment vulnerability. A malicious local user with XtremIO xinstall privileges may exploit this vulnerability to gain root access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-732,CWE-732,

Products Affected

Vendor Product Version
dell xtremio_management_server *
CVE-2019-18578 MEDIUM

Dell EMC XtremIO XMS versions prior to 6.3.0 contain a stored cross-site scripting vulnerability. A low-privileged malicious remote user of XtremIO may exploit this vulnerability to store malicious HTML or JavaScript code in application fields. When victim users access the injected page through their browsers, the malicious code may be executed by the web browser in the context of the vulnerable web application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H 2.3 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
dell xtremio_management_server *
CVE-2019-18579 HIGH

Settings for the Dell XPS 13 2-in-1 (7390) BIOS versions prior to 1.1.3 contain a configuration vulnerability. The BIOS configuration for the "Enable Thunderbolt (and PCIe behind TBT) pre-boot modules" setting is enabled by default. A local unauthenticated attacker with physical access to a user's system can obtain read or write access to main memory via a DMA attack during platform boot.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-16,NVD-CWE-Other,

Products Affected

Vendor Product Version
dell xps_7390_firmware *
CVE-2019-18580 HIGH

Dell EMC Storage Monitoring and Reporting version 4.3.1 contains a Java RMI Deserialization of Untrusted Data vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by sending a crafted RMI request to execute arbitrary code on the target host.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
dell emc_storage_monitoring_and_reporting 4.3.1
CVE-2019-18581 HIGH

Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server missing authorization vulnerability in the REST API. A remote authenticated malicious user with administrative privileges may potentially exploit this vulnerability to alter the application’s allowable list of OS commands. This may lead to arbitrary OS command execution as the regular user runs the DPA service on the affected system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-862,CWE-862,

Products Affected

Vendor Product Version
dell emc_data_protection_advisor 6.4
dell emc_integrated_data_protection_appliance_firmware 2.2
dell emc_data_protection_advisor 19.1
dell emc_integrated_data_protection_appliance_firmware 2.4
dell emc_integrated_data_protection_appliance_firmware 2.0
dell emc_data_protection_advisor 18.2
dell emc_integrated_data_protection_appliance_firmware 2.1
dell emc_data_protection_advisor 18.1
dell emc_integrated_data_protection_appliance_firmware 2.3
dell emc_data_protection_advisor 6.3
dell emc_data_protection_advisor 6.5
CVE-2019-18582 HIGH

Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server-side template injection vulnerability in the REST API. A remote authenticated malicious user with administrative privileges may potentially exploit this vulnerability to inject malicious report generation scripts in the server. This may lead to OS command execution as the regular user runs the DPA service on the affected system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,CWE-94,

Products Affected

Vendor Product Version
dell emc_data_protection_advisor 6.4
dell emc_integrated_data_protection_appliance_firmware 2.2
dell emc_data_protection_advisor 19.1
dell emc_integrated_data_protection_appliance_firmware 2.4
dell emc_integrated_data_protection_appliance_firmware 2.0
dell emc_data_protection_advisor 18.2
dell emc_integrated_data_protection_appliance_firmware 2.1
dell emc_data_protection_advisor 18.1
dell emc_integrated_data_protection_appliance_firmware 2.3
dell emc_data_protection_advisor 6.3
dell emc_data_protection_advisor 6.5
CVE-2019-18588 LOW

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scripting (XSS) vulnerability. An authenticated malicious user may potentially exploit this vulnerability to inject javascript code and affect other authenticated users' sessions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
dell emc_unisphere_for_powermax *
dell emc_powermax 5978.221.221
dell emc_powermax 5978.479.479
CVE-2019-19620 LOW

In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user can bypass the generation of telemetry alerts by removing NT AUTHORITY\SYSTEM permissions from a file. This is limited in scope to the collection of process-execution telemetry, for executions against specific files where the SYSTEM user was denied access to the source file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 1.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-281,

Products Affected

Vendor Product Version
dell red_cloak_windows_agent *
CVE-2019-3704 HIGH

VNX Control Station in Dell EMC VNX2 OE for File versions prior to 8.1.9.236 contains OS command injection vulnerability. Due to inadequate restriction configured in sudores, a local authenticated malicious user could potentially execute arbitrary OS commands as root by exploiting this vulnerability.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
dell emc_vnx2_firmware *
CVE-2019-3705 HIGH

Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the webserver or execute arbitrary code on the system with privileges of the webserver by sending specially crafted input data to the affected system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,CWE-787,

Products Affected

Vendor Product Version
dell idrac9_firmware *
dell idrac7_firmware *
dell idrac6_firmware *
dell idrac8_firmware *
CVE-2019-3706 HIGH

Dell EMC iDRAC9 versions prior to 3.24.24.24, 3.21.26.22, 3.22.22.22 and 3.21.25.22 contain an authentication bypass vulnerability. A remote attacker may potentially exploit this vulnerability to bypass authentication and gain access to the system by sending specially crafted data to the iDRAC web interface.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
dell idrac9_firmware 3.21.24.22
dell idrac9_firmware 3.23.23.23
dell idrac9_firmware 3.20.21.20
CVE-2019-3707 HIGH

Dell EMC iDRAC9 versions prior to 3.30.30.30 contain an authentication bypass vulnerability. A remote attacker may potentially exploit this vulnerability to bypass authentication and gain access to the system by sending specially crafted input data to the WS-MAN interface.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
dell idrac9_firmware *
CVE-2019-3708 HIGH

IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while uploading an OVA file. A remote attacker can trick an admin user to potentially exploit this vulnerability to execute malicious HTML or JavaScript code in the context of the admin user.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-79,

Products Affected

Vendor Product Version
dell emc_isilonsd_management_server 1.1.0
CVE-2019-3709 HIGH

IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while registering vCenter servers. A remote attacker can trick an admin user to potentially exploit this vulnerability to execute malicious HTML or JavaScript code in the context of the admin user.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-79,

Products Affected

Vendor Product Version
dell emc_isilonsd_management_server 1.1.0
CVE-2019-3710 MEDIUM

Dell EMC Networking OS10 versions prior to 10.4.3 contain a cryptographic key vulnerability due to an underlying application using undocumented, pre-installed X.509v3 key/certificate pairs. An unauthenticated remote attacker with the knowledge of the default keys may potentially be able to intercept communications or operate the system with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,

Products Affected

Vendor Product Version
dell emc_networking_os10 *
CVE-2019-3712 HIGH

Dell WES Wyse Device Agent versions prior to 14.1.2.9 and Dell Wyse ThinLinux HAgent versions prior to 5.4.55 00.10 contain a buffer overflow vulnerability. An unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code on the system with privileges of the FTP client by sending specially crafted input data to the affected system. The FTP code that contained the vulnerability has been removed.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
dell windows_embedded_standard_wyse_device_agent *
dell wyse_thinlinux_hagent *
CVE-2019-3717 HIGH

Select Dell Client Commercial and Consumer platforms contain an Improper Access Vulnerability. An unauthenticated attacker with physical access to the system could potentially bypass intended Secure Boot restrictions to run unsigned and untrusted code on expansion cards installed in the system during platform boot. Refer to https://www.dell.com/support/article/us/en/04/sln317683/dsa-2019-043-dell-client-improper-access-control-vulnerability?lang=en for versions affected by this vulnerability.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
dell latitude_5289_firmware *
dell latitude_7370_firmware *
dell inspiron_5459_firmware *
dell latitude_5280_firmware *
dell latitude_5550_firmware *
dell latitude_e7470_firmware *
dell inspiron_5568_firmware *
dell latitude_7390_2-in-1_firmware *
dell chengming_3967_firmware *
dell latitude_7490_firmware *
dell optiplex_7040_firmware *
dell precision_3520_firmware *
dell inspiron_7386_firmware *
dell latitude_3480_firmware *
dell latitude_3580_firmware *
dell chengming_3977_firmware *
dell inspiron_7380_firmware *
dell vostro_5481_firmware *
dell latitude_5285_firmware *
dell latitude_3390_firmware *
dell inspiron_5368_firmware *
dell latitude_3570_firmware *
dell latitude_7480_firmware *
dell inspiron_7370_firmware *
dell latitude_3490_firmware *
dell inspiron_7378_firmware *
dell inspiron_3567_firmware *
dell inspiron_5458_firmware *
dell inspiron_5582_firmware *
dell inspiron_5579_firmware *
dell latitude_7202_firmware *
dell xps_9370_firmware *
dell latitude_e7250_firmware *
dell optiplex_7460_aio_firmware *
dell wyse_7040_firmware *
dell inspiron_7373_firmware *
dell optiplex_3050_aio_firmware *
dell optiplex_5060_firmware *
dell precision_5820_firmware *
dell inspiron_3458_firmware *
dell precision_3430_firmware *
dell inspiron_7567_firmware *
dell inspiron_5378_firmware *
dell inspiron_5370_firmware *
dell inspiron_3158_firmware *
dell inspiron_7566_firmware *
dell latitude_e5450_firmware *
dell optiplex_3240_aio_firmware *
dell precision_5530_firmware *
dell vostro_3070_firmware *
dell optiplex_3050_firmware *
dell precision_3510_firmware *
dell latitude_5491_firmware *
dell inspiron_3781_firmware *
dell optiplex_3060_firmware *
dell vostro_5581_firmware *
dell inspiron_5457_firmware *
dell inspiron_3581_firmware *
dell xps_9560_firmware *
dell latitude_7414_firmware *
dell optiplex_xe3_firmware *
dell precision_7820_firmware *
dell latitude_7389_firmware *
dell vostro_3568_firmware *
dell vostro_3458_firmware *
dell inspiron_7573_firmware *
dell inspiron_3558_firmware *
dell vostro_3580_firmware *
dell embedded_box_pc_5000_firmware *
dell latitude_7285_firmware *
dell inspiron_7368_firmware *
dell precision_3930_firmware *
dell latitude_5490_firmware *
dell precision_5720_aio_firmware *
dell inspiron_7580_firmware -
dell inspiron_7560_firmware *
dell latitude_7380_firmware *
dell inspiron_3467_firmware *
dell latitude_5420_firmware *
dell inspiron_7572_firmware *
dell latitude_5414_firmware *
dell latitude_5175_firmware *
dell inspiron_5758_firmware *
dell latitude_3470_firmware *
dell inspiron_3576_firmware *
dell g3_3779_firmware *
dell g5_5590_firmware *
dell inspiron_3559_firmware *
dell latitude_5288_firmware *
dell vostro_3667_firmware *
dell g5_5587_firmware *
dell inspiron_7353_firmware *
dell latitude_e5250_firmware *
dell vostro_3470_firmware *
dell xps_9350_firmware *
dell inspiron_7778_firmware *
dell inspiron_3480_firmware *
dell vostro_7570_firmware *
dell precision_5530_2-in-1_firmware *
dell inspiron_3568_firmware *
dell inspiron_5566_firmware *
dell latitude_7390_firmware *
dell latitude_5179_firmware *
dell vostro_3670_firmware *
dell optiplex_3046_firmware *
dell optiplex_5040_firmware *
dell inspiron_5770_firmware *
dell latitude_e5570_firmware *
dell inspiron_3668_firmware *
dell inspiron_5480_firmware *
dell xps_9575_firmware *
dell latitude_3190_firmware *
dell latitude_5290_firmware *
dell inspiron_3459_firmware *
dell inspiron_5468_firmware *
dell optiplex_7450_aio_firmware *
dell latitude_3560_firmware *
dell inspiron_7466_firmware *
dell latitude_e7270_firmware *
dell inspiron_3470_firmware *
dell inspiron_5578_firmware *
dell venue_7140_firmware *
dell optiplex_7060_firmware *
dell vostro_5471_firmware *
dell vostro_3459_firmware *
dell vostro_5468_firmware *
dell inspiron_7472_firmware *
dell vostro_3268_firmware *
dell inspiron_5759_firmware *
dell vostro_3583_firmware *
dell latitude_3379_firmware *
dell xps_9360_firmware *
dell precision_3620_firmware *
dell inspiron_7467_firmware *
dell xps_9250_firmware *
dell latitude_3160_firmware *
dell vostro_5568_firmware *
dell vostro_3480_firmware *
dell latitude_5250_firmware *
dell precision_3420_firmware *
dell latitude_3450_firmware *
dell inspiron_3153_firmware *
dell inspiron_7577_firmware *
dell latitude_7280_firmware *
dell latitude_7290_firmware *
dell inspiron_5557_firmware *
dell precision_t7810_firmware *
dell xps_9570_firmware *
dell precision_t5810_firmware *
dell optiplex_7440_aio_firmware *
dell inspiron_3583_firmware *
dell inspiron_5482_firmware *
dell latitude_e5270_firmware *
dell latitude_3380_firmware *
dell inspiron_5567_firmware *
dell latitude_e5550_firmware *
dell inspiron_5379_firmware *
dell inspiron_3476_firmware *
dell g3_3579_firmware *
dell latitude_5480_firmware *
dell xps_9380_firmware *
dell precision_3630_firmware *
dell latitude_3150_firmware *
dell inspiron_3468_firmware *
dell inspiron_7586_firmware *
dell vostro_3468_firmware *
dell vostro_3660_firmware *
dell precision_7720_firmware *
dell inspiron_5558_firmware *
dell inspiron_7773_firmware *
dell latitude_3350_firmware *
dell vostro_3267_firmware *
dell xps_9550_firmware *
dell optiplex_5050_firmware *
dell inspiron_3780_firmware *
dell latitude_5290_2-in-1_firmware *
dell precision_7510_firmware *
dell chengming_3980_firmware *
dell latitude_3550_firmware *
dell inspiron_5559_firmware *
dell precision_7710_firmware *
dell latitude_5580_firmware *
dell inspiron_7359_firmware *
dell g7_7588_firmware *
dell g7_7790_firmware *
dell latitude_3189_firmware *
dell inspiron_670_firmware *
dell precision_7530_firmware *
dell precision_5520_firmware *
dell precision_7920_firmware *
dell vostro_3581_firmware *
dell inspiron_5481_firmware *
dell latitude_5591_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell inspiron_3580_firmware *
dell latitude_3590_firmware *
dell optiplex_3040_firmware *
dell precision_7520_firmware *
dell latitude_3180_firmware *
dell inspiron_7779_firmware *
dell optiplex_7760_aio_firmware *
dell inspiron_7568_firmware *
dell latitude_5488_firmware *
dell latitude_7214_firmware -
dell latitude_3460_firmware *
dell precision_3530_firmware *
dell latitude_7275_firmware *
dell precision_t7910_firmware *
dell inspiron_5580_firmware *
dell latitude_7250_firmware *
dell latitude_7350_firmware *
dell latitude_5590_firmware *
dell optiplex_5250_aio_firmware *
dell vostro_3478_firmware *
dell wyse_5070_firmware *
dell optiplex_7050_firmware *
dell xps_7760_firmware *
dell inspiron_7786_firmware *
dell inspiron_3268_firmware *
dell inspiron_7460_firmware *
dell vostro_3668_firmware *
dell latitude_7212_firmware *
dell vostro_3584_firmware *
dell xps_8900_firmware *
dell inspiron_3584_firmware *
dell inspiron_5767_firmware *
dell vostro_5370_firmware *
dell latitude_e7450_firmware *
dell inspiron_5570_firmware *
dell latitude_5450_firmware *
dell vostro_3669_firmware *
dell precision_5510_firmware *
dell inspiron_3481_firmware *
dell latitude_e5470_firmware *
dell inspiron_7569_firmware *
dell inspiron_7570_firmware *
dell vostro_7580_firmware *
dell xps_9343_firmware *
dell optiplex_5260_aio_firmware *
dell g7_7590_firmware *
dell inspiron_7579_firmware *
CVE-2019-3718 MEDIUM

Dell SupportAssist Client versions prior to 3.2.0.90 contain an improper origin validation vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to attempt CSRF attacks on users of the impacted systems.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
dell supportassist *
CVE-2019-3719 HIGH

Dell SupportAssist Client versions prior to 3.2.0.90 contain a remote code execution vulnerability. An unauthenticated attacker, sharing the network access layer with the vulnerable system, can compromise the vulnerable system by tricking a victim user into downloading and executing arbitrary executables via SupportAssist client from attacker hosted sites.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.1 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
dell supportassist *
CVE-2019-3720 MEDIUM

Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain a Directory Traversal Vulnerability. A remote authenticated malicious user with admin privileges could potentially exploit this vulnerability to gain unauthorized access to the file system by exploiting insufficient sanitization of input parameters.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
dell emc_openmanage_server_administrator *
CVE-2019-3721 HIGH

Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain an Improper Range Header Processing Vulnerability. A remote unauthenticated attacker may send crafted requests with overlapping ranges to cause the application to compress each of the requested bytes, resulting in a crash due to excessive memory consumption and preventing users from accessing the system.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-770,

Products Affected

Vendor Product Version
dell emc_openmanage_server_administrator *
CVE-2019-3722 MEDIUM

Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain an XML external entity (XXE) injection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to read arbitrary server system files by supplying specially crafted document type definitions (DTDs) in an XML request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
dell emc_openmanage_server_administrator 9.2
dell emc_openmanage_server_administrator 9.1
dell emc_openmanage_server_administrator 9.2.0.2
dell emc_openmanage_server_administrator 9.1.0.1
dell emc_openmanage_server_administrator 9.1.0.2
dell emc_openmanage_server_administrator 9.2.0.1
CVE-2019-3723 MEDIUM

Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain a web parameter tampering vulnerability. A remote unauthenticated attacker could potentially manipulate parameters of web requests to OMSA to create arbitrary files with empty content or delete the contents of any existing file, due to improper input parameter validation

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
dell emc_openmanage_server_administrator 9.2
dell emc_openmanage_server_administrator 9.1
dell emc_openmanage_server_administrator 9.2.0.2
dell emc_openmanage_server_administrator 9.1.0.1
dell emc_openmanage_server_administrator 9.1.0.2
dell emc_openmanage_server_administrator 9.2.0.1
CVE-2019-3726 MEDIUM

An Uncontrolled Search Path Vulnerability is applicable to the following: Dell Update Package (DUP) Framework file versions prior to 19.1.0.413, and Framework file versions prior to 103.4.6.69 used in Dell EMC Servers. Dell Update Package (DUP) Framework file versions prior to 3.8.3.67 used in Dell Client Platforms. The vulnerability is limited to the DUP framework during the time window when a DUP is being executed by an administrator. During this time window, a locally authenticated low privilege malicious user potentially could exploit this vulnerability by tricking an administrator into running a trusted binary, causing it to load a malicious DLL and allowing the attacker to execute arbitrary code on the victim system. The vulnerability does not affect the actual binary payload that the DUP delivers.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,

Products Affected

Vendor Product Version
dell update_package_framework *
CVE-2019-3727 HIGH

Dell EMC RecoverPoint versions prior to 5.1.3 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an OS command injection vulnerability in the installation feature of Boxmgmt CLI. A malicious boxmgmt user may potentially be able to execute arbitrary commands as root.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
dell emc_recoverpoint *
dell recoverpoint_for_virtual_machines *
CVE-2019-3728 MEDIUM

RSA BSAFE Crypto-C Micro Edition versions from 4.0.0.0 before 4.0.5.4 and from 4.1.0 before 4.1.4, RSA BSAFE Micro Edition Suite versions from 4.0.0 before 4.0.13 and from 4.1.0 before 4.4 and RSA Crypto-C versions from 6.0.0 through 6.4.* are vulnerable to an out-of-bounds read vulnerability when processing DSA signature. A malicious remote user could potentially exploit this vulnerability to cause a crash in the library of the affected system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
dell bsafe_crypto-c *
dell bsafe_micro-edition-suite *
dell bsafe_crypto-c-micro-edition *
CVE-2019-3729 LOW

RSA BSAFE Micro Edition Suite versions prior to 4.4 (in 4.0.x, 4.1.x, 4.2.x and 4.3.x) are vulnerable to a Heap-based Buffer Overflow vulnerability when parsing ECDSA signature. A malicious user with adjacent network access could potentially exploit this vulnerability to cause a crash in the library of the affected system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 2.4 LOW CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L 0.9 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
dell bsafe_micro-edition-suite *
CVE-2019-3730 MEDIUM

RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 (in 4.1.x) and prior to 4.4 (in 4.2.x and 4.3.x), are vulnerable to an Information Exposure Through an Error Message vulnerability, also known as a “padding oracle attack vulnerability”. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-649,CWE-209,

Products Affected

Vendor Product Version
dell bsafe_micro-edition-suite *
CVE-2019-3731 MEDIUM

RSA BSAFE Crypto-C Micro Edition versions prior to 4.1.4 and RSA Micro Edition Suite versions prior to 4.4 are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,CWE-203,

Products Affected

Vendor Product Version
dell bsafe_micro-edition-suite *
dell bsafe_crypto-c-micro-edition *
CVE-2019-3732 MEDIUM

RSA BSAFE Crypto-C Micro Edition, versions prior to 4.0.5.3 (in 4.0.x) and versions prior to 4.1.3.3 (in 4.1.x), and RSA Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) versions prior to 4.1.6.1 (in 4.1.x) and versions prior to 4.3.3 (4.2.x and 4.3.x) are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-385,CWE-203,

Products Affected

Vendor Product Version
dell bsafe_micro-edition-suite *
dell bsafe_crypto-c-micro-edition *
emc rsa_bsafe_crypto-c *
CVE-2019-3733 MEDIUM

RSA BSAFE Crypto-C Micro Edition, all versions prior to 4.1.4, is vulnerable to three (3) different Improper Clearing of Heap Memory Before Release vulnerability, also known as 'Heap Inspection vulnerability'. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-316,CWE-459,

Products Affected

Vendor Product Version
dell bsafe_crypto-c-micro-edition *
emc rsa_bsafe_crypto-c *
CVE-2019-3734 MEDIUM

Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain an improper authorization vulnerability in NAS Server quotas configuration. A remote authenticated Unisphere Operator could potentially exploit this vulnerability to edit quota configuration of other users.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
dell emc_unityvsa_operating_environment *
dell emc_unity_operating_environment *
CVE-2019-3735 HIGH

Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist for Home PCs version 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, and 3.2.1 contain an Improper Privilege Management Vulnerability. A malicious local user can exploit this vulnerability by inheriting a system thread using a leaked thread handle to gain system privileges on the affected machine.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-269,

Products Affected

Vendor Product Version
dell supportassist_for_home_pcs 3.2.1
dell supportassist_for_home_pcs 2.2.2
dell supportassist_for_home_pcs 2.2.1
dell supportassist_for_home_pcs 2.2
dell supportassist_for_home_pcs 3.1
dell supportassist_for_home_pcs 2.2.3
dell supportassist_for_home_pcs 3.0
dell supportassist_for_home_pcs 3.0.1
dell supportassist_for_home_pcs 3.2
dell supportassist_for_business_pcs 2.0
dell supportassist_for_home_pcs 3.0.2
CVE-2019-3736 MEDIUM

Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a password storage vulnerability in the ACM component. A remote authenticated malicious user with root privileges may potentially use a support tool to decrypt encrypted passwords stored locally on the system to use it to access other components using the privileges of the compromised user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-257,CWE-327,

Products Affected

Vendor Product Version
dell emc_integrated_data_protection_appliance_firmware 2.2
dell emc_integrated_data_protection_appliance_firmware 2.0
dell emc_integrated_data_protection_appliance_firmware 2.1
CVE-2019-3737 MEDIUM

Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are affected by an LFI vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially crafted request to the Web Interface application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
dell avamar_data_migration_enabler_web_interface 1.0.50
dell avamar_data_migration_enabler_web_interface 1.0.51
CVE-2019-3738 MEDIUM

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-325,CWE-347,

Products Affected

Vendor Product Version
oracle retail_service_backbone 15.0
oracle database 12.2.0.1
oracle storagetek_tape_analytics_sw_tool 2.3
oracle communications_unified_inventory_management 7.4.0
oracle retail_service_backbone 16.0
oracle retail_store_inventory_management 16.0.3
oracle retail_store_inventory_management 14.1.3
oracle communications_unified_inventory_management 7.3.2
oracle communications_network_integrity 7.3.6
oracle database 19c
oracle retail_xstore_point_of_service 15.0.3
oracle retail_predictive_application_server 15.0.3.0
oracle retail_service_backbone 14.1
oracle communications_network_integrity 7.3.5
mcafee threat_intelligence_exchange_server *
oracle goldengate *
oracle retail_xstore_point_of_service 17.0.3
oracle retail_xstore_point_of_service 18.0.2
dell bsafe_crypto-j *
oracle retail_xstore_point_of_service 16.0.5
oracle communications_unified_inventory_management 7.4.1
oracle retail_integration_bus 15.0
oracle application_performance_management 13.4.0.0
oracle retail_store_inventory_management 15.0.3
oracle retail_predictive_application_server 16.0.3.0
oracle retail_integration_bus 16.0
oracle retail_store_inventory_management 14.0.4
oracle retail_assortment_planning 16.0.3.0
oracle communications_unified_inventory_management 7.3.4
oracle communications_network_integrity 7.3.2
oracle communications_unified_inventory_management 7.3.5
oracle retail_assortment_planning 15.0.3.0
dell bsafe_cert-j *
oracle retail_integration_bus 14.1
oracle database 18c
oracle application_performance_management 13.3.0.0
oracle database 12.1.0.2
oracle retail_xstore_point_of_service 19.0.1
mcafee threat_intelligence_exchange_server 3.0.0
dell bsafe_ssl-j *
oracle goldengate 19.1.0.0.0.210420
oracle retail_predictive_application_server 14.1.3.0
CVE-2019-3739 MEDIUM

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,CWE-203,

Products Affected

Vendor Product Version
oracle retail_service_backbone 15.0
oracle database 12.2.0.1
oracle storagetek_tape_analytics_sw_tool 2.3
oracle weblogic_server 10.3.6.0.0
oracle retail_service_backbone 16.0
oracle retail_store_inventory_management 16.0.3
oracle retail_store_inventory_management 14.1.3
oracle weblogic_server 12.2.1.4.0
oracle communications_network_integrity 7.3.6
oracle database 19c
oracle retail_xstore_point_of_service 15.0.3
oracle retail_predictive_application_server 15.0.3.0
oracle retail_service_backbone 14.1
oracle storagetek_acsls 8.5.1
oracle communications_network_integrity 7.3.5
oracle goldengate *
oracle retail_xstore_point_of_service 17.0.3
oracle retail_xstore_point_of_service 18.0.2
dell bsafe_crypto-j *
oracle retail_xstore_point_of_service 16.0.5
oracle retail_integration_bus 15.0
oracle weblogic_server 12.2.1.3.0
oracle application_performance_management 13.4.0.0
oracle retail_store_inventory_management 15.0.3
oracle retail_predictive_application_server 16.0.3.0
oracle retail_integration_bus 16.0
oracle retail_store_inventory_management 14.0.4
oracle retail_assortment_planning 16.0.3.0
oracle communications_network_integrity 7.3.2
oracle weblogic_server 14.1.1.0.0
oracle retail_assortment_planning 15.0.3.0
dell bsafe_cert-j *
oracle retail_integration_bus 14.1
oracle database 18c
oracle application_performance_management 13.3.0.0
oracle database 12.1.0.2
oracle retail_xstore_point_of_service 19.0.1
dell bsafe_ssl-j *
oracle retail_predictive_application_server 14.1.3.0
CVE-2019-3740 MEDIUM

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,CWE-203,

Products Affected

Vendor Product Version
oracle retail_service_backbone 15.0
oracle database 12.2.0.1
oracle storagetek_tape_analytics_sw_tool 2.3
oracle weblogic_server 10.3.6.0.0
oracle global_lifecycle_management_opatch *
oracle communications_unified_inventory_management 7.4.0
oracle retail_service_backbone 16.0
oracle weblogic_server 12.1.3.0.0
oracle retail_store_inventory_management 16.0.3
oracle retail_store_inventory_management 14.1.3
oracle weblogic_server 12.2.1.4.0
oracle communications_unified_inventory_management 7.3.2
oracle communications_network_integrity 7.3.6
oracle database 19c
oracle retail_xstore_point_of_service 15.0.3
oracle retail_predictive_application_server 15.0.3.0
oracle retail_service_backbone 14.1
oracle storagetek_acsls 8.5.1
oracle communications_network_integrity 7.3.5
oracle goldengate *
oracle retail_xstore_point_of_service 17.0.3
oracle retail_predictive_application_server 15.0
oracle retail_xstore_point_of_service 18.0.2
dell bsafe_crypto-j *
oracle retail_xstore_point_of_service 16.0.5
oracle communications_unified_inventory_management 7.4.1
oracle retail_integration_bus 15.0
oracle weblogic_server 12.2.1.3.0
oracle application_performance_management 13.4.0.0
oracle retail_store_inventory_management 15.0.3
oracle retail_predictive_application_server 16.0.3.0
oracle retail_integration_bus 16.0
oracle retail_store_inventory_management 14.0.4
oracle retail_assortment_planning 16.0.3.0
oracle communications_unified_inventory_management 7.3.4
oracle communications_network_integrity 7.3.2
oracle weblogic_server 14.1.1.0.0
oracle communications_unified_inventory_management 7.3.5
oracle retail_assortment_planning 15.0.3.0
dell bsafe_cert-j *
oracle retail_integration_bus 14.1
oracle database 18c
oracle application_performance_management 13.3.0.0
oracle database 12.1.0.2
oracle retail_xstore_point_of_service 19.0.1
dell bsafe_ssl-j *
oracle retail_predictive_application_server 14.1.3.0
CVE-2019-3741 LOW

Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain a plain-text password storage vulnerability. A Unisphere user’s (including the admin privilege user) password is stored in a plain text in Unity Data Collection bundle (logs files for troubleshooting). A local authenticated attacker with access to the Data Collection bundle may use the exposed password to gain access with the privileges of the compromised user.

CVSS 2.0

Severity: LOW

Problem Type: CWE-693,

Products Affected

Vendor Product Version
dell emc_unityvsa_operating_environment *
dell emc_unity_operating_environment *
CVE-2019-3742 HIGH

Dell/Alienware Digital Delivery versions prior to 3.5.2013 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a named pipe that performs binary deserialization via a process hollowing technique to inject malicous code to run an executable with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
dell digital_delivery *
CVE-2019-3744 HIGH

Dell/Alienware Digital Delivery versions prior to 4.0.41 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a Universal Windows Platform application by manipulating the install software package feature with a race condition and a path traversal exploit in order to run a malicious executable with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,CWE-362,

Products Affected

Vendor Product Version
dell digital_delivery *
CVE-2019-3745 MEDIUM

The vulnerability is limited to the installers of Dell Encryption Enterprise versions prior to 10.4.0 and Dell Endpoint Security Suite Enterprise versions prior to 2.4.0. This issue is exploitable only during the installation of the product by an administrator. A local authenticated low privileged user potentially could exploit this vulnerability by staging a malicious DLL in the search path of the installer prior to its execution by a local administrator. This would cause loading of the malicious DLL, which would allow the attacker to execute arbitrary code in the context of an administrator.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,CWE-426,

Products Affected

Vendor Product Version
dell endpoint_security_suite_enterprise *
dell encryption *
CVE-2019-3746 MEDIUM

Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do not limit the number of authentication attempts to the ACM API. An authenticated remote user may exploit this vulnerability to launch a brute-force authentication attack in order to gain access to the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-307,CWE-307,

Products Affected

Vendor Product Version
dell emc_integrated_data_protection_appliance_firmware 2.2
dell emc_integrated_data_protection_appliance_firmware 2.0
dell emc_integrated_data_protection_appliance_firmware 2.1
CVE-2019-3747 LOW

Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a stored cross-site scripting vulnerability. A remote malicious ACM admin user may potentially exploit this vulnerability to store malicious HTML or JavaScript code in Cloud DR add-on specific field. When victim users access the page through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
dell emc_integrated_data_protection_appliance_firmware 2.2
dell emc_integrated_data_protection_appliance_firmware 2.0
dell emc_integrated_data_protection_appliance_firmware 2.1
CVE-2019-3749 LOW

Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to delete arbitrary files by creating a symlink from the "Temp\ICProgress\Dell_InventoryCollector_Progress.xml" to any targeted file. This issue occurs because permissions on the Temp directory were set incorrectly.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-427,CWE-59,

Products Affected

Vendor Product Version
dell command_update *
CVE-2019-3750 LOW

Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to delete arbitrary files by creating a symlink from the "Temp\IC\ICDebugLog.txt" to any targeted file. This issue occurs because of insecure handling of Temp directory permissions that were set incorrectly.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-427,CWE-59,

Products Affected

Vendor Product Version
dell command_update *
CVE-2019-3751 MEDIUM

Dell EMC Enterprise Copy Data Management (eCDM) versions 1.0, 1.1, 2.0, 2.1, and 3.0 contain a certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim’s data in transit.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,CWE-295,

Products Affected

Vendor Product Version
dell emc_enterprise_copy_data_management 1.1
dell emc_enterprise_copy_data_management 2.1
dell emc_enterprise_copy_data_management 3.0
dell emc_enterprise_copy_data_management 2.0
dell emc_enterprise_copy_data_management 1.0
CVE-2019-3752 MEDIUM

Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4. contain an XML External Entity(XXE) Injection vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability to cause Denial of Service or information exposure by supplying specially crafted document type definitions (DTDs) in an XML request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H 3.9 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,CWE-611,

Products Affected

Vendor Product Version
dell emc_integrated_data_protection_appliance 2.1
dell emc_integrated_data_protection_appliance 2.4
dell emc_avamar_server 18.2
dell emc_avamar_server 7.4.1
dell emc_avamar_server 19.1
dell emc_avamar_server 7.5.0
dell emc_avamar_server 7.5.1
dell emc_integrated_data_protection_appliance 2.0
dell emc_integrated_data_protection_appliance 2.3
dell emc_integrated_data_protection_appliance 2.2
CVE-2019-3753 MEDIUM

Dell EMC PowerConnect 8024, 7000, M6348, M6220, M8024 and M8024-K running firmware versions prior to 5.1.15.2 contain a plain-text password storage vulnerability. TACACS\Radius credentials are stored in plain text in the system settings menu. An authenticated malicious user with access to the system settings menu may obtain the exposed password to use it in further attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-312,CWE-522,

Products Affected

Vendor Product Version
dell emc_powerconnect_m8024-k_firmware *
dell emc_powerconnect_7000_firmware *
dell emc_powerconnect_m6220_firmware *
dell emc_powerconnect_m8024_firmware *
dell emc_powerconnect_8024_firmware *
dell emc_powerconnect_m6348_firmware *
CVE-2019-3754 MEDIUM

Dell EMC Unity Operating Environment versions prior to 5.0.0.0.5.116, Dell EMC UnityVSA versions prior to 5.0.0.0.5.116 and Dell EMC VNXe3200 versions prior to 3.1.10.9946299 contain a reflected cross-site scripting vulnerability on the cas/logout page. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or Java Script code to Unisphere, which is then reflected back to the victim and executed by the web browser.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
dell emc_vnxe3200_firmware *
dell emc_unityvsa_operating_environment *
dell emc_unity_operating_environment *
CVE-2019-3759 MEDIUM

The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a code injection vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to run custom Groovy scripts to gain limited access to view or modify information on the Workflow system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N 3.1 2.7
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,CWE-94,

Products Affected

Vendor Product Version
dell rsa_identity_governance_and_lifecycle 7.1.0
dell rsa_identity_governance_and_lifecycle 7.0.1
dell rsa_identity_governance_and_lifecycle 7.0.2
dell rsa_via_lifecycle_and_governance 7.0.0
dell rsa_identity_governance_and_lifecycle 7.1.1
CVE-2019-3760 MEDIUM

The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a SQL Injection vulnerability in Workflow Architect. A remote authenticated malicious user could potentially exploit this vulnerability to execute SQL commands on the back-end database to gain unauthorized access to the data by supplying specially crafted input data to the affected application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
security_alert@emc.com 6.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N 3.1 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-89,

Products Affected

Vendor Product Version
dell rsa_identity_governance_and_lifecycle 7.1.0
dell rsa_identity_governance_and_lifecycle 7.0.1
dell rsa_identity_governance_and_lifecycle 7.0.2
dell rsa_via_lifecycle_and_governance 7.0.0
dell rsa_identity_governance_and_lifecycle 7.1.1
CVE-2019-3761 LOW

The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a stored cross-site scripting vulnerability in the Access Request module. A remote authenticated malicious user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the stored malicious code would gets executed by the web browser in the context of the vulnerable web application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
dell rsa_identity_governance_and_lifecycle 7.1.0
dell rsa_identity_governance_and_lifecycle 7.0.1
dell rsa_identity_governance_and_lifecycle 7.0.2
dell rsa_via_lifecycle_and_governance 7.0.0
dell rsa_identity_governance_and_lifecycle 7.1.1
CVE-2019-3762 MEDIUM

Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 contains an Improper Certificate Chain of Trust Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by obtaining a CA signed certificate from Data Protection Central to impersonate a valid system to compromise the integrity of data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-296,CWE-295,

Products Affected

Vendor Product Version
dell emc_data_protection_central 18.1
dell emc_integrated_data_protection_appliance 2.1
dell emc_integrated_data_protection_appliance 2.4
dell emc_data_protection_central 18.2
dell emc_data_protection_central 1.0.1
dell emc_data_protection_central 1.0
dell emc_data_protection_central 19.1
dell emc_integrated_data_protection_appliance 2.0
dell emc_integrated_data_protection_appliance 2.3
dell emc_integrated_data_protection_appliance 2.2
CVE-2019-3763 LOW

The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain an information exposure vulnerability. The Office 365 user password may get logged in a plain text format in the Office 365 connector debug log file. An authenticated malicious local user with access to the debug logs may obtain the exposed password to use in further attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0

CVSS 2.0

Severity: LOW

Problem Type: CWE-532,CWE-532,

Products Affected

Vendor Product Version
dell rsa_identity_governance_and_lifecycle 7.1.0
dell rsa_identity_governance_and_lifecycle 7.0.1
dell rsa_identity_governance_and_lifecycle 7.0.2
dell rsa_via_lifecycle_and_governance 7.0.0
dell rsa_identity_governance_and_lifecycle 7.1.1
CVE-2019-3764 MEDIUM

Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive information such as password hashes.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-285,NVD-CWE-Other,

Products Affected

Vendor Product Version
dell idrac9_firmware *
dell idrac7_firmware *
dell idrac8_firmware *
CVE-2019-3765 MEDIUM

Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4 contain an Incorrect Permission Assignment for Critical Resource vulnerability. A remote authenticated malicious user potentially could exploit this vulnerability to view or modify sensitive backup data. This could be used to make backups corrupt or potentially to trick a user into restoring a backup with malicious files in place.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,CWE-732,

Products Affected

Vendor Product Version
dell emc_integrated_data_protection_appliance *
dell emc_avamar_server 18.2
dell emc_avamar_server 7.4.1
dell emc_avamar_server 19.1
dell emc_avamar_server 7.5.0
dell emc_avamar_server 7.5.1
CVE-2019-3766 HIGH

Dell EMC ECS versions prior to 3.4.0.0 contain an improper restriction of excessive authentication attempts vulnerability. An unauthenticated remote attacker may potentially perform a password brute-force attack to gain access to the targeted accounts.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-307,CWE-307,

Products Affected

Vendor Product Version
dell emc_elastic_cloud_storage *
CVE-2019-3767 LOW

Dell ImageAssist versions prior to 8.7.15 contain an information disclosure vulnerability. Dell ImageAssist stores some sensitive encrypted information in the images it creates. A privileged user of a system running an operating system that was deployed with Dell ImageAssist could potentially retrieve this sensitive information to then compromise the system and related systems.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,CWE-312,

Products Affected

Vendor Product Version
dell imageassist *
CVE-2019-3769 LOW

Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious payload in the device heartbeat request. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N 3.1 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
dell wyse_management_suite *
CVE-2019-3770 LOW

Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability when unregistering a device. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious HTML or JavaScript code. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N 3.1 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
dell wyse_management_suite *
CVE-2020-11899 MEDIUM

The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 2.8 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
dell wyse_5030_firmware -
treck tcp/ip *
dell wyse_5050_all-in-one_firmware -
dell wyse_7030_firmware -
CVE-2020-12695 HIGH

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H 2.2 4.7

CVSS 2.0

Severity: HIGH

Problem Type: CWE-276,

Products Affected

Vendor Product Version
hp envy_5530 -
netgear wnhde111 -
cisco wap351 -
dell b1165nfw -
epson xp-241 -
hp envy_5546_k7c90a -
hp envy_5644_b9s65a -
hp envy_6020_5se17a -
hp envy_5531 -
hp envy_4524_f0v71b -
epson xp-8600 -
hp envy_photo_7120_z3m41d -
hp deskjet_ink_advantage_4535_f0v64a -
hp officejet_4655_k9v82b -
hp envy_4522_f0v67a -
zte zxv10_w300 -
hp envy_4513_k9h51a -
hp envy_5544_k7c89a -
hp hp_envy_4523_j6u60b -
hp envy_photo_6200_k7g18a -
hp envy_photo_6200_k7s21b -
hp envy_4504_a9t88b -
hp envy_photo_6220_k7g20d -
hp hp_envy_4520_f0v69a -
hp hp_officejet_4652_f1j05b -
hp 5030_m2u92b -
hp envy_100_cn518a -
hp envy_4527_j6u61b -
w1.fi hostapd *
epson m571t -
hp envy_4505_a9t86a -
hp deskjet_ink_advantage_3456_a9t84c -
ui unifi_controller -
hp deskjet_ink_advantage_4675_f1h97c -
hp deskjet_ink_advantage_4676_f1h98a -
hp envy_5540_g0v53a -
asus rt-n11 -
hp 5030_z4a70a -
hp deskjet_ink_advantage_3545_a9t83b -
broadcom adsl -
hp deskjet_ink_advantage_5575_g0v48c -
hp deskjet_ink_advantage_4515 -
hp envy_5539 -
hp hp_envy_4524_k9t01a -
hp envy_120_cz022a -
hp envy_photo_6232_k7g26b -
hp hp_officejet_4650_e6g87a -
hp envy_pro_6420_6wd14a -
hp envy_photo_7800_y0g52b -
hp envy_photo_7822_y0g42d -
cisco wap131 -
hp envy_6020_5se16b -
hp envy_photo_6200_y0k15a -
hp deskjet_ink_advantage_4675_f1h97b -
hp envy_pro_6420_5se46a -
hp envy_pro_6420_5se45b -
hp deskjet_ink_advantage_3546_a9t82a -
hp envy_5545_g0v50a -
hp envy_4509_d3p94a -
cisco wap150 -
hp envy_photo_7100_k7g99a -
hp hp_envy_4513_k9h51a -
hp deskjet_ink_advantage_5575_g0v48b -
hp officejet_4655_f1j00a -
epson xp-320 -
microsoft xbox_one 10.0.19041.2494
hp envy_4520_e6g67b -
hp hp_deskjet_ink_advantage_4675_f1h97b -
hp envy_100_cn519b -
canonical ubuntu_linux 20.04
hp hp_officejet_4655_f1j00a -
hp hp_deskjet_ink_advantage_4676_f1h98a -
debian debian_linux 10.0
epson xp-970 -
hp hp_envy_4522_f0v67a -
hp hp_officejet_4656_k9v81b -
hp hp_envy_4511_k9h50a -
hp hp_deskjet_ink_advantage_4678_f1h99b -
hp envy_4502_a9t85a -
hp envy_5541_k7g89a -
hp hp_officejet_4654_f1j06b -
hp officejet_4652_k9v84b -
hp envy_6052_5se18a -
hp envy_4504_c8d04a -
hp envy_5547_j6u64a -
hp hp_envy_4516_k9h52a -
epson ep-101 -
epson xp-440 -
hp envy_5540_g0v47a -
dlink dvg-n5412sp -
hp envy_4507_e6g70b -
hp officejet_4650_f1h96a -
hp officejet_4655_k9v79a -
hp envy_photo_7100_k7g93a -
hp envy_photo_7100_z3m52a -
hp hp_deskjet_ink_advantage_4675_f1h97c -
hp officejet_4650_f1h96b -
epson xp-2101 -
huawei hg255s -
hp envy_photo_6220_k7g21b -
hp envy_photo_6252_k7g22a -
hp officejet_4657_v6d29b -
hp envy_7645_e4w44a -
hp envy_5640_b9s56a -
fedoraproject fedora 31
hp envy_4523_j6u60b -
hp envy_5640_b9s58a -
hp envy_111_cq810a -
hp envy_photo_7800_y0g42d -
hp hp_deskjet_ink_advantage_4535_f0v64b -
hp envy_5000_z4a54a -
hp envy_5000_m2u85a -
hp envy_7644_e4w46a -
hp officejet_4658_v6d30b -
hp envy_4516_k9h52a -
hp envy_100_cn517a -
hp envy_photo_6230_k7g25b -
hp envy_pro_6420_6wd16a -
hp hp_envy_4525_k9t09b -
hp hp_officejet_4652_k9v84b -
hp envy_4500_a9t89a -
hp envy_5646_f8b05a -
hp envy_4511_k9h50a -
hp envy_5540_k7c85a -
huawei hg532e -
hp envy_5664_f8b08a -
fedoraproject fedora 32
debian debian_linux 9.0
hp deskjet_ink_advantage_4535_f0v64b -
hp envy_120_cz022b -
hp deskjet_ink_advantage_4678_f1h99b -
hp envy_photo_7800_k7s00a -
hp envy_6540_b9s59a -
hp envy_4520_e6g67a -
epson xp-330 -
hp envy_110_cq809d -
hp hp_deskjet_ink_advantage_4535_f0v64c -
hp envy_4503_e6g71b -
epson ew-m970a3t -
hp envy_4512_k9h49a -
hp hp_officejet_4650_f1h96b -
epson xp-702 -
epson xp-4100 -
hp envy_4509_d3p94b -
hp hp_deskjet_ink_advantage_4535_f0v64a -
hp envy_114_cq811a -
hp envy_4524_k9t01a -
hp envy_100_cn517c -
hp officejet_4652_f1j02a -
hp envy_5540_g0v51a -
hp hp_envy_4521_k9t10b -
hp hp_envy_4524_f0v71b -
hp deskjet_ink_advantage_4675_f1h97a -
hp envy_6020_6wd35a -
hp envy_5532 -
zyxel amg1202-t10b -
hp envy_4525_k9t09b -
hp envy_5543_n9u88a -
hp hp_envy_4520_e6g67b -
hp officejet_4654_f1j07b -
hp envy_5000_m2u94b -
hp envy_photo_6222_y0k14d -
hp envy_5020_m2u91b -
hp envy_100_cn519a -
hp envy_photo_7164_k7g99a -
hp envy_photo_7800_k7r96a -
hp envy_4502_a9t87b -
hp envy_110_cq812c -
zyxel vmg8324-b10a -
hp envy_photo_7830_y0g50b -
hp officejet_4654_f1j06b -
hp envy_5000_z4a74a -
hp hp_officejet_4654_f1j07b -
hp deskjet_ink_advantage_3548_a9t81b -
hp envy_5000_m2u85b -
hp hp_officejet_4650_f1h96a -
hp envy_5536 -
hp envy_photo_6234_k7s21b -
epson xp-630 -
nec wr8165n -
hp deskjet_ink_advantage_4538_f0v66b -
epson xp-100 -
tp-link archer_c50 -
hp deskjet_ink_advantage_3545_a9t81c -
hp envy_5642_b9s64a -
hp envy_photo_6200_k7g26b -
hp envy_4500_a9t80a -
hp hp_officejet_4655_k9v79a -
hp envy_6020_7cz37a -
hp envy_5540_g0v52a -
hp envy_photo_7822_y0g43d -
hp envy_4520_f0v63a -
hp 5034_z4a74a -
hp hp_envy_4528_k9t08b -
hp envy_114_cq812a -
hp deskjet_ink_advantage_4518 -
hp envy_100_cn517b -
hp envy_5000_m2u91a -
hp envy_photo_7155_z3m52a -
hp officejet_4656_k9v81b -
hp deskjet_ink_advantage_4535_f0v64c -
hp envy_7640 -
epson xp-620 -
hp envy_4520_f0v69a -
hp envy_photo_6200_y0k13d_ -
hp envy_5665_f8b06a -
hp envy_5544_k7c93a -
hp hp_envy_4520_f0v63b -
hp officejet_4652_f1j05b -
hp envy_4508_e6g72b -
hp hp_envy_4512_k9h49a -
hp 5660_f8b04a -
hp envy_6055_5se16a -
hp hp_deskjet_ink_advantage_4536_f0v65a -
hp envy_5540_f2e72a -
hp envy_4524_f0v72b -
ruckussecurity zonedirector_1200 -
epson xp-8500 -
hp envy_5548_k7g87a -
hp officejet_4650_e6g87a -
hp hp_envy_4520_f0v63a -
hp envy_4528_k9t08b -
epson xp-2105 -
hp envy_110_cq809b -
hp envy_pro_6452_5se47a -
epson xp-4105 -
hp 5020_z4a69a -
hp deskjet_ink_advantage_4536_f0v65a -
hp hp_envy_4524_f0v72b -
hp envy_photo_6222_y0k13d -
hp envy_4521_k9t10b -
hp deskjet_ink_advantage_3545_a9t81a -
hp envy_120_cz022c -
hp hp_deskjet_ink_advantage_4538_f0v66b -
hp hp_officejet_4652_f1j02a -
hp envy_110_cq809c -
hp envy_5000_m2u91a *
hp envy_5535 -
hp envy_4520_f0v63b -
hp hp_officejet_4655_k9v82b -
hp envy_114_cq811b -
hp envy_pro_6455_5se45a -
microsoft windows_10 -
hp envy_4501_c8d05a -
epson xp-960 -
hp envy_5643_b9s63a -
canon selphy_cp1200 -
hp envy_5542_k7c88a -
hp hp_officejet_4657_v6d29b -
hp envy_5534 -
hp hp_envy_4520_e6g67a -
hp hp_envy_4526_k9t05b -
hp hp_envy_4527_j6u61b -
hp hp_officejet_4658_v6d30b -
hp envy_4500_d3p93a -
hp hp_deskjet_ink_advantage_4675_f1h97a -
epson xp-340 -
hp envy_110_cq809a -
hp envy_photo_7100_3xd89a -
hp envy_4526_k9t05b -
hp envy_photo_7800_k7s10d -
hp envy_4500_a9t80b -
hp envy_photo_7100_z3m37a -
CVE-2020-26180 MEDIUM

Dell EMC Isilon OneFS supported versions 8.1 and later and Dell EMC PowerScale OneFS supported version 9.0.0 contain an access issue with the remotesupport user account. A remote malicious user with low privileges may gain access to data stored on the /ifs directory through most protocols.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2.8 3.4
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-276,CWE-276,

Products Affected

Vendor Product Version
dell emc_isilon_onefs *
dell emc_powerscale_onefs 9.0.0
CVE-2020-26181 HIGH

Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability on a SmartLock Compliance mode cluster. The compadmin user connecting using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE can elevate privileges to the root user if they have ISI PRIV HARDENING privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-269,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
dell emc_isilon_onefs *
dell emc_powerscale_onefs 9.0.0
CVE-2020-26182 MEDIUM

Dell EMC NetWorker versions prior to 19.3.0.2 contain an incorrect privilege assignment vulnerability. A non-LDAP remote user with low privileges may exploit this vulnerability to perform 'saveset' related operations in an unintended manner. The vulnerability is not exploitable by users authenticated via LDAP.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N 2.3 4.0
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-266,CWE-552,

Products Affected

Vendor Product Version
dell emc_networker *
CVE-2020-26183 MEDIUM

Dell EMC NetWorker versions prior to 19.3.0.2 contain an improper authorization vulnerability. Certain remote users with low privileges may exploit this vulnerability to perform 'nsrmmdbd' operations in an unintended manner.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6
security_alert@emc.com 6.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N 2.3 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-285,CWE-552,

Products Affected

Vendor Product Version
dell emc_networker *
CVE-2020-26184 MEDIUM

Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain an Improper Certificate Validation vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,CWE-295,

Products Affected

Vendor Product Version
oracle http_server 12.2.1.3.0
oracle weblogic_server_proxy_plug-in 12.2.1.4.0
oracle security_service 12.2.1.3.0
oracle security_service 12.2.1.4.0
dell bsafe_micro-edition-suite *
oracle weblogic_server_proxy_plug-in 12.2.1.3.0
oracle http_server 12.2.1.4.0
CVE-2020-26185 MEDIUM

Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain a Buffer Over-Read Vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-125,

Products Affected

Vendor Product Version
oracle database 19c
oracle http_server 12.2.1.3.0
oracle weblogic_server_proxy_plug-in 12.2.1.4.0
oracle database 12.1.0.2
oracle database 21c
oracle security_service 12.2.1.3.0
oracle security_service 12.2.1.4.0
dell bsafe_micro-edition-suite *
oracle weblogic_server_proxy_plug-in 12.2.1.3.0
oracle http_server 12.2.1.4.0
CVE-2020-26186 HIGH

Dell Inspiron 5675 BIOS versions prior to 1.4.1 contain a UEFI BIOS RuntimeServices overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the RuntimeServices structure to execute arbitrary code in System Management Mode (SMM).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
security_alert@emc.com 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-642,CWE-668,

Products Affected

Vendor Product Version
dell inspiron_5675_firmware *
CVE-2020-26191 MEDIUM

Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain a privilege escalation vulnerability. A user with ISI_PRIV_JOB_ENGINE may use the PermissionRepair job to grant themselves the highest level of RBAC privileges thus being able to read arbitrary data, tamper with system software or deny service to users.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
dell emc_powerscale_onefs 8.2.2
dell emc_powerscale_onefs 8.1.0
dell emc_powerscale_onefs 8.1.2
dell emc_powerscale_onefs 8.2.1
dell emc_powerscale_onefs 9.1.0
dell emc_powerscale_onefs 8.1.1
dell emc_powerscale_onefs 8.2.0
dell emc_powerscale_onefs 9.0.0
CVE-2020-26192 MEDIUM

Dell EMC PowerScale OneFS versions 8.2.0 - 9.1.0 contain a privilege escalation vulnerability. A non-admin user with either ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH may potentially exploit this vulnerability to read arbitrary data, tamper with system software or deny service to users. Note: no non-admin users or roles have these privileges by default.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,CWE-306,

Products Affected

Vendor Product Version
dell emc_powerscale_onefs 8.2.2
dell emc_powerscale_onefs 8.2.1
dell emc_powerscale_onefs 9.1.0
dell emc_powerscale_onefs 8.2.0
dell emc_powerscale_onefs 9.0.0
CVE-2020-26193 HIGH

Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain an improper input validation vulnerability. A user with the ISI_PRIV_CLUSTER privilege may exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-78,

Products Affected

Vendor Product Version
dell emc_powerscale_onefs 8.2.2
dell emc_powerscale_onefs 8.1.0
dell emc_powerscale_onefs 8.1.2
dell emc_powerscale_onefs 8.2.1
dell emc_powerscale_onefs 9.1.0
dell emc_powerscale_onefs 8.1.1
dell emc_powerscale_onefs 8.2.0
dell emc_powerscale_onefs 9.0.0
CVE-2020-26194 MEDIUM

Dell EMC PowerScale OneFS versions 8.1.2 and 8.2.2 contain an Incorrect Permission Assignment for a Critical Resource vulnerability. This may allow a non-admin user with either ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH privileges to exploit the vulnerability, leading to compromised cryptographic operations. Note: no non-admin users or roles have these privileges by default.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,CWE-732,

Products Affected

Vendor Product Version
dell emc_powerscale_onefs 8.2.2
dell emc_powerscale_onefs 8.1.2
CVE-2020-26195 MEDIUM

Dell EMC PowerScale OneFS versions 8.1.2 – 9.1.0 contain an issue where the OneFS SMB directory auto-create may erroneously create a directory for a user. A remote unauthenticated attacker may take advantage of this issue to slow down the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-280,CWE-755,

Products Affected

Vendor Product Version
dell emc_powerscale_onefs 8.2.2
dell emc_powerscale_onefs 8.1.2
dell emc_powerscale_onefs 8.2.1
dell emc_powerscale_onefs 9.1.0
dell emc_powerscale_onefs 8.2.0
dell emc_powerscale_onefs 9.0.0
CVE-2020-26196 LOW

Dell EMC PowerScale OneFS versions 8.1.0-9.1.0 contain a Backup/Restore Privilege implementation issue. A user with the BackupAdmin role may potentially exploit this vulnerability resulting in the ability to write data outside of the intended file system location.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 1.8 3.6
security_alert@emc.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-732,CWE-732,

Products Affected

Vendor Product Version
dell emc_powerscale_onefs 8.2.2
dell emc_powerscale_onefs 8.1.0
dell emc_powerscale_onefs 8.1.2
dell emc_powerscale_onefs 8.2.1
dell emc_powerscale_onefs 9.1.0
dell emc_powerscale_onefs 8.1.1
dell emc_powerscale_onefs 8.2.0
dell emc_powerscale_onefs 9.0.0
CVE-2020-26197 MEDIUM

Dell PowerScale OneFS 8.1.0 - 9.1.0 contains an LDAP Provider inability to connect over TLSv1.2 vulnerability. It may make it easier to eavesdrop and decrypt such traffic for a malicious actor. Note: This does not affect clusters which are not relying on an LDAP server for the authentication provider.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 1.6 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-326,CWE-319,

Products Affected

Vendor Product Version
dell emc_powerscale_onefs 8.2.2
dell emc_powerscale_onefs 8.1.0
dell emc_powerscale_onefs 8.1.2
dell emc_powerscale_onefs 8.1.1
CVE-2020-26198 MEDIUM

Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00 contain a reflected cross-site scripting vulnerability in the iDRAC9 web application. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
dell idrac9_firmware *
dell idrac9_firmware 4.40.00.00
CVE-2020-26199 LOW

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in multiple log files. A local authenticated attacker with access to the log files may use the exposed password to gain access with the privileges of the compromised user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
security_alert@emc.com 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9

CVSS 2.0

Severity: LOW

Problem Type: CWE-532,CWE-532,

Products Affected

Vendor Product Version
dell emc_unity_xt_operating_environment *
dell emc_unity_vsa_operating_environment *
dell emc_unity_operating_environment *
CVE-2020-29489 MEDIUM

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contains a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in a system file. A local authenticated attacker with access to the system files may use the exposed password to gain access with the privileges of the compromised user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
security_alert@emc.com 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-276,CWE-312,

Products Affected

Vendor Product Version
dell emc_unity_xt_operating_environment *
dell emc_unity_vsa_operating_environment *
dell emc_unity_operating_environment *
CVE-2020-29490 MEDIUM

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a Denial of Service vulnerability on NAS Servers with NFS exports. A remote authenticated attacker could potentially exploit this vulnerability and cause Denial of Service (Storage Processor Panic) by sending specially crafted UDP requests.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
dell emc_unity_xt_operating_environment *
dell emc_unity_vsa_operating_environment *
dell emc_unity_operating_environment *
CVE-2020-29491 MEDIUM

Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access to the sensitive information on the local network, leading to the potential compromise of impacted thin clients.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0
nvd@nist.gov 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N 3.9 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-276,CWE-276,

Products Affected

Vendor Product Version
dell wyse_thinos *
CVE-2020-29492 MEDIUM

Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to access the writable file and manipulate the configuration of any target specific station.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0
nvd@nist.gov 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N 3.9 5.8

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-276,CWE-276,

Products Affected

Vendor Product Version
dell wyse_thinos *
CVE-2020-29493 HIGH

DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database, causing unauthorized read and write access to application data. Exploitation may lead to leakage or deletion of sensitive backup data; hence the severity is Critical. Dell EMC recommends customers to upgrade at the earliest opportunity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,CWE-89,

Products Affected

Vendor Product Version
dell emc_avamar_server 19.2
dell emc_avamar_server 19.3
dell emc_integrated_data_protection_appliance 2.6
dell emc_integrated_data_protection_appliance 2.5
dell emc_avamar_server 19.1
CVE-2020-29494 MEDIUM

Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the arbitrary files stored on the server filesystem, causing deletion of arbitrary files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.7 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H 2.3 5.8
nvd@nist.gov 8.7 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H 2.3 5.8

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
dell emc_avamar_server 19.2
dell emc_avamar_server 19.3
dell emc_integrated_data_protection_appliance 2.6
dell emc_integrated_data_protection_appliance 2.5
dell emc_avamar_server 19.1
CVE-2020-29495 HIGH

DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS with high privileges. This vulnerability is considered critical as it can be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0
nvd@nist.gov 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,CWE-78,

Products Affected

Vendor Product Version
dell emc_avamar_server 19.2
dell emc_avamar_server 19.3
dell emc_integrated_data_protection_appliance 2.6
dell emc_integrated_data_protection_appliance 2.5
dell emc_avamar_server 19.1
CVE-2020-29496 LOW

Dell Wyse Management Suite versions prior to 3.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with high privileges could exploit this vulnerability to store malicious HTML or JavaScript code while creating the Enduser. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
dell wyse_management_suite *
CVE-2020-29497 LOW

Dell Wyse Management Suite versions prior to 3.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious HTML or JavaScript code under the device tag. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
dell wyse_management_suite *
CVE-2020-29498 MEDIUM

Dell Wyse Management Suite versions prior to 3.1 contain an open redirect vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,CWE-601,

Products Affected

Vendor Product Version
dell wyse_management_suite *
CVE-2020-29499 HIGH

Dell EMC PowerStore versions prior to 1.0.3.0.5.006 contain an OS Command Injection vulnerability in PowerStore X environment . A locally authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS command on the PowerStore underlying OS. Exploiting may lead to a system take over by an attacker.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
dell emc_powerstore *
CVE-2020-29500 MEDIUM

Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-312,CWE-312,

Products Affected

Vendor Product Version
dell emc_powerstore_firmware *
CVE-2020-29501 MEDIUM

Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore X & T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
security_alert@emc.com 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-312,CWE-312,

Products Affected

Vendor Product Version
dell emc_powerstore_firmware *
CVE-2020-29502 MEDIUM

Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore X & T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-312,CWE-312,

Products Affected

Vendor Product Version
dell emc_powerstore_firmware *
CVE-2020-29503 LOW

Dell EMC PowerStore versions prior to 1.0.3.0.5.xxx contain a file permission Vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the information disclosure of certain system directory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6
security_alert@emc.com 4.1 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N 0.5 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-276,CWE-276,

Products Affected

Vendor Product Version
dell emc_powerstore *
CVE-2020-29504

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain a Missing Required Cryptographic Step Vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security_alert@emc.com 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

Products Affected

Vendor Product Version
dell bsafe_micro-edition-suite *
dell bsafe_crypto-c-micro-edition *
CVE-2020-29505 MEDIUM

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain a Key Management Error Vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N 1.8 5.2
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-331,CWE-331,

Products Affected

Vendor Product Version
dell bsafe_micro-edition-suite *
dell bsafe_crypto-c-micro-edition *
oracle retail_customer_insights 16.0.2
oracle retail_customer_insights 15.0.2
CVE-2020-29506 HIGH

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-385,NVD-CWE-Other,

Products Affected

Vendor Product Version
oracle database 19c
oracle http_server 12.2.1.3.0
oracle weblogic_server_proxy_plug-in 12.2.1.4.0
oracle database 12.1.0.2
oracle database 21c
oracle security_service 12.2.1.3.0
oracle security_service 12.2.1.4.0
dell bsafe_micro-edition-suite *
oracle weblogic_server_proxy_plug-in 12.2.1.3.0
dell bsafe_crypto-c-micro-edition *
oracle http_server 12.2.1.4.0
CVE-2020-29507 HIGH

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.4, and Dell BSAFE Micro Edition Suite, versions before 4.4, contain an Improper Input Validation Vulnerability.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
oracle database 19c
oracle http_server 12.2.1.3.0
oracle weblogic_server_proxy_plug-in 12.2.1.4.0
oracle database 12.1.0.2
oracle database 21c
oracle security_service 12.2.1.3.0
oracle security_service 12.2.1.4.0
dell bsafe_micro-edition-suite *
oracle weblogic_server_proxy_plug-in 12.2.1.3.0
dell bsafe_crypto-c-micro-edition *
oracle http_server 12.2.1.4.0
CVE-2020-29508 HIGH

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Improper Input Validation Vulnerability.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-331,CWE-20,

Products Affected

Vendor Product Version
oracle database 19c
oracle http_server 12.2.1.3.0
oracle weblogic_server_proxy_plug-in 12.2.1.4.0
oracle database 12.1.0.2
oracle database 21c
oracle security_service 12.2.1.3.0
oracle security_service 12.2.1.4.0
dell bsafe_micro-edition-suite *
oracle weblogic_server_proxy_plug-in 12.2.1.3.0
dell bsafe_crypto-c-micro-edition *
oracle http_server 12.2.1.4.0
CVE-2020-35163 HIGH

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain a Use of Insufficiently Random Values Vulnerability.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-330,CWE-330,

Products Affected

Vendor Product Version
oracle database 19c
oracle http_server 12.2.1.3.0
oracle weblogic_server_proxy_plug-in 12.2.1.4.0
oracle database 12.1.0.2
oracle database 21c
oracle security_service 12.2.1.3.0
oracle security_service 12.2.1.4.0
dell bsafe_micro-edition-suite *
oracle weblogic_server_proxy_plug-in 12.2.1.3.0
dell bsafe_crypto-c-micro-edition *
oracle http_server 12.2.1.4.0
CVE-2020-35164 HIGH

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 1.4 5.2
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-385,NVD-CWE-Other,

Products Affected

Vendor Product Version
oracle database 19c
oracle http_server 12.2.1.3.0
oracle weblogic_server_proxy_plug-in 12.2.1.4.0
oracle database 12.1.0.2
oracle database 21c
oracle security_service 12.2.1.3.0
oracle security_service 12.2.1.4.0
dell bsafe_micro-edition-suite *
oracle weblogic_server_proxy_plug-in 12.2.1.3.0
dell bsafe_crypto-c-micro-edition *
oracle http_server 12.2.1.4.0
CVE-2020-35165

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.1 MEDIUM CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 1.4 3.6

Products Affected

Vendor Product Version
dell bsafe_micro-edition-suite *
dell bsafe_crypto-c-micro-edition *
CVE-2020-35166 HIGH

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security_alert@emc.com 5.1 MEDIUM CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 1.4 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-385,NVD-CWE-Other,

Products Affected

Vendor Product Version
oracle database 19c
oracle http_server 12.2.1.3.0
oracle weblogic_server_proxy_plug-in 12.2.1.4.0
oracle database 12.1.0.2
oracle database 21c
oracle security_service 12.2.1.3.0
oracle security_service 12.2.1.4.0
dell bsafe_micro-edition-suite *
oracle weblogic_server_proxy_plug-in 12.2.1.3.0
dell bsafe_crypto-c-micro-edition *
oracle http_server 12.2.1.4.0
CVE-2020-35167 HIGH

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.8 MEDIUM CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N 0.4 4.0
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-200,NVD-CWE-Other,

Products Affected

Vendor Product Version
oracle database 19c
oracle http_server 12.2.1.3.0
oracle weblogic_server_proxy_plug-in 12.2.1.4.0
oracle database 12.1.0.2
oracle database 21c
oracle security_service 12.2.1.3.0
oracle security_service 12.2.1.4.0
dell bsafe_micro-edition-suite *
oracle weblogic_server_proxy_plug-in 12.2.1.3.0
dell bsafe_crypto-c-micro-edition *
oracle http_server 12.2.1.4.0
CVE-2020-35168 HIGH

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 1.0 3.6
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-311,NVD-CWE-Other,

Products Affected

Vendor Product Version
oracle database 19c
oracle http_server 12.2.1.3.0
oracle weblogic_server_proxy_plug-in 12.2.1.4.0
oracle database 12.1.0.2
oracle database 21c
oracle security_service 12.2.1.3.0
oracle security_service 12.2.1.4.0
dell bsafe_micro-edition-suite *
oracle weblogic_server_proxy_plug-in 12.2.1.3.0
dell bsafe_crypto-c-micro-edition *
oracle http_server 12.2.1.4.0
CVE-2020-35169 HIGH

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Improper Input Validation Vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-347,CWE-20,

Products Affected

Vendor Product Version
oracle database 19c
oracle http_server 12.2.1.3.0
oracle weblogic_server_proxy_plug-in 12.2.1.4.0
oracle database 12.1.0.2
oracle database 21c
oracle security_service 12.2.1.3.0
oracle security_service 12.2.1.4.0
dell bsafe_micro-edition-suite *
oracle weblogic_server_proxy_plug-in 12.2.1.3.0
dell bsafe_crypto-c-micro-edition *
oracle http_server 12.2.1.4.0
CVE-2020-35170 LOW

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scripting (XSS) vulnerability. An authenticated malicious user may potentially exploit this vulnerability to inject javascript code and affect other authenticated users’ sessions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7
security_alert@emc.com 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2.8 3.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
dell powermax_os 5978.221.221
dell powermax_os 5978.479.479
dell unisphere *
CVE-2020-5315 LOW

Dell EMC Repository Manager (DRM) version 3.2 contains a plain-text password storage vulnerability. Proxy server user password is stored in a plain text in a local database. A local authenticated malicious user with access to the local file system may use the exposed password to access the with privileges of the compromised user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0

CVSS 2.0

Severity: LOW

Problem Type: CWE-256,CWE-522,

Products Affected

Vendor Product Version
dell emc_repository_manager *
CVE-2020-5316 MEDIUM

Dell SupportAssist for Business PCs versions 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3 and Dell SupportAssist for Home PCs version 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3, 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, 3.2.1, 3.2.2, 3.3, 3.3.1, 3.3.2, 3.3.3, 3.4 contain an uncontrolled search path vulnerability. A locally authenticated low privileged user could exploit this vulnerability to cause the loading of arbitrary DLLs by the SupportAssist binaries, resulting in the privileged execution of arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,CWE-427,

Products Affected

Vendor Product Version
dell supportassist_for_business_pcs 2.1.1
dell supportassist_for_home_pcs 2.2.3
dell supportassist_for_home_pcs 2.1.1
dell supportassist_for_home_pcs 3.3.1
dell supportassist_for_business_pcs 2.1.2
dell supportassist_for_business_pcs 2.1.3
dell supportassist_for_business_pcs 2.0.1
dell supportassist_for_home_pcs 2.1.2
dell supportassist_for_home_pcs 3.2.2
dell supportassist_for_home_pcs 2.1.3
dell supportassist_for_home_pcs 3.3.2
dell supportassist_for_home_pcs 3.0.1
dell supportassist_for_home_pcs 3.0.2
dell supportassist_for_home_pcs 2.0.1
dell supportassist_for_home_pcs 2.0.2
dell supportassist_for_home_pcs 2.2.2
dell supportassist_for_home_pcs 2.2.1
dell supportassist_for_business_pcs 2.1
dell supportassist_for_home_pcs 3.1
dell supportassist_for_home_pcs 2.1
dell supportassist_for_home_pcs 3.3
dell supportassist_for_business_pcs 2.0.2
dell supportassist_for_business_pcs 2.0
dell supportassist_for_home_pcs 3.2.1
dell supportassist_for_home_pcs 3.3.3
dell supportassist_for_home_pcs 2.2
dell supportassist_for_home_pcs 3.4
dell supportassist_for_home_pcs 3.0
dell supportassist_for_home_pcs 2.0
dell supportassist_for_home_pcs 3.2
CVE-2020-5317 LOW

Dell EMC ECS versions prior to 3.4.0.1 contain an XSS vulnerability. A remote authenticated malicious user could exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
dell emc_elastic_cloud_storage *
CVE-2020-5318 MEDIUM

Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contain a vulnerability in some configurations. An attacker may exploit this vulnerability to gain access to restricted files. The non-RAN HTTP and WebDAV file-serving components have a vulnerability wherein when either are enabled, and Basic Authentication is enabled for either or both components, files are accessible without authentication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-285,CWE-863,

Products Affected

Vendor Product Version
dell emc_isilon_onefs 8.1.2
dell emc_isilon_onefs 8.1.0.3
dell emc_isilon_onefs 8.1.0.4
dell emc_isilon_onefs 8.0.0.7
CVE-2020-5319 HIGH

Dell EMC Unity, Dell EMC Unity XT, and Dell EMC UnityVSA versions prior to 5.0.2.0.5.009 contain a Denial of Service vulnerability on NAS Server SSH implementation that is used to provide SFTP service on a NAS server. A remote unauthenticated attacker may potentially exploit this vulnerability and cause a Denial of Service (Storage Processor Panic) by sending an out of order SSH protocol sequence.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-129,CWE-129,

Products Affected

Vendor Product Version
dell emc_unityvsa_operating_environment *
dell emc_unity_xt_operating_environment *
dell emc_unity_operating_environment *
CVE-2020-5320 MEDIUM

Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain a SQL injection vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to execute SQL commands to perform unauthorized actions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
security_alert@emc.com 9.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:H 2.3 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,CWE-89,

Products Affected

Vendor Product Version
dell emc_openmanage_enterprise-modular *
dell emc_openmanage_enterprise *
CVE-2020-5321 MEDIUM

Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain an improper input validation vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to spawn tasks with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.6 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H 2.3 4.7
security_alert@emc.com 7.6 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H 2.3 4.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
dell emc_openmanage_enterprise-modular *
dell emc_openmanage_enterprise *
CVE-2020-5322 HIGH

Dell EMC OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain a command injection vulnerability. A remote authenticated malicious user with high privileges could potentially exploit the vulnerability to execute arbitrary shell commands on the affected system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0
security_alert@emc.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
dell emc_openmanage_enterprise-modular *
CVE-2020-5323 MEDIUM

Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain an injection vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability to gain access to sensitive information or cause denial-of-service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 2.8 5.2
security_alert@emc.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L 2.8 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,CWE-74,

Products Affected

Vendor Product Version
dell emc_openmanage_enterprise-modular *
dell emc_openmanage_enterprise *
CVE-2020-5324 LOW

Dell Client Consumer and Commercial Platforms contain an Arbitrary File Overwrite Vulnerability. The vulnerability is limited to the Dell Firmware Update Utility during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged malicious user could exploit this vulnerability by tricking an administrator into overwriting arbitrary files via a symlink attack. The vulnerability does not affect the actual binary payload that the update utility delivers.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N 0.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-427,CWE-59,

Products Affected

Vendor Product Version
dell precision_7540_firmware *
dell latitude_5400_firmware *
dell g7_17_7790_firmware *
dell inspiron_3593_firmware *
dell inspiron_5491_firmware *
dell inspiron_5593_firmware *
dell latitude_7220ex_rugged_extreme_tablet_firmware *
dell vostro_3583_firmware *
dell inspiron_7590_firmware *
dell precision_3540_firmware *
dell latitude_7200_firmware *
dell latitude_7490_firmware *
dell inspiron_3493_firmware *
dell inspiron_7386_firmware *
dell vostro_3480_firmware *
dell vostro_3590_firmware *
dell inspiron_7380_firmware *
dell vostro_5481_firmware *
dell latitude_3390_firmware *
dell latitude_3490_firmware *
dell latitude_7290_firmware *
dell latitude_5300_firmware *
dell inspiron_7591_firmware *
dell inspiron_5582_firmware *
dell g5_15_5590_firmware *
dell inspiron_3583_firmware *
dell inspiron_5482_firmware *
dell vostro_5391_firmware *
dell precision_3541_firmware *
dell g3_3579_firmware *
dell g7_15_7590_firmware *
dell inspiron_7586_firmware *
dell inspiron_3590_firmware *
dell vostro_15_7580_firmware *
dell precision_5530_firmware *
dell latitude_3500_firmware *
dell latitude_5491_firmware *
dell g5_5090_firmware *
dell inspiron_5390_firmware *
dell inspiron_3781_firmware *
dell vostro_5581_firmware *
dell vostro_3481_firmware *
dell inspiron_14_5490_firmware *
dell inspiron_3581_firmware *
dell vostro_3490_firmware *
dell inspiron_5583_firmware *
dell inspiron_3780_firmware *
dell inspiron_5590_firmware *
dell vostro_3580_firmware *
dell precision_5540_firmware *
dell wyse_5070_thin_client_firmware *
dell precision_7730_firmware *
dell vostro_5590_firmware *
dell vostro_5390_firmware *
dell latitude_5490_firmware *
dell inspiron_7390_firmware *
dell g7_7588_firmware *
dell inspiron_5598_firmware *
dell inspiron_7791_firmware *
dell precision_7530_firmware *
dell latitude_7400_firmware *
dell wyse_5470_firmware *
dell inspiron_7580_firmware *
dell inspiron_7490_firmware *
dell latitude_3311_firmware *
dell vostro_3581_firmware *
dell inspiron_5481_firmware *
dell latitude_5591_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell vostro_7590_firmware *
dell inspiron_3580_firmware *
dell latitude_3590_firmware *
dell g3_3779_firmware *
dell latitude_3400_firmware *
dell inspiron_5584_firmware *
dell latitude_5420_rugged_firmware *
dell latitude_3300_firmware *
dell latitude_5500_firmware *
dell precision_7740_firmware *
dell g5_5587_firmware *
dell inspiron_5494_firmware *
dell inspiron_5391_firmware *
dell precision_3530_firmware *
dell inspiron_5493_firmware *
dell xps_15_9575_firmware *
dell inspiron_5580_firmware *
dell inspiron_3480_firmware *
dell latitude_5590_firmware *
dell inspiron_5594_firmware *
dell latitude_5501_firmware *
dell inspiron_7786_firmware *
dell latitude_7300_firmware *
dell xps_13_9380_firmware *
dell inspiron_7391_firmware *
dell latitude_7390_firmware *
dell vostro_3584_firmware *
dell inspiron_3790_firmware *
dell inspiron_3584_firmware *
dell latitude_5401_firmware *
dell latitude_7220_rugged_extreme_tablet_firmware *
dell g3_15_3590_firmware *
dell inspiron_3481_firmware *
dell inspiron_5498_firmware *
dell xps_15_9570_firmware *
dell inspiron_3793_firmware *
dell inspiron_5480_firmware *
dell vostro_5490_firmware *
dell inspiron_5591_firmware *
dell latitude_5290_firmware *
dell latitude_5424_rugged_firmware *
dell xps_15_7590_firmware *
dell inspiron_3490_firmware *
dell latitude_3301_firmware *
CVE-2020-5326 LOW

Affected Dell Client platforms contain a BIOS Setup configuration authentication bypass vulnerability in the pre-boot Intel Rapid Storage Response Technology (iRST) Manager menu. An attacker with physical access to the system could perform unauthorized changes to the BIOS Setup configuration settings without requiring the BIOS Admin password by selecting the Optimized Defaults option in the pre-boot iRST Manager.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.1 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:H 0.9 4.7
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N 0.9 4.0

CVSS 2.0

Severity: LOW

Problem Type: CWE-306,CWE-306,

Products Affected

Vendor Product Version
dell optiplex_7760_firmware *
dell precision_7540_firmware *
dell latitude_5289_firmware *
dell latitude_5400_firmware *
dell optiplex_7440_firmware *
dell optiplex_7770_firmware *
dell xps_27_7760_firmware *
dell latitude_7370_firmware *
dell latitude_5280_firmware *
dell precision_5810_firmware *
dell optiplex_7060_firmware *
dell vostro_5471_firmware *
dell inspiron_15_7572_firmware *
dell latitude_e7470_firmware *
dell inspiron_7472_firmware *
dell vostro_3583_firmware *
dell inspiron_7590_firmware *
dell precision_3540_firmware *
dell precision_3620_firmware *
dell latitude_7490_firmware *
dell optiplex_7040_firmware *
dell precision_3520_firmware *
dell inspiron_7386_firmware *
dell vostro_3480_firmware *
dell inspiron_14_gaming_7466_firmware *
dell latitude_3480_firmware *
dell latitude_3580_firmware *
dell precision_3420_firmware *
dell inspiron_7380_firmware *
dell vostro_5481_firmware *
dell latitude_7480_firmware *
dell latitude_7214_firmware *
dell latitude_7280_firmware *
dell latitude_3490_firmware *
dell optiplex_5250_firmware *
dell inspiron_15_gaming_7567_firmware *
dell latitude_7290_firmware *
dell latitude_5300_firmware *
dell xps_15_9560_firmware *
dell inspiron_3670_firmware *
dell inspiron_7591_firmware *
dell xps_12_9250_firmware *
dell inspiron_5582_firmware *
dell optiplex_5270_firmware *
dell latitude_7202_firmware *
dell inspiron_3583_firmware *
dell inspiron_5482_firmware *
dell latitude_e5270_firmware *
dell wyse_7040_firmware *
dell precision_3541_firmware *
dell inspiron_5488_firmware *
dell optiplex_5060_firmware *
dell precision_5820_firmware *
dell g3_3579_firmware *
dell latitude_5480_firmware *
dell xps_15_9550_firmware *
dell precision_3430_firmware *
dell precision_3630_firmware *
dell inspiron_5370_firmware *
dell inspiron_7586_firmware *
dell precision_7720_firmware *
dell vostro_15_7570_firmware *
dell precision_5530_firmware *
dell vostro_3070_firmware *
dell optiplex_3050_firmware *
dell precision_3510_firmware *
dell latitude_5491_firmware *
dell inspiron_3781_firmware *
dell inspiron_14_gaming_7467_firmware *
dell optiplex_3060_firmware *
dell optiplex_5050_firmware *
dell vostro_5581_firmware *
dell optiplex_3240_firmware *
dell vostro_3481_firmware *
dell inspiron_3581_firmware *
dell latitude_7414_firmware *
dell optiplex_xe3_firmware *
dell inspiron_3780_firmware *
dell precision_7820_firmware *
dell latitude_7389_firmware *
dell precision_7510_firmware *
dell chengming_3980_firmware *
dell precision_3431_firmware *
dell vostro_3580_firmware *
dell embedded_box_pc_5000_firmware *
dell latitude_7285_firmware *
dell precision_3930_firmware *
dell precision_7730_firmware *
dell precision_5720_firmware *
dell xps_13_9343_firmware *
dell precision_7710_firmware *
dell latitude_5490_firmware *
dell latitude_5580_firmware *
dell g7_7588_firmware *
dell g7_7790_firmware *
dell optiplex_3070_firmware *
dell precision_7810_firmware *
dell precision_7530_firmware *
dell latitude_7380_firmware *
dell precision_5520_firmware *
dell latitude_7400_firmware *
dell inspiron_7580_firmware *
dell precision_7920_firmware *
dell latitude_5414_firmware *
dell vostro_3581_firmware *
dell inspiron_5481_firmware *
dell latitude_5175_firmware *
dell latitude_5591_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell vostro_7590_firmware *
dell xps_13_9360_firmware *
dell inspiron_3580_firmware *
dell latitude_3590_firmware *
dell optiplex_3040_firmware *
dell precision_7520_firmware *
dell inspiron_15_gaming_7566_firmware *
dell optiplex_7460_firmware *
dell g3_3779_firmware *
dell g5_5590_firmware *
dell optiplex_7070_firmware *
dell latitude_5420_rugged_firmware *
dell latitude_5288_firmware *
dell latitude_3300_firmware *
dell latitude_5500_firmware *
dell latitude_5488_firmware *
dell precision_7740_firmware *
dell latitude_3460_firmware *
dell g5_5587_firmware *
dell optiplex_5070_firmware *
dell precision_3530_firmware *
dell latitude_7275_firmware *
dell vostro_3470_firmware *
dell xps_15_9575_firmware *
dell inspiron_5580_firmware *
dell inspiron_3480_firmware *
dell latitude_5590_firmware *
dell wyse_5070_firmware *
dell latitude_5501_firmware *
dell optiplex_7050_firmware *
dell inspiron_7786_firmware *
dell latitude_7300_firmware *
dell xps_13_9380_firmware *
dell latitude_7390_firmware *
dell latitude_7212_firmware *
dell latitude_5179_firmware *
dell vostro_3584_firmware *
dell xps_8900_firmware *
dell vostro_3670_firmware *
dell optiplex_7450_firmware *
dell optiplex_3046_firmware *
dell optiplex_5040_firmware *
dell inspiron_3584_firmware *
dell inspiron_15_gaming_7577_firmware *
dell latitude_5401_firmware *
dell g3_3590_firmware *
dell vostro_5370_firmware *
dell inspiron_5570_firmware *
dell inspiron_5770_firmware *
dell latitude_e5570_firmware *
dell precision_5510_firmware *
dell inspiron_3481_firmware *
dell latitude_e5470_firmware *
dell xps_15_9570_firmware *
dell inspiron_5480_firmware *
dell vostro_7580_firmware *
dell optiplex_5260_firmware *
dell latitude_5290_firmware *
dell latitude_5424_rugged_firmware *
dell precision_7910_firmware *
dell g7_7590_firmware *
dell latitude_e7270_firmware *
dell optiplex_7470_firmware *
dell inspiron_3470_firmware *
dell xps_13_9350_firmware *
CVE-2020-5327 HIGH

Dell Security Management Server versions prior to 10.2.10 contain a Java RMI Deserialization of Untrusted Data vulnerability. When the server is exposed to the internet and Windows Firewall is disabled, a remote unauthenticated attacker may exploit this vulnerability by sending a crafted RMI request to execute arbitrary code on the target host.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security_alert@emc.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
dell security_management_server *
CVE-2020-5328 HIGH

Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of thorough authorization checks when SyncIQ is licensed, but encrypted syncs are not marked as required. When this happens, loss of control of the cluster can occur.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security_alert@emc.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,CWE-306,

Products Affected

Vendor Product Version
dell emc_isilon_onefs *
CVE-2020-5329 MEDIUM

Dell EMC Avamar Server contains an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,CWE-601,

Products Affected

Vendor Product Version
dell emc_avamar_server 7.3.1
dell emc_avamar_server 7.4.1
CVE-2020-5330 MEDIUM

Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell EMC Networking PC5500 firmware versions 4.1.0.22 and older and Dell EMC PowerEdge VRTX Switch Modules firmware versions 2.0.0.77 and older contain an information disclosure vulnerability. A remote unauthenticated attacker could exploit this vulnerability to retrieve sensitive data by sending a specially crafted request to the affected endpoints.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
dell r1-2210_firmware *
dell pc5500_firmware *
dell r1-2401_firmware *
dell x4012_firmware *
dell x1000_firmware *
CVE-2020-5341 HIGH

Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1 and 19.2 and Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 and 2.4.1 contain a Deserialization of Untrusted Data Vulnerability. A remote unauthenticated attacker could exploit this vulnerability to send a serialized payload that would execute code on the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
dell emc_avamar_server 19.2
dell emc_integrated_data_protection_appliance_firmware 2.2
dell emc_avamar_server 18.2
dell emc_avamar_server 18.1
dell emc_avamar_server 7.4.1
dell emc_integrated_data_protection_appliance_firmware 2.4
dell emc_integrated_data_protection_appliance_firmware 2.0
dell emc_avamar_server 19.1
dell emc_integrated_data_protection_appliance_firmware 2.1
dell emc_avamar_server 7.5.0
dell emc_avamar_server 7.5.1
dell emc_integrated_data_protection_appliance_firmware 2.3
dell emc_integrated_data_protection_appliance_firmware 2.4.1
CVE-2020-5342 HIGH

Dell Digital Delivery versions prior to 3.5.2015 contain an incorrect default permissions vulnerability. A locally authenticated low-privileged malicious user could exploit this vulnerability to run an arbitrary executable with administrative privileges on the affected system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-276,CWE-276,

Products Affected

Vendor Product Version
dell digital_delivery *
CVE-2020-5343 HIGH

Dell Client platforms restored using a Dell OS recovery image downloaded before December 20, 2019, may contain an insecure inherited permissions vulnerability. A local authenticated malicious user with low privileges could exploit this vulnerability to gain unauthorized access on the root folder.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-277,CWE-863,

Products Affected

Vendor Product Version
dell os_recovery_image_for_microsoft_windows_10 *
CVE-2020-5344 HIGH

Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security_alert@emc.com 7.0 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H 2.2 4.7

CVSS 2.0

Severity: HIGH

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
dell idrac9_firmware *
dell idrac7_firmware *
dell idrac8_firmware *
CVE-2020-5345 MEDIUM

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an authorization bypass vulnerability. An authenticated malicious user may potentially execute commands to alter or stop database statistics.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L 2.8 2.5
security_alert@emc.com 6.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L 3.1 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-602,CWE-862,

Products Affected

Vendor Product Version
dell emc_unisphere_for_powermax *
dell emc_unisphere_for_powermax_virtual_appliance *
dell powermax_os 5978
CVE-2020-5347 MEDIUM

Dell EMC Isilon OneFS versions 8.2.2 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing other SmartConnect DNS responses.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
dell emc_isilon_onefs *
CVE-2020-5348 HIGH

Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a UAF vulnerability in EFI_BOOT_SERVICES in system management mode. A local unauthenticated attacker may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in system management mode.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,CWE-416,

Products Affected

Vendor Product Version
dell latitude_7202_firmware *
CVE-2020-5349 HIGH

Dell EMC Networking S4100 and S5200 Series Switches manufactured prior to February 2020 contain a hardcoded credential vulnerability. A remote unauthenticated malicious user could exploit this vulnerability and gain administrative privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security_alert@emc.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,CWE-798,

Products Affected

Vendor Product Version
dell emc_powerswitch_s4148f-on -
dell emc_powerswitch_s4148t-on -
dell emc_powerswitch_s4112t-on -
dell emc_powerswitch_s4128t-on -
dell emc_powerswitch_s5212f-on *
dell emc_powerswitch_s5232f-on -
dell emc_powerswitch_s5296f-on -
dell emc_powerswitch_s4148fe-on -
dell emc_powerswitch_s4112f-on -
dell emc_powerswitch_s5248f-on -
dell emc_powerswitch_s4128f-on -
dell emc_powerswitch_s5224f-on -
dell emc_powerswitch_s4148u-on -
CVE-2020-5350 HIGH

Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileges could inject parameters in the ACM component APIs that could lead to manipulation of passwords and execution of malicious commands on ACM component.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.9 HIGH CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:H 1.3 6.0
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
dell emc_integrated_data_protection_appliance 2.1
dell emc_integrated_data_protection_appliance 2.4
dell emc_integrated_data_protection_appliance 2.0
dell emc_integrated_data_protection_appliance 2.3
dell emc_integrated_data_protection_appliance 2.2
CVE-2020-5351 MEDIUM

Dell EMC Data Protection Advisor versions 6.4, 6.5 and 18.1 contain an undocumented account with limited privileges that is protected with a hard-coded password. A remote unauthenticated malicious user with the knowledge of the hard-coded password may login to the system and gain read-only privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-259,NVD-CWE-Other,

Products Affected

Vendor Product Version
dell emc_data_protection_advisor 6.4
dell emc_data_protection_advisor 18.1
dell emc_data_protection_advisor 6.5
CVE-2020-5352 HIGH

Dell EMC Data Protection Advisor 6.4, 6.5 and 18.1 contain an OS command injection vulnerability. A remote authenticated malicious user may exploit this vulnerability to execute arbitrary commands on the affected system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
dell emc_data_protection_advisor 6.4
dell emc_data_protection_advisor 18.1
dell emc_data_protection_advisor 6.5
CVE-2020-5353 HIGH

The Dell Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 default configuration for Network File System (NFS) allows access to an 'admin' home directory. An attacker may leverage a spoofed Unique Identifier (UID) over NFS to rewrite sensitive files to gain administrative access to the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-276,CWE-276,

Products Affected

Vendor Product Version
dell emc_isilon_onefs *
dell emc_powerscale_onefs 9.0.0
CVE-2020-5355

The Dell Isilon OneFS versions 8.2.2 and earlier SSHD process improperly allows Transmission Control Protocol (TCP) and stream forwarding. This provides the remotesupport user and users with restricted shells more access than is intended.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4
security_alert@emc.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
dell emc_isilon_onefs *
CVE-2020-5356 MEDIUM

Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an improper authorization vulnerability. A remote authenticated malicious user may download any file from the affected PowerProtect virtual machines.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
security_alert@emc.com 7.7 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 3.1 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-285,CWE-552,

Products Affected

Vendor Product Version
dell powerprotect_data_manager *
dell powerprotect_x400_firmware *
CVE-2020-5357 LOW

Dell Dock Firmware Update Utilities for Dell Client Consumer and Commercial docking stations contain an Arbitrary File Overwrite vulnerability. The vulnerability is limited to the Dell Dock Firmware Update Utilities during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged malicious user could exploit this vulnerability by tricking an administrator into overwriting arbitrary files via a symlink attack. The vulnerability does not affect the actual binary payload that the update utility delivers.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2
nvd@nist.gov 6.0 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H 0.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-427,CWE-427,

Products Affected

Vendor Product Version
dell thunderbolt_dock_tb16_firmware *
dell dock_wd15_firmware *
dell precision_dual_usb-c_thunderbolt_dock_-_tb18dc_firmware *
dell dock_wd19_firmware *
CVE-2020-5358 HIGH

Dell Encryption versions prior to 10.7 and Dell Endpoint Security Suite versions prior to 2.7 contain a privilege escalation vulnerability due to incorrect permissions. A local malicious user with low privileges could potentially exploit this vulnerability to gain elevated privilege on the affected system with the help of a symbolic link.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-732,CWE-732,

Products Affected

Vendor Product Version
dell endpoint_security_suite_enterprise *
dell encryption *
CVE-2020-5359 MEDIUM

Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to an Unchecked Return Value Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to modify and corrupt the encrypted data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N 3.9 1.4
security_alert@emc.com 5.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-544,CWE-252,

Products Affected

Vendor Product Version
oracle database 12.2.0.1
oracle database 19c
oracle database 18c
oracle weblogic_server_proxy_plug-in 12.2.1.4.0
oracle database 12.1.0.2
oracle weblogic_server_proxy_plug-in 11.1.1.9.0
dell bsafe_micro-edition-suite *
oracle weblogic_server_proxy_plug-in 12.2.1.3.0
CVE-2020-5360 MEDIUM

Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to a Buffer Under-Read Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability resulting in undefined behaviour, or a crash of the affected systems.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-127,CWE-125,

Products Affected

Vendor Product Version
oracle database 12.2.0.1
oracle weblogic_server_proxy_plug-in 11.1.1.9.0
oracle http_server 11.1.1.9.0
oracle security_service 11.1.1.9.0
oracle http_server 12.1.3.0
oracle database 19c
oracle database 18c
oracle weblogic_server_proxy_plug-in 12.1.3.0
oracle weblogic_server_proxy_plug-in 12.2.1.4.0
oracle database 12.1.0.2
oracle security_service 12.2.1.4.0
oracle security_service 12.1.3.0
dell bsafe_micro-edition-suite *
oracle http_server 12.2.1.4.0
CVE-2020-5361 HIGH

Select Dell Client Commercial and Consumer platforms support a BIOS password reset capability that is designed to assist authorized customers who forget their passwords. Dell is aware of unauthorized password generation tools that can generate BIOS recovery passwords. The tools, which are not authorized by Dell, can be used by a physically present attacker to reset BIOS passwords and BIOS-managed Hard Disk Drive (HDD) passwords. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to bypass security restrictions for BIOS Setup configuration, HDD access and BIOS pre-boot authentication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.1 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L 0.9 3.7
nvd@nist.gov 7.6 HIGH CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 0.9 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-640,CWE-640,

Products Affected

Vendor Product Version
dell cpg_bios *
CVE-2020-5362 LOW

Dell Client Consumer and Commercial platforms include an improper authorization vulnerability in the Dell Manageability interface for which an unauthorized actor, with local system access with OS administrator privileges, could bypass the BIOS Administrator authentication to restore BIOS Setup configuration to default values.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:H 1.8 4.7
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N 0.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-285,CWE-862,

Products Affected

Vendor Product Version
dell inspiron_5591_2-in-1_firmware *
dell latitude_5289_firmware *
dell inspiron_14_3468_firmware *
dell chengming_3988_firmware *
dell latitude_7370_firmware *
dell inspiron_17_5767_firmware *
dell xps_15_2-in-1_9575_firmware *
dell inspiron_5459_firmware *
dell latitude_5280_firmware *
dell latitude_5550_firmware *
dell latitude_7214_rugged_extreme_firmware *
dell inspiron_3593_firmware *
dell inspiron_5593_firmware *
dell latitude_e7470_firmware *
dell vostro_3559_firmware *
dell inspiron_7590_firmware *
dell latitude_3410_firmware *
dell optiplex_5270_aio_firmware *
dell inspiron_5400_2_in1_firmware *
dell latitude_7390_2-in-1_firmware *
dell chengming_3967_firmware *
dell latitude_7490_firmware *
dell optiplex_7040_firmware *
dell inspiron_3493_firmware *
dell precision_3520_firmware *
dell inspiron_13_2-in-1_7353_firmware *
dell inspiron_7386_firmware *
dell latitude_3480_firmware *
dell latitude_3580_firmware *
dell latitude_3310_2-in-1_firmware *
dell inspiron_15_2-in-1_5578_firmware *
dell vostro_3590_firmware *
dell chengming_3977_firmware *
dell inspiron_7380_firmware *
dell vostro_5481_firmware *
dell latitude_5285_firmware *
dell latitude_3570_firmware *
dell latitude_7480_firmware *
dell vostro_15_3568_firmware *
dell latitude_3490_firmware *
dell optiplex_5250_firmware *
dell vostro_3591_firmware *
dell xps_15_9560_firmware *
dell optiplex_aio_7770_firmware *
dell precision_3630_tower_firmware *
dell latitude_7210_2_in_1_firmware *
dell precision_7820_tower_firmware *
dell inspiron_7591_firmware *
dell xps_12_9250_firmware *
dell inspiron_5582_firmware *
dell inspiron_13_2-in-1_5378_firmware *
dell g5_15_5590_firmware *
dell latitude_e7250_firmware *
dell latitude_5410_firmware *
dell vostro_5391_firmware *
dell optiplex_7460_aio_firmware *
dell latitude_9510_firmware *
dell optiplex_3050_aio_firmware *
dell optiplex_5060_firmware *
dell g7_15_7590_firmware *
dell precision_3430_firmware *
dell precision_5530_2-in_1_firmware *
dell inspiron_15-3552_firmware *
dell inspiron_5370_firmware *
dell latitude_9410_firmware *
dell vostro_15_7580_firmware *
dell latitude_e5450_firmware *
dell optiplex_3240_aio_firmware *
dell precision_5530_firmware *
dell inspiron_13_7370_firmware *
dell vostro_3070_firmware *
dell inspiron_5300_firmware *
dell optiplex_3050_firmware *
dell vostro_15_3578_firmware *
dell latitude_5411_firmware *
dell precision_3510_firmware *
dell latitude_5491_firmware *
dell g5_5090_firmware *
dell inspiron_13_2-in-1_7359_firmware *
dell inspiron_3781_firmware *
dell precision_5820_tower_firmware *
dell optiplex_3060_firmware *
dell vostro_5581_firmware *
dell inspiron_5457_firmware *
dell inspiron_3581_firmware *
dell optiplex_xe3_firmware *
dell precision_7820_firmware *
dell inspiron_15_2-in-1_5568_firmware *
dell latitude_7389_firmware *
dell vostro_3458_firmware *
dell inspiron_5590_firmware *
dell xps_13_2-in-1_9365_firmware *
dell vostro_3580_firmware *
dell precision_5540_firmware *
dell precision_tower_3431_small_form_factor_firmware *
dell embedded_box_pc_5000_firmware *
dell latitude_7285_firmware *
dell wyse_5070_thin_client_firmware *
dell precision_7730_firmware *
dell inspiron_7501_firmware *
dell optiplex_7071_tower_firmware *
dell latitude_7414_rugged_firmware *
dell vostro_5390_firmware *
dell latitude_5490_firmware *
dell precision_5720_aio_firmware *
dell inspiron_14_3473_firmware *
dell inspiron_3880_firmware *
dell vostro_3881_firmware *
dell inspiron_15_5567_firmware *
dell latitude_7380_firmware *
dell optiplex_5080_firmware *
dell inspiron_7580_firmware *
dell inspiron_7490_firmware *
dell inspiron_15_7570_firmware *
dell latitude_5175_firmware *
dell precision_3551_firmware *
dell xps_13_9360_firmware *
dell latitude_3470_firmware *
dell inspiron_3576_firmware *
dell inspiron_15_gaming_7566_firmware *
dell g3_3779_firmware *
dell inspiron_13_2-in-1_7378_firmware *
dell precision_3620_tower_firmware *
dell inspiron_15_2-in-1_5579_firmware *
dell optiplex_7070_firmware *
dell latitude_5288_firmware *
dell latitude_3300_firmware *
dell vostro_3667_firmware *
dell g5_5587_firmware *
dell inspiron_5494_firmware *
dell latitude_e5250_firmware *
dell inspiron_17_2-in-1_7773_firmware *
dell inspiron_7391_2_in_1_firmware *
dell optiplex_5070_firmware *
dell vostro_3470_firmware *
dell inspiron_5493_firmware *
dell inspiron_3480_firmware *
dell latitude_7212_rugged_extreme_tablet_firmware *
dell wyse_5470_all-in-one_firmware *
dell xps_13_9380_firmware *
dell inspiron_7500_2_in_1_firmware -
dell precision_3420_tower_firmware *
dell latitude_7390_firmware *
dell vostro_5300_firmware *
dell inspiron_15_3567_firmware *
dell latitude_5179_firmware *
dell inspiron_3790_firmware *
dell vostro_3670_firmware *
dell inspiron_5490_aio_firmware *
dell optiplex_3046_firmware *
dell optiplex_5040_firmware *
dell inspiron_3671_firmware *
dell inspiron_14_3467_firmware *
dell optiplex_7080_firmware *
dell inspiron_15_gaming_7577_firmware *
dell vostro_3888_firmware *
dell inspiron_15_5566_firmware *
dell optiplex_5480_aio_firmware *
dell xps_7380_firmware *
dell inspiron_5770_firmware *
dell latitude_e5570_firmware *
dell xps_15_9570_firmware *
dell inspiron_3793_firmware *
dell inspiron_15_3568_firmware *
dell inspiron_3668_firmware *
dell inspiron_5480_firmware *
dell g3_15_3500_firmware *
dell latitude_3190_firmware *
dell latitude_5290_firmware *
dell chengming_3991_firmware *
dell xps_13_9300_firmware *
dell latitude_5424_rugged_firmware *
dell precision_5550_firmware *
dell inspiron_14_7460_firmware *
dell latitude_5300_2-in-1_firmware *
dell xps_15_7500_firmware *
dell latitude_3510_firmware *
dell insprion_5491_aio_firmware *
dell latitude_3560_firmware *
dell vostro_5880_firmware *
dell latitude_e7270_firmware *
dell inspiron_5491_2_in_1_firmware *
dell inspiron_3470_firmware *
dell inspiron_15_2-in-1_7579_firmware *
dell latitude_3480_mobile_thin_client_firmware *
dell latitude_5310_firmware *
dell g7_17_7790_firmware *
dell optiplex_7060_firmware *
dell vostro_5471_firmware *
dell vostro_3459_firmware *
dell inspiron_15_7572_firmware *
dell xps_13_9370_firmware *
dell inspiron_7472_firmware *
dell vostro_3268_firmware *
dell inspiron_7591_2_in_1_firmware *
dell inspiron_5759_firmware *
dell vostro_3583_firmware *
dell latitude_5510_firmware *
dell vostro_3471_firmware *
dell latitude_3379_firmware *
dell vostro_14_5468_firmware *
dell inspiron_14_3458_firmware *
dell inspiron_15_3559_firmware *
dell inspiron_13_2-in-1_5368_firmware *
dell vostro_3480_firmware *
dell inspiron_14_gaming_7466_firmware *
dell inspiron_13_2-in-1_5379_firmware *
dell latitude_5250_firmware *
dell latitude_7280_firmware *
dell inspiron_11_2-in-1_3158_firmware *
dell inspiron_15_gaming_7567_firmware *
dell latitude_7290_firmware *
dell optiplex_3280_aio_firmware *
dell precision_7920_tower_firmware *
dell inspiron_5557_firmware *
dell vostro_3491_firmware *
dell inspiron_3670_firmware *
dell inspiron_7390_2_in_1_firmware *
dell optiplex_7440_aio_firmware *
dell inspiron_3471_firmware *
dell inspiron_3583_firmware *
dell inspiron_5482_firmware *
dell latitude_e5270_firmware *
dell latitude_3190_2-in-1_firmware *
dell precision_3541_firmware *
dell latitude_5414_rugged_firmware *
dell latitude_3380_firmware *
dell latitude_e5550_firmware *
dell inspiron_3476_firmware *
dell g3_3579_firmware *
dell latitude_5480_firmware *
dell inspiron_15_2-in-1_7568_firmware *
dell inspiron_7586_firmware *
dell vostro_3660_firmware *
dell inspiron_3590_firmware *
dell inspiron_13_2-in-1_7368_firmware *
dell precision_7720_firmware *
dell vostro_15_7570_firmware *
dell latitude_3350_firmware *
dell latitude_5280_mobile_thin_client_firmware *
dell inspiron_14_5468_firmware *
dell latitude_3500_firmware *
dell vostro_3267_firmware *
dell inspiron_5390_firmware *
dell inspiron_14_gaming_7467_firmware *
dell optiplex_5050_firmware *
dell vostro_3481_firmware *
dell inspiron_14_5490_firmware *
dell inspiron_7590_2_in_1_firmware *
dell vostro_3490_firmware *
dell inspiron_5583_firmware *
dell inspiron_3780_firmware *
dell latitude_5290_2-in-1_firmware *
dell vostro_3671_firmware *
dell precision_3440_firmware *
dell inspiron_14_3459_firmware *
dell precision_7510_firmware *
dell chengming_3980_firmware *
dell inspiron_15_2-in-1_7573_firmware *
dell xps_27_aio_7760_firmware *
dell precision_3640_tower_firmware *
dell inspiron_5559_firmware *
dell xps_7390_2-in-1_firmware *
dell latitude_7310_firmware *
dell latitude_5310_2_in_1_firmware *
dell vostro_5590_firmware *
dell precision_7710_firmware *
dell inspiron_17_2-in-1_7779_firmware *
dell latitude_5580_firmware *
dell vostro_15_5568_firmware *
dell latitude_7410_firmware *
dell g7_7588_firmware *
dell inspiron_5598_firmware *
dell inspiron_7300_2_in_1_firmware *
dell optiplex_3070_firmware *
dell latitude_3189_firmware *
dell precision_7530_firmware *
dell vostro_3681_firmware *
dell precision_5520_firmware *
dell inspiron_17_2-in-1_7778_firmware *
dell wyse_5470_firmware *
dell precision_7920_firmware *
dell optiplex_7780_aio_firmware *
dell vostro_3581_firmware *
dell inspiron_5481_firmware *
dell latitude_5591_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell vostro_7500_firmware *
dell vostro_7590_firmware *
dell inspiron_3580_firmware *
dell latitude_3590_firmware *
dell optiplex_3040_firmware *
dell precision_7520_firmware *
dell latitude_3400_firmware *
dell latitude_3180_firmware *
dell inspiron_5584_firmware *
dell optiplex_7760_aio_firmware *
dell g5_15_5500_firmware *
dell latitude_3390_2-in-1_firmware *
dell latitude_5420_rugged_firmware *
dell vostro_14_3478_firmware *
dell latitude_5488_firmware *
dell latitude_3460_firmware *
dell vostro_3558_firmware *
dell latitude_5511_firmware *
dell inspiron_5391_firmware *
dell precision_3530_firmware *
dell latitude_7275_firmware *
dell inspiron_5580_firmware *
dell latitude_7250_firmware *
dell latitude_7350_firmware *
dell latitude_5590_firmware *
dell inspiron_5594_firmware *
dell optiplex_7050_firmware *
dell chengming_3990_firmware *
dell inspiron_7786_firmware *
dell inspiron_3268_firmware *
dell inspiron_7391_firmware *
dell wyse_7040_thin_client_firmware *
dell vostro_3668_firmware *
dell vostro_3584_firmware *
dell inspiron_3881_firmware *
dell latitude_3460_mobile_thin_client_firmware *
dell xps_8900_firmware *
dell vostro_5090_firmware *
dell optiplex_7450_firmware *
dell optiplex_7480_aio_firmware *
dell inspiron_3584_firmware *
dell inspiron_7790_aio_firmware *
dell inspiron_7500_firmware *
dell vostro_5370_firmware *
dell g3_15_3590_firmware *
dell inspiron_11_2-in-1_3153_firmware *
dell latitude_e7450_firmware *
dell inspiron_5570_firmware *
dell latitude_5450_firmware *
dell vostro_3669_firmware *
dell precision_3550_firmware *
dell precision_5510_firmware *
dell inspiron_3481_firmware *
dell latitude_e5470_firmware *
dell inspiron_5498_firmware *
dell vostro_5490_firmware *
dell precision_3930_rack_firmware *
dell latitude_e7270_mobile_thin_client_firmware *
dell optiplex_aio_7470_firmware *
dell optiplex_5260_aio_firmware *
dell inspiron_3490_firmware *
dell latitude_3310_firmware *
dell latitude_3301_firmware *
dell inspiron_15_2-in-1_7569_firmware *
dell inspiron_13_2-in-1_7373_firmware *
dell inspiron_15_7560_firmware *
dell vostro_14_3468_firmware *
CVE-2020-5363 HIGH

Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell's manageability interface without knowledge of the current BIOS Admin password. This could potentially allow an unauthorized actor, with physical access and/or OS administrator privileges to the device, to gain privileged access to the platform and the hard drive.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.6 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 1.8 6.0
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-158,NVD-CWE-Other,

Products Affected

Vendor Product Version
dell precision_7540_firmware *
dell xps_7390_2-in-1_firmware *
dell latitude_5400_firmware *
dell xps_7590_firmware *
dell precision_3541_firmware *
dell latitude_5501_firmware *
dell latitude_7300_firmware *
dell latitude_7200_2_in_1_firmware *
dell xps_13_9300_firmware *
dell latitude_7220ex_rugged_extreme_tablet_firmware *
dell latitude_5300_2-in-1_firmware *
dell precision_3540_firmware *
dell latitude_5300_firmware *
dell latitude_5500_firmware *
dell precision_7740_firmware *
dell latitude_7400_firmware *
dell latitude_7220_firmware *
dell latitude_5401_firmware *
CVE-2020-5364 MEDIUM

Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vulnerability. The SNMPv2 services is enabled, by default, with a pre-configured community string. This community string allows read-only access to many aspects of the Isilon cluster, some of which are considered sensitive and can foster additional access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
security_alert@emc.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-201,CWE-200,

Products Affected

Vendor Product Version
dell emc_isilon_onefs *
CVE-2020-5365 MEDIUM

Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vulnerability. The pre-configured support account, remotesupport, is bundled in the Dell EMC Isilon OneFS installation. This account is used for diagnostics and other support functions. Although the default password is different for every cluster, it is predictable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
security_alert@emc.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-341,CWE-330,

Products Affected

Vendor Product Version
dell emc_isilon_onefs *
CVE-2020-5366 MEDIUM

Dell EMC iDRAC9 versions prior to 4.20.20.20 contain a Path Traversal Vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability by manipulating input parameters to gain unauthorized read access to the arbitrary files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
security_alert@emc.com 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L 2.8 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
dell idrac9_firmware *
CVE-2020-5367 MEDIUM

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an improper certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim's data in transit.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.4 HIGH CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 1.4 5.9
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,CWE-295,

Products Affected

Vendor Product Version
dell emc_unisphere_for_powermax *
dell emc_unisphere_for_powermax_virtual_appliance *
dell powermax_os 5978
CVE-2020-5368 MEDIUM

Dell EMC VxRail versions 4.7.410 and 4.7.411 contain an improper authentication vulnerability. A remote unauthenticated attacker may exploit this vulnerability to obtain sensitive information in an encrypted form.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-862,CWE-862,

Products Affected

Vendor Product Version
dell vxrail_d560_firmware 4.7.510
dell vxrail_d560f_firmware 4.7.510
dell vxrail_d560f_firmware 4.7.410
dell vxrail_d560f_firmware 4.7.411
dell vxrail_d560_firmware 4.7.410
dell vxrail_d560_firmware 4.7.411
CVE-2020-5369 MEDIUM

Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability. An authenticated malicious user may exploit this vulnerability by using SyncIQ to gain unauthorized access to system management files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
security_alert@emc.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,CWE-732,

Products Affected

Vendor Product Version
dell emc_isilon_onefs 8.2.2
dell emc_powerscale_onefs 9.0.0
CVE-2020-5370 MEDIUM

Dell EMC OpenManage Enterprise (OME) versions prior to 3.4 contain an arbitrary file overwrite vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to overwrite arbitrary files via directory traversal sequences using a crafted tar file to inject malicious RPMs which may cause a denial of service or perform unauthorized actions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.9 HIGH CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L 1.3 6.0
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
dell emc_openmanage_enterprise *
CVE-2020-5371 MEDIUM

Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale version 9.0.0 contain a file permissions vulnerability. An attacker, with network or local file access, could take advantage of insufficiently applied file permissions or gain unauthorized access to files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.0 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 2.1 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,CWE-732,

Products Affected

Vendor Product Version
dell emc_isilon_onefs *
dell emc_powerscale_onefs 9.0.0
CVE-2020-5372 MEDIUM

Dell EMC PowerStore versions prior to 1.0.1.0.5.002 contain a vulnerability that exposes test interface ports to external network. A remote unauthenticated attacker could potentially cause Denial of Service via test interface ports which are not used during run time environment.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
security_alert@emc.com 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 3.9 4.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1244,CWE-863,

Products Affected

Vendor Product Version
dell emc_powerstore_5000_firmware *
dell emc_powerstore_7000_firmware *
dell emc_powerstore_1000_firmware *
dell emc_powerstore_3000_firmware *
dell emc_powerstore_9000_firmware *
CVE-2020-5373 MEDIUM

Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to retrieve the system inventory data of the managed device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
security_alert@emc.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,CWE-306,

Products Affected

Vendor Product Version
dell emc_omimssc_for_sccm *
dell emc_omimssc_for_scvmm *
CVE-2020-5374 MEDIUM

Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain a hard-coded cryptographic key vulnerability. A remote unauthenticated attacker may exploit this vulnerability to gain access to the appliance data for remotely managed devices.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L 2.8 5.3
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-256,CWE-798,

Products Affected

Vendor Product Version
dell emc_omimssc_for_sccm *
dell emc_omimssc_for_scvmm *
CVE-2020-5376 HIGH

Dell Inspiron 7347 BIOS versions prior to A13 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in System Management Mode (SMM).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,CWE-416,

Products Affected

Vendor Product Version
dell inspiron_7347_bios *
CVE-2020-5377 MEDIUM

Dell EMC OpenManage Server Administrator (OMSA) versions 9.4 and prior contain multiple path traversal vulnerabilities. An unauthenticated remote attacker could potentially exploit these vulnerabilities by sending a crafted Web API request containing directory traversal character sequences to gain file system access on the compromised management station.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2
security_alert@emc.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
dell emc_openmanage_server_administrator *
CVE-2020-5378 HIGH

Dell G7 17 7790 BIOS versions prior to 1.13.2 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in System Management Mode (SMM).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,CWE-416,

Products Affected

Vendor Product Version
dell g7_17_7790_bios *
CVE-2020-5379 HIGH

Dell Inspiron 7352 BIOS versions prior to A12 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in System Management Mode (SMM).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
security_alert@emc.com 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-693,NVD-CWE-Other,

Products Affected

Vendor Product Version
dell inspiron_7352_bios *
CVE-2020-5383 MEDIUM

Dell EMC Isilon OneFS version 8.2.2 and Dell EMC PowerScale OneFS version 9.0.0 contains a buffer overflow vulnerability in the Likewise component. A remote unauthenticated malicious attacker may potentially exploit this vulnerability to cause a process restart.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
security_alert@emc.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-119,

Products Affected

Vendor Product Version
dell emc_isilon 8.2.2
dell emc_powerscale_onefs 9.0.0
CVE-2020-5385 HIGH

Dell Encryption versions prior to 10.8 and Dell Endpoint Security Suite versions prior to 2.8 contain a privilege escalation vulnerability because of an incomplete fix for CVE-2020-5358. A local malicious user with low privileges could potentially exploit this vulnerability to gain elevated privilege on the affected system with the help of a symbolic link.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-732,CWE-732,

Products Affected

Vendor Product Version
dell endpoint_security_suite_enterprise *
dell encryption *
CVE-2020-5386 MEDIUM

Dell EMC ECS, versions prior to 3.5, contains an Exposure of Resource vulnerability. A remote unauthenticated attacker can access the list of DT (Directory Table) objects of all internally running services and gain knowledge of sensitive data of the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-668,CWE-668,

Products Affected

Vendor Product Version
dell emc_elastic_cloud_storage *
CVE-2020-5387 MEDIUM

Dell XPS 13 9370 BIOS versions prior to 1.13.1 contains an Improper Exception Handling vulnerability. A local attacker with physical access could exploit this vulnerability to prevent the system from booting until the exploited boot device is removed.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-755,CWE-755,

Products Affected

Vendor Product Version
dell xps_13_9370_firmware *
CVE-2020-5388 MEDIUM

Dell Inspiron 15 7579 2-in-1 BIOS versions prior to 1.31.0 contain an Improper SMM communication buffer verification vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.9 MEDIUM CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.3 6.0
security_alert@emc.com 6.9 MEDIUM CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.3 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-119,

Products Affected

Vendor Product Version
dell inspiron_15_7579_firmware *
CVE-2020-5389 MEDIUM

Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain an information disclosure vulnerability. Authenticated low privileged OMIMSCC users may be able to retrieve sensitive information from the logs.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-532,CWE-532,

Products Affected

Vendor Product Version
dell emc_openmanage_integration_for_microsoft_system_center *
CVE-2021-21502 HIGH

Dell PowerScale OneFS versions 8.1.0 – 9.1.0 contain a "use of SSH key past account expiration" vulnerability. A user on the network with the ISI_PRIV_AUTH_SSH RBAC privilege that has an expired account may potentially exploit this vulnerability, giving them access to the same things they had before account expiration. This may by a high privileged account and hence Dell recommends customers upgrade at the earliest opportunity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security_alert@emc.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
dell emc_powerscale_onefs 8.2.2
dell emc_powerscale_onefs 8.1.0
dell emc_powerscale_onefs 8.1.2
dell emc_powerscale_onefs 8.2.1
dell emc_powerscale_onefs 9.1.0
dell emc_powerscale_onefs 8.1.1
dell emc_powerscale_onefs 8.2.0
dell emc_powerscale_onefs 9.0.0
CVE-2021-21503 MEDIUM

PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in a command. The Compadmin user could potentially exploit this vulnerability, leading to potential privileges escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
dell emc_powerscale_onefs 8.2.2
dell emc_powerscale_onefs 8.1.2
dell emc_powerscale_onefs 9.1.0
CVE-2021-21505 HIGH

Dell EMC Integrated System for Microsoft Azure Stack Hub, versions 1906 – 2011, contain an undocumented default iDRAC account. A remote unauthenticated attacker, with the knowledge of the default credentials, could potentially exploit this to log in to the system to gain root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,CWE-1188,

Products Affected

Vendor Product Version
dell emc_integrated_system_for_microsoft_azure_stack_hub_firmware *
CVE-2021-21506 MEDIUM

PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in its API handler. An un-authtenticated with ISI_PRIV_SYS_SUPPORT and ISI_PRIV_LOGIN_PAPI privileges could potentially exploit this vulnerability, leading to potential privileges escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
dell emc_powerscale_onefs 8.2.2
dell emc_powerscale_onefs 8.1.2
dell emc_powerscale_onefs 9.1.0
CVE-2021-21507 MEDIUM

Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX Switch Module firmware versions prior to 2.0.0.82 contain a Weak Password Encryption Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-261,CWE-326,

Products Affected

Vendor Product Version
dell x1008p_firmware *
dell r1-2210_firmware *
dell x1008_firmware *
dell r1-2401_firmware *
dell x1018p_firmware *
dell x1026_firmware *
dell x1026p_firmware *
dell x1018_firmware *
dell x4012_firmware *
dell x1052p_firmware *
dell x1052_firmware *
CVE-2021-21510 MEDIUM

Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary ‘Host’ header values to poison a web-cache or trigger redirections.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-74,

Products Affected

Vendor Product Version
dell idrac8_firmware *
CVE-2021-21511 MEDIUM

Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. A remote low privileged attacker could potentially exploit this vulnerability, to gain unauthorized read or modification access to other users' backup data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.8 5.2
security_alert@emc.com 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-285,NVD-CWE-Other,

Products Affected

Vendor Product Version
dell emc_avamar_server 19.4
dell emc_avamar_server 19.3
dell emc_integrated_data_protection_appliance 2.6
CVE-2021-21512 LOW

Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1, contains an Information Disclosure vulnerability. A locally authenticated high privileged Cyber Recovery user may potentially exploit this vulnerability leading to the takeover of the notification email account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.9 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N 1.5 5.8
nvd@nist.gov 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
dell emc_powerprotect_cyber_recovery 19.7.0.1
CVE-2021-21513 HIGH

Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft Windows installations with Distributed Web Server (DWS) enabled configuration contains an authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain admin access on the affected system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security_alert@emc.com 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L 3.9 4.7

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
dell openmanage_server_administrator *
CVE-2021-21514 MEDIUM

Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 and prior contain a path traversal vulnerability. A remote user with admin privileges could potentially exploit this vulnerability to view arbitrary files on the target system by sending a specially crafted URL request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6
security_alert@emc.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
dell openmanage_server_administrator *
CVE-2021-21515 LOW

Dell EMC SourceOne, versions 7.2SP10 and prior, contain a Stored Cross-Site Scripting vulnerability. A remote low privileged attacker may potentially exploit this vulnerability, to hijack user sessions or to trick a victim application user to unknowingly send arbitrary requests to the server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 9.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H 2.3 6.0
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
dell emc_sourceone *
dell emc_sourceone 7.2
CVE-2021-21517 MEDIUM

SRS Policy Manager 6.X is affected by an XML External Entity Injection (XXE) vulnerability due to a misconfigured XML parser that processes user-supplied DTD input without sufficient validation. A remote unauthenticated attacker can potentially exploit this vulnerability to read system files as a non-root user and may be able to temporarily disrupt the ESRS service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L 3.9 2.7
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L 3.9 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,CWE-611,

Products Affected

Vendor Product Version
dell emc_srs_policy_manager 6.8.3
dell emc_srs_policy_manager 6.6
dell emc_srs_policy_manager 6.9.0
CVE-2021-21518 HIGH

Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist Client for Business PCs versions 2.0.x, 2.1.x, 2.2.x, and Dell SupportAssist Client ProManage 1.x contain a DLL injection vulnerability in the Costura Fody plugin. A local user with low privileges could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with SYSTEM privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-427,CWE-427,

Products Affected

Vendor Product Version
dell supportassist_for_home_pcs 3.3.3
dell supportassist_for_business_pcs 2.1.0
dell supportassist_for_business_pcs 2.0.0
dell supportassist_for_home_pcs 3.7.0
dell supportassist_for_business_pcs 2.2.0
dell supportassist_for_home_pcs 3.6.0
dell supportassist_client_promanage 1.0
dell supportassist_for_home_pcs 3.4.0
CVE-2021-21522 LOW

Dell BIOS contains a Credentials Management issue. A local authenticated malicious user may potentially exploit this vulnerability to gain access to sensitive information on an NVMe storage by resetting the BIOS password on the system via the Manageability Interface.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6
security_alert@emc.com 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0

CVSS 2.0

Severity: LOW

Problem Type: CWE-255,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
dell latitude_7285_firmware *
dell latitude_7370_firmware *
dell latitude_7310_firmware *
dell latitude_7212_rugged_extreme_tablet_firmware *
dell latitude_7290_firmware 1.20.0
dell latitude_9510_firmware *
dell latitude_7410_firmware *
dell xps_13_9370_firmware *
dell precision_5530_2-in-1_firmware *
dell latitude_7370_firmware 1.24.3
dell latitude_7280_firmware 1.21.1
dell precision_5520_firmware *
dell latitude_7212_rugged_extreme_tablet_firmware 1.33.0
dell latitude_7285_firmware 1.11.0
dell latitude_7390_2-in-1_firmware *
dell latitude_7490_firmware *
dell latitude_7210_2-in-1_firmware *
dell latitude_9410_firmware *
dell latitude_7420_firmware *
dell latitude_5289_2-in-1_firmware *
dell latitude_7390_firmware 1.20.0
dell precision_5510_firmware *
dell xps_13_9360_firmware *
dell latitude_5310_2-in-1_firmware 1.7.0
dell latitude_7480_firmware *
dell latitude_5290_2-in-1_firmware *
dell latitude_7280_firmware *
dell latitude_7290_firmware *
dell latitude_7380_firmware 1.21.1
dell latitude_7389_firmware *
dell latitude_5285_2-in-1_firmware *
dell precision_3640_tower_firmware *
dell xps_15_9575_2-in-1_firmware *
CVE-2021-21524 HIGH

Dell SRM versions prior to 4.5.0.1 and Dell SMR versions prior to 4.5.0.1 contain an Untrusted Deserialization Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to arbitrary privileged code execution on the vulnerable application. The severity is Critical as this may lead to system compromise by unauthenticated attackers.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,CWE-502,

Products Affected

Vendor Product Version
dell storage_monitoring_and_reporting *
dell storage_resource_manager *
CVE-2021-21526 HIGH

Dell PowerScale OneFS 8.1.0 - 9.1.0 contains a privilege escalation in SmartLock compliance mode that may allow compadmin to execute arbitrary commands as root.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
security_alert@emc.com 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 0.8 5.2

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2021-21527 HIGH

Dell PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability may allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
security_alert@emc.com 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 0.8 5.2

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
dell emc_powerscale_onefs 9.0.0.0
dell emc_powerscale_onefs 9.1.0.0
CVE-2021-21528 MEDIUM

Dell EMC PowerScale OneFS versions 9.1.0, 9.2.0.x, 9.2.1.x contain an Exposure of Information through Directory Listing vulnerability. This vulnerability is triggered when upgrading from a previous versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-548,NVD-CWE-Other,

Products Affected

Vendor Product Version
dell emc_powerscale_onefs 9.2.0.0
dell emc_powerscale_onefs 9.1.0.0
dell emc_powerscale_onefs 9.2.1.0
CVE-2021-21529 MEDIUM

Dell System Update (DSU) 1.9 and earlier versions contain a denial of service vulnerability. A local authenticated malicious user with low privileges may potentially exploit this vulnerability to cause the system to run out of memory by running multiple instances of the vulnerable application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 3.8 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L 2.0 1.4
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
dell system_update *
CVE-2021-21530 MEDIUM

Dell OpenManage Enterprise-Modular (OME-M) versions prior to 1.30.00 contain a security bypass vulnerability. An authenticated malicious user with low privileges may potentially exploit the vulnerability to escape from the restricted environment and gain access to sensitive information in the system, resulting in information disclosure and elevation of privilege.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.3 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H 2.8 5.5
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
dell openmanage_enterprise-modular *
CVE-2021-21531 MEDIUM

Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. A local authenticated malicious user with monitor role may exploit this vulnerability to perform unauthorized actions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-602,CWE-669,

Products Affected

Vendor Product Version
dell solutions_enabler_virtual_appliance *
dell unisphere_for_powermax_virtual_appliance *
dell solutions_enabler *
dell powermax_os 5978
dell unisphere_for_powermax *
CVE-2021-21532 MEDIUM

Dell Wyse ThinOS 8.6 MR9 contains remediation for an improper management server validation vulnerability that could be potentially exploited to redirect a client to an attacker-controlled management server, thus allowing the attacker to change the device configuration or certificate file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 2.8 3.4
security_alert@emc.com 5.0 MEDIUM CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L 1.6 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-16,CWE-20,

Products Affected

Vendor Product Version
dell wyse_thinos 8.6
dell wyse_thinos *
CVE-2021-21533 MEDIUM

Wyse Management Suite versions up to 3.2 contains a vulnerability wherein a malicious authenticated user can cause a denial of service in the job status retrieval page, also affecting other users that would have normally access to the same subset of job details

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 2.8 1.4
security_alert@emc.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
dell wyse_management_suite *
CVE-2021-21534 LOW

Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to gain access to sensitive information via the local API.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 1.8 1.4
security_alert@emc.com 4.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 2.5 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
dell hybrid_client *
CVE-2021-21535 HIGH

Dell Hybrid Client versions prior to 1.5 contain a missing authentication for a critical function vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to gain root level access to the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.4 HIGH CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 1.4 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,CWE-306,

Products Affected

Vendor Product Version
dell hybrid_client *
CVE-2021-21536 LOW

Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to register the client to a server in order to view sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
security_alert@emc.com 6.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.5 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
dell hybrid_client *
CVE-2021-21537 LOW

Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to view and exfiltrate sensitive information on the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
security_alert@emc.com 6.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.5 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
dell hybrid_client *
CVE-2021-21538 HIGH

Dell EMC iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access to the virtual console.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 9.6 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L 2.8 6.0
nvd@nist.gov 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
dell idrac9_firmware *
CVE-2021-21539 MEDIUM

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a Time-of-check Time-of-use (TOCTOU) race condition vulnerability. A remote authenticated attacker could potentially exploit this vulnerability to gain elevated privileges when a user with higher privileges is simultaneously accessing iDRAC through the web interface.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L 1.2 4.7
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-367,

Products Affected

Vendor Product Version
dell idrac9_firmware *
CVE-2021-21540 MEDIUM

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a stack-based overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability to overwrite configuration information by injecting arbitrarily large payload.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L 1.6 4.2
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
dell idrac9_firmware *
CVE-2021-21541 MEDIUM

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a DOM-based cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to DOM environment in the browser. The malicious code is then executed by the web browser in the context of the vulnerable web application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
dell idrac9_firmware *
CVE-2021-21542 LOW

Dell EMC iDRAC9 versions prior to 4.40.10.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected while generating a certificate. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7
security_alert@emc.com 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
dell idrac9_firmware *
CVE-2021-21543 LOW

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected parameters. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
dell idrac9_firmware *
CVE-2021-21544 MEDIUM

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authentication vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to manipulate the username field under the comment section and set the value to any user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 2.7 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N 1.2 1.4
nvd@nist.gov 2.7 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N 1.2 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-602,CWE-287,

Products Affected

Vendor Product Version
dell idrac9_firmware *
CVE-2021-21545 HIGH

Dell Peripheral Manager 1.3.1 or greater contains remediation for a local privilege escalation vulnerability that could be potentially exploited to gain arbitrary code execution on the system with privileges of the system user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-427,CWE-427,

Products Affected

Vendor Product Version
dell peripheral_manager *
CVE-2021-21546 LOW

Dell EMC NetWorker versions 18.x,19.x prior to 19.3.0.4 and 19.4.0.0 contain an Information Disclosure in Log Files vulnerability. A local low-privileged user of the Networker server could potentially exploit this vulnerability to read plain-text credentials from server log files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: LOW

Problem Type: CWE-532,CWE-532,

Products Affected

Vendor Product Version
dell emc_networker 18.1.0.2
dell emc_networker 18.1.0.1
dell emc_networker *
dell emc_networker 18.2.0.0
dell emc_networker 19.4.0.0
CVE-2021-21547 LOW

Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 contain a plain-text password storage vulnerability when the Dell Upgrade Readiness Utility is run on the system. The credentials of the Unisphere Administrator are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: LOW

Problem Type: CWE-312,

Products Affected

Vendor Product Version
dell unity_xt_operating_environment *
dell unityvsa_operating_environment *
dell unity_operating_environment *
CVE-2021-21548

Dell EMC Unisphere for PowerMax versions before 9.1.0.27, Dell EMC Unisphere for PowerMax Virtual Appliance versions before 9.1.0.27, and PowerMax OS Release 5978 contain an improper certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim’s data in transit.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.4 HIGH CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 1.4 5.9
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

Products Affected

Vendor Product Version
dell emc_unisphere_for_powermax *
dell emc_unisphere_for_powermax_virtual_appliance *
dell powermax_os 5978
CVE-2021-21549 MEDIUM

Dell EMC XtremIO Versions prior to 6.3.3-8, contain a Cross-Site Request Forgery Vulnerability in XMS. A non-privileged attacker could potentially exploit this vulnerability, leading to a privileged victim application user being tricked into sending state-changing requests to the vulnerable application, causing unintended server operations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,CWE-352,

Products Affected

Vendor Product Version
dell xtremio_management_server *
CVE-2021-21550 HIGH

Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability can allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
security_alert@emc.com 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 0.8 5.2

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
dell emc_powerscale_onefs 8.2.2
dell emc_powerscale_onefs 8.1.2
dell emc_powerscale_onefs 9.0.0.0
dell emc_powerscale_onefs 9.1.0.0
dell emc_powerscale_onefs 8.2.1
dell emc_powerscale_onefs 8.1.1
CVE-2021-21551 MEDIUM

Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-782,NVD-CWE-Other,

Products Affected

Vendor Product Version
dell dbutil_2_3.sys *
dell dbutil_2_3.sys -
dell dbutil *
CVE-2021-21553 HIGH

Dell PowerScale OneFS versions 8.1.0-9.1.0 contain an Incorrect User Management vulnerability.under some specific conditions, this can allow the CompAdmin user to elevate privileges and break out of Compliance mode. This is a critical vulnerability and Dell recommends upgrading at the earliest.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-286,NVD-CWE-Other,

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2021-21554 HIGH

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and, Dell Precision 7920 Rack Workstation BIOS contain a stack-based buffer overflow vulnerability in systems with Intel Optane DC Persistent Memory installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L 0.6 5.5
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
dell poweredge_r740_firmware *
dell precision_7920_firmware -
dell poweredge_mx740c_firmware *
dell poweredge_r640_firmware *
dell poweredge_r740xd_firmware *
dell poweredge_r840_firmware *
dell poweredge_r940xa_firmware *
dell poweredge_r940_firmware *
dell poweredge_mx840c_firmware *
CVE-2021-21555 HIGH

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a heap-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
security_alert@emc.com 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L 0.6 5.5

CVSS 2.0

Severity: HIGH

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
dell poweredge_r740_firmware *
dell poweredge_mx740c_firmware *
dell poweredge_r640_firmware *
dell poweredge_t640_firmware *
dell poweredge_r740xd_firmware *
dell poweredge_r840_firmware *
dell poweredge_r940xa_firmware *
dell poweredge_r940_firmware *
dell poweredge_mx840c_firmware *
CVE-2021-21556 HIGH

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a stack-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
security_alert@emc.com 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L 0.6 5.5

CVSS 2.0

Severity: HIGH

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
dell poweredge_r740_firmware *
dell poweredge_mx740c_firmware *
dell poweredge_r640_firmware *
dell poweredge_t640_firmware *
dell poweredge_r740xd_firmware *
dell poweredge_r840_firmware *
dell poweredge_r940xa_firmware *
dell poweredge_r940_firmware *
dell poweredge_mx840c_firmware *
CVE-2021-21557 HIGH

Dell PowerEdge Server BIOS and select Dell Precision Rack BIOS contain an out-of-bounds array access vulnerability. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of service, arbitrary code execution, or information disclosure in System Management Mode.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.1 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L 1.5 6.0
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-125,

Products Affected

Vendor Product Version
dell poweredge_r740_firmware *
dell poweredge_r7525_firmware *
dell poweredge_c6525_firmware *
dell poweredge_m640_firmware *
dell poweredge_r640_firmware *
dell poweredge_t640_firmware *
dell poweredge_t140_firmware *
dell poweredge_r840_firmware *
dell poweredge_t440_firmware *
dell poweredge_r940_firmware *
dell poweredge_xr2_firmware *
dell poweredge_r6415_firmware *
dell poweredge_r740xd2_firmware *
dell poweredge_r740xd_firmware *
dell poweredge_fc640_firmware *
dell poweredge_r940xa_firmware *
dell poweredge_r240_firmware *
dell poweredge_t340_firmware *
dell poweredge_r7515_firmware *
dell poweredge_r540_firmware *
dell poweredge_m640p_firmware *
dell poweredge_mx740c_firmware *
dell poweredge_r6525_firmware *
dell poweredge_r440_firmware *
dell poweredge_r7425_firmware *
dell poweredge_mx840c_firmware *
dell poweredge_r340_firmware *
dell poweredge_c4140_firmware *
dell poweredge_c6420_firmware *
dell poweredge_r6515_firmware *
dell poweredge_r7415_firmware *
CVE-2021-21558 LOW

Dell EMC NetWorker, 18.x, 19.1.x, 19.2.x 19.3.x, 19.4 and 19.4.0.1, contains an Information Disclosure vulnerability. A local administrator of the gstd system may potentially exploit this vulnerability to read LDAP credentials from local logs and use the stolen credentials to make changes to the network domain.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-532,CWE-532,

Products Affected

Vendor Product Version
dell emc_networker *
CVE-2021-21559 LOW

Dell EMC NetWorker, versions 18.x, 19.1.x, 19.2.x 19.3.x, 19.4, and 19.4.0.1 contain an Improper Certificate Validation vulnerability in the client (NetWorker Management Console) components which uses SSL encrypted connection in order to communicate with the application server. An unauthenticated attacker in the same network collision domain as the NetWorker Management Console client could potentially exploit this vulnerability to perform man-in-the-middle attacks to intercept and tamper the traffic between the client and the application server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 1.6 3.6
security_alert@emc.com 7.1 HIGH CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: LOW

Problem Type: CWE-295,CWE-295,

Products Affected

Vendor Product Version
dell emc_networker *
CVE-2021-21561 LOW

Dell PowerScale OneFS version 8.1.2 contains a sensitive information exposure vulnerability. This would allow a malicious user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE privileges to gain access to sensitive information in the log files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-532,

Products Affected

Vendor Product Version
dell emc_powerscale_onefs 8.2.2
dell emc_powerscale_onefs 8.1.2
dell emc_powerscale_onefs 9.2.0.0
dell emc_powerscale_onefs 9.0.0.0
dell emc_powerscale_onefs 9.1.0.0
CVE-2021-21562 LOW

Dell EMC PowerScale OneFS contains an untrusted search path vulnerability. This vulnerability allows a user with (ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE) and (ISI_PRIV_SYS_UPGRADE or ISI_PRIV_AUDIT) to provide an untrusted path which can lead to run resources that are not under the application’s direct control.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N 0.8 3.6
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N 0.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-426,CWE-426,

Products Affected

Vendor Product Version
dell emc_powerscale_onefs 8.1.2
dell emc_powerscale_onefs 9.0.0.0
dell emc_powerscale_onefs 8.1.3
dell emc_powerscale_onefs 9.1.0.0
CVE-2021-21563 MEDIUM

Dell EMC PowerScale OneFS versions 8.1.2-9.1.0.x contain an Improper Check for Unusual or Exceptional Conditions in its auditing component.This can lead to an authenticated user with low-privileges to trigger a denial of service event.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
security_alert@emc.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-754,CWE-754,

Products Affected

Vendor Product Version
dell emc_powerscale_onefs 8.2.2
dell emc_powerscale_onefs 9.0.0.0
dell emc_powerscale_onefs 8.1.3
dell emc_powerscale_onefs 9.1.0.0
dell emc_powerscale_onefs 8.2.1
CVE-2021-21564 HIGH

Dell OpenManage Enterprise versions prior to 3.6.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to hijack an elevated session or perform unauthorized actions by sending malformed data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security_alert@emc.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-200,CWE-287,

Products Affected

Vendor Product Version
dell openmanage_enterprise *
CVE-2021-21565 MEDIUM

Dell PowerScale OneFS versions 9.1.0.3 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing other SmartConnect DNS responses.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-834,

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2021-21567 MEDIUM

Dell PowerScale OneFS 9.1.0.x contains an improper privilege management vulnerability. It may allow an authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE to elevate privilege.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,CWE-269,

Products Affected

Vendor Product Version
dell powerscale_onefs 9.0.0.0
dell powerscale_onefs 9.1.0.0
CVE-2021-21568 MEDIUM

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an insufficient logging vulnerability. An authenticated user with ISI_PRIV_LOGIN_PAPI could make un-audited and un-trackable configuration changes to settings that their roles have privileges to change.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 2.8 1.4
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
dell emc_powerscale_onefs 8.2.2
dell emc_powerscale_onefs *
CVE-2021-21569 MEDIUM

Dell NetWorker, versions 18.x and 19.x contain a Path traversal vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and gain access to unauthorized information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6
security_alert@emc.com 6.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N 2.3 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,CWE-22,

Products Affected

Vendor Product Version
dell emc_networker *
CVE-2021-21570 MEDIUM

Dell NetWorker, versions 18.x and 19.x contain an Information disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and gain access to unauthorized information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N 2.3 4.0
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
dell emc_networker *
CVE-2021-21571 MEDIUM

Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability using a person-in-the-middle attack which may lead to a denial of service and payload tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H 1.6 4.2
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H 2.2 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,CWE-295,

Products Affected

Vendor Product Version
dell inspiron_5310_firmware *
dell inspiron_5401_aio_firmware *
dell inspiron_7700_aio_firmware *
dell optiplex_7480_all-in-one_firmware *
dell optiplex_5090_tower_firmware *
dell latitude_5310_firmware *
dell xps_13_9305_firmware *
dell inspiron_5400_aio_firmware *
dell inspiron_5408_firmware *
dell inspiron_14_5418_firmware *
dell vostro_3690_firmware *
dell latitude_5510_firmware *
dell precision_7550_firmware *
dell latitude_3410_firmware *
dell vostro_14_5410_firmware *
dell latitude_7210_2-in-1_firmware *
dell xps_13_2in1_9310_firmware *
dell latitude_3520_firmware *
dell latitude_7520_firmware *
dell inspiron_5409_firmware *
dell latitude_9420_firmware *
dell precision_3450_firmware *
dell precision_3650_mt_firmware *
dell inspiron_15_7510_firmware *
dell latitude_7320_firmware *
dell precision_5560_firmware *
dell optiplex_7490_all-in-one_firmware *
dell vostro_5301_firmware *
dell latitude_5410_firmware *
dell latitude_9510_firmware *
dell inspiron_7610_firmware *
dell inspiron_5401_firmware *
dell optiplex_7780_all-in-one_firmware *
dell latitude_9410_firmware *
dell g7_7700_firmware *
dell optiplex_5490_aio_firmware *
dell inspiron_5300_firmware *
dell alienware_m15_r6_firmware *
dell latitude_5411_firmware *
dell vostro_5502_firmware *
dell precision_5760_firmware *
dell inspiron_5502_firmware *
dell g7_7500_firmware *
dell latitude_5421_firmware *
dell vostro_5501_firmware *
dell vostro_5890_firmware *
dell g3_3500_firmware *
dell precision_3440_firmware *
dell xps_13_9310_firmware *
dell inspiron_5406_2n1_firmware *
dell inspiron_7501_firmware *
dell latitude_7310_firmware *
dell inspiron_7506_firmware *
dell latitude_3120_firmware *
dell optiplex_7090_tower_firmware *
dell latitude_7410_firmware *
dell inspiron_3880_firmware *
dell latitude_5520_firmware *
dell latitude_5320_2-in-1_firmware *
dell precision_3561_firmware *
dell inspiron_5508_firmware *
dell g5_5500_firmware *
dell vostro_3881_firmware *
dell vostro_5310_firmware *
dell inspiron_5509_firmware *
dell vostro_3400_firmware *
dell latitude_5521_firmware *
dell vostro_5401_firmware *
dell vostro_3681_firmware *
dell vostro_3500_firmware *
dell vostro_3501_firmware *
dell vostro_5402_firmware *
dell optiplex_5080_firmware *
dell latitude_5420_firmware *
dell latitude_7420_firmware *
dell xps_17_9710_firmware *
dell inspiron_5400_2-in-1_firmware *
dell optiplex_3080_firmware *
dell precision_3551_firmware *
dell inspiron_3891_firmware *
dell vostro_7500_firmware *
dell inspiron_5402_firmware *
dell xps_15_9510_firmware *
dell inspiron_5410_2-in-1_firmware *
dell vostro_15_5510_firmware *
dell optiplex_7090_uff_firmware *
dell vostro_3890_firmware *
dell xps_15_9500_firmware *
dell precision_7560_firmware *
dell latitude_5511_firmware *
dell precision_7760_firmware *
dell inspiron_5501_firmware *
dell inspiron_3501_firmware *
dell g15_5510_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_9520_firmware *
dell vostro_15_7510_firmware *
dell chengming_3990_firmware *
dell precision_3640_firmware *
dell inspiron_5301_firmware *
dell latitude_3320_firmware *
dell vostro_5300_firmware *
dell inspiron_3881_firmware *
dell inspiron_7300_firmware *
dell precision_17_m5750_firmware *
dell optiplex_7080_firmware *
dell inspiron_7400_firmware *
dell inspiron_7500_firmware *
dell vostro_3888_firmware *
dell latitude_3420_firmware *
dell latitude_5320_firmware *
dell precision_3550_firmware *
dell inspiron_7500_2-in-1_firmware *
dell inspiron_7300_2-in-1_firmware *
dell optiplex_3280_all-in-one_firmware *
dell xps_17_9700_firmware *
dell precision_7750_firmware *
dell chengming_3991_firmware *
dell precision_5550_firmware *
dell precision_3560_firmware *
dell inspiron_7706_2-in-1_firmware *
dell latitude_7320_detachable_firmware *
dell latitude_3510_firmware *
dell optiplex_3090_uff_firmware *
dell g15_5511_firmware *
dell inspiron_15_5518_firmware *
dell inspiron_7306_2-in-1_firmware *
dell vostro_5880_firmware *
CVE-2021-21572 MEDIUM

Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.2 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H 0.6 6.0
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
dell inspiron_5310_firmware *
dell inspiron_5401_aio_firmware *
dell inspiron_7700_aio_firmware *
dell optiplex_7480_all-in-one_firmware *
dell optiplex_5090_tower_firmware *
dell latitude_5310_firmware *
dell xps_13_9305_firmware *
dell inspiron_5400_aio_firmware *
dell inspiron_5408_firmware *
dell inspiron_14_5418_firmware *
dell vostro_3690_firmware *
dell latitude_5510_firmware *
dell precision_7550_firmware *
dell latitude_3410_firmware *
dell vostro_14_5410_firmware *
dell latitude_7210_2-in-1_firmware *
dell xps_13_2in1_9310_firmware *
dell latitude_3520_firmware *
dell latitude_7520_firmware *
dell inspiron_5409_firmware *
dell latitude_9420_firmware *
dell precision_3450_firmware *
dell precision_3650_mt_firmware *
dell inspiron_15_7510_firmware *
dell latitude_7320_firmware *
dell precision_5560_firmware *
dell optiplex_7490_all-in-one_firmware *
dell vostro_5301_firmware *
dell latitude_5410_firmware *
dell latitude_9510_firmware *
dell inspiron_7610_firmware *
dell inspiron_5401_firmware *
dell optiplex_7780_all-in-one_firmware *
dell latitude_9410_firmware *
dell g7_7700_firmware *
dell optiplex_5490_aio_firmware *
dell inspiron_5300_firmware *
dell alienware_m15_r6_firmware *
dell latitude_5411_firmware *
dell vostro_5502_firmware *
dell precision_5760_firmware *
dell inspiron_5502_firmware *
dell g7_7500_firmware *
dell latitude_5421_firmware *
dell vostro_5501_firmware *
dell vostro_5890_firmware *
dell g3_3500_firmware *
dell precision_3440_firmware *
dell xps_13_9310_firmware *
dell inspiron_5406_2n1_firmware *
dell inspiron_7501_firmware *
dell latitude_7310_firmware *
dell inspiron_7506_firmware *
dell latitude_3120_firmware *
dell optiplex_7090_tower_firmware *
dell latitude_7410_firmware *
dell inspiron_3880_firmware *
dell latitude_5520_firmware *
dell latitude_5320_2-in-1_firmware *
dell precision_3561_firmware *
dell inspiron_5508_firmware *
dell g5_5500_firmware *
dell vostro_3881_firmware *
dell vostro_5310_firmware *
dell inspiron_5509_firmware *
dell vostro_3400_firmware *
dell latitude_5521_firmware *
dell vostro_5401_firmware *
dell vostro_3681_firmware *
dell vostro_3500_firmware *
dell vostro_3501_firmware *
dell vostro_5402_firmware *
dell optiplex_5080_firmware *
dell latitude_5420_firmware *
dell latitude_7420_firmware *
dell xps_17_9710_firmware *
dell inspiron_5400_2-in-1_firmware *
dell optiplex_3080_firmware *
dell precision_3551_firmware *
dell inspiron_3891_firmware *
dell vostro_7500_firmware *
dell inspiron_5402_firmware *
dell xps_15_9510_firmware *
dell inspiron_5410_2-in-1_firmware *
dell vostro_15_5510_firmware *
dell optiplex_7090_uff_firmware *
dell vostro_3890_firmware *
dell xps_15_9500_firmware *
dell precision_7560_firmware *
dell latitude_5511_firmware *
dell precision_7760_firmware *
dell inspiron_5501_firmware *
dell inspiron_3501_firmware *
dell g15_5510_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_9520_firmware *
dell vostro_15_7510_firmware *
dell chengming_3990_firmware *
dell precision_3640_firmware *
dell inspiron_5301_firmware *
dell latitude_3320_firmware *
dell vostro_5300_firmware *
dell inspiron_3881_firmware *
dell inspiron_7300_firmware *
dell precision_17_m5750_firmware *
dell optiplex_7080_firmware *
dell inspiron_7400_firmware *
dell inspiron_7500_firmware *
dell vostro_3888_firmware *
dell latitude_3420_firmware *
dell latitude_5320_firmware *
dell precision_3550_firmware *
dell inspiron_7500_2-in-1_firmware *
dell inspiron_7300_2-in-1_firmware *
dell optiplex_3280_all-in-one_firmware *
dell xps_17_9700_firmware *
dell precision_7750_firmware *
dell chengming_3991_firmware *
dell precision_5550_firmware *
dell precision_3560_firmware *
dell inspiron_7706_2-in-1_firmware *
dell latitude_7320_detachable_firmware *
dell latitude_3510_firmware *
dell optiplex_3090_uff_firmware *
dell g15_5511_firmware *
dell inspiron_15_5518_firmware *
dell inspiron_7306_2-in-1_firmware *
dell vostro_5880_firmware *
CVE-2021-21573 MEDIUM

Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0
security_alert@emc.com 7.2 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H 0.6 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
dell inspiron_5310_firmware *
dell inspiron_5401_aio_firmware *
dell inspiron_7700_aio_firmware *
dell optiplex_7480_all-in-one_firmware *
dell optiplex_5090_tower_firmware *
dell latitude_5310_firmware *
dell xps_13_9305_firmware *
dell inspiron_5400_aio_firmware *
dell inspiron_5408_firmware *
dell inspiron_14_5418_firmware *
dell vostro_3690_firmware *
dell latitude_5510_firmware *
dell precision_7550_firmware *
dell latitude_3410_firmware *
dell vostro_14_5410_firmware *
dell latitude_7210_2-in-1_firmware *
dell xps_13_2in1_9310_firmware *
dell latitude_3520_firmware *
dell latitude_7520_firmware *
dell inspiron_5409_firmware *
dell latitude_9420_firmware *
dell precision_3450_firmware *
dell precision_3650_mt_firmware *
dell inspiron_15_7510_firmware *
dell latitude_7320_firmware *
dell precision_5560_firmware *
dell optiplex_7490_all-in-one_firmware *
dell vostro_5301_firmware *
dell latitude_5410_firmware *
dell latitude_9510_firmware *
dell inspiron_7610_firmware *
dell inspiron_5401_firmware *
dell optiplex_7780_all-in-one_firmware *
dell latitude_9410_firmware *
dell g7_7700_firmware *
dell optiplex_5490_aio_firmware *
dell inspiron_5300_firmware *
dell alienware_m15_r6_firmware *
dell latitude_5411_firmware *
dell vostro_5502_firmware *
dell precision_5760_firmware *
dell inspiron_5502_firmware *
dell g7_7500_firmware *
dell latitude_5421_firmware *
dell vostro_5501_firmware *
dell vostro_5890_firmware *
dell g3_3500_firmware *
dell precision_3440_firmware *
dell xps_13_9310_firmware *
dell inspiron_5406_2n1_firmware *
dell inspiron_7501_firmware *
dell latitude_7310_firmware *
dell inspiron_7506_firmware *
dell latitude_3120_firmware *
dell optiplex_7090_tower_firmware *
dell latitude_7410_firmware *
dell inspiron_3880_firmware *
dell latitude_5520_firmware *
dell latitude_5320_2-in-1_firmware *
dell precision_3561_firmware *
dell inspiron_5508_firmware *
dell g5_5500_firmware *
dell vostro_3881_firmware *
dell vostro_5310_firmware *
dell inspiron_5509_firmware *
dell vostro_3400_firmware *
dell latitude_5521_firmware *
dell vostro_5401_firmware *
dell vostro_3681_firmware *
dell vostro_3500_firmware *
dell vostro_3501_firmware *
dell vostro_5402_firmware *
dell optiplex_5080_firmware *
dell latitude_5420_firmware *
dell latitude_7420_firmware *
dell xps_17_9710_firmware *
dell inspiron_5400_2-in-1_firmware *
dell optiplex_3080_firmware *
dell precision_3551_firmware *
dell inspiron_3891_firmware *
dell vostro_7500_firmware *
dell inspiron_5402_firmware *
dell xps_15_9510_firmware *
dell inspiron_5410_2-in-1_firmware *
dell vostro_15_5510_firmware *
dell optiplex_7090_uff_firmware *
dell vostro_3890_firmware *
dell xps_15_9500_firmware *
dell precision_7560_firmware *
dell latitude_5511_firmware *
dell precision_7760_firmware *
dell inspiron_5501_firmware *
dell inspiron_3501_firmware *
dell g15_5510_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_9520_firmware *
dell vostro_15_7510_firmware *
dell chengming_3990_firmware *
dell precision_3640_firmware *
dell inspiron_5301_firmware *
dell latitude_3320_firmware *
dell vostro_5300_firmware *
dell inspiron_3881_firmware *
dell inspiron_7300_firmware *
dell precision_17_m5750_firmware *
dell optiplex_7080_firmware *
dell inspiron_7400_firmware *
dell inspiron_7500_firmware *
dell vostro_3888_firmware *
dell latitude_3420_firmware *
dell latitude_5320_firmware *
dell precision_3550_firmware *
dell inspiron_7500_2-in-1_firmware *
dell inspiron_7300_2-in-1_firmware *
dell optiplex_3280_all-in-one_firmware *
dell xps_17_9700_firmware *
dell precision_7750_firmware *
dell chengming_3991_firmware *
dell precision_5550_firmware *
dell precision_3560_firmware *
dell inspiron_7706_2-in-1_firmware *
dell latitude_7320_detachable_firmware *
dell latitude_3510_firmware *
dell optiplex_3090_uff_firmware *
dell g15_5511_firmware *
dell inspiron_15_5518_firmware *
dell inspiron_7306_2-in-1_firmware *
dell vostro_5880_firmware *
CVE-2021-21574 MEDIUM

Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0
security_alert@emc.com 7.2 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H 0.6 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
dell inspiron_5310_firmware *
dell inspiron_5401_aio_firmware *
dell inspiron_7700_aio_firmware *
dell optiplex_7480_all-in-one_firmware *
dell optiplex_5090_tower_firmware *
dell latitude_5310_firmware *
dell xps_13_9305_firmware *
dell inspiron_5400_aio_firmware *
dell inspiron_5408_firmware *
dell inspiron_14_5418_firmware *
dell vostro_3690_firmware *
dell latitude_5510_firmware *
dell precision_7550_firmware *
dell latitude_3410_firmware *
dell vostro_14_5410_firmware *
dell latitude_7210_2-in-1_firmware *
dell xps_13_2in1_9310_firmware *
dell latitude_3520_firmware *
dell latitude_7520_firmware *
dell inspiron_5409_firmware *
dell latitude_9420_firmware *
dell precision_3450_firmware *
dell precision_3650_mt_firmware *
dell inspiron_15_7510_firmware *
dell latitude_7320_firmware *
dell precision_5560_firmware *
dell optiplex_7490_all-in-one_firmware *
dell vostro_5301_firmware *
dell latitude_5410_firmware *
dell latitude_9510_firmware *
dell inspiron_7610_firmware *
dell inspiron_5401_firmware *
dell optiplex_7780_all-in-one_firmware *
dell latitude_9410_firmware *
dell g7_7700_firmware *
dell optiplex_5490_aio_firmware *
dell inspiron_5300_firmware *
dell alienware_m15_r6_firmware *
dell latitude_5411_firmware *
dell vostro_5502_firmware *
dell precision_5760_firmware *
dell inspiron_5502_firmware *
dell g7_7500_firmware *
dell latitude_5421_firmware *
dell vostro_5501_firmware *
dell vostro_5890_firmware *
dell g3_3500_firmware *
dell precision_3440_firmware *
dell xps_13_9310_firmware *
dell inspiron_5406_2n1_firmware *
dell inspiron_7501_firmware *
dell latitude_7310_firmware *
dell inspiron_7506_firmware *
dell latitude_3120_firmware *
dell optiplex_7090_tower_firmware *
dell latitude_7410_firmware *
dell inspiron_3880_firmware *
dell latitude_5520_firmware *
dell latitude_5320_2-in-1_firmware *
dell precision_3561_firmware *
dell inspiron_5508_firmware *
dell g5_5500_firmware *
dell vostro_3881_firmware *
dell vostro_5310_firmware *
dell inspiron_5509_firmware *
dell vostro_3400_firmware *
dell latitude_5521_firmware *
dell vostro_5401_firmware *
dell vostro_3681_firmware *
dell vostro_3500_firmware *
dell vostro_3501_firmware *
dell vostro_5402_firmware *
dell optiplex_5080_firmware *
dell latitude_5420_firmware *
dell latitude_7420_firmware *
dell xps_17_9710_firmware *
dell inspiron_5400_2-in-1_firmware *
dell optiplex_3080_firmware *
dell precision_3551_firmware *
dell inspiron_3891_firmware *
dell vostro_7500_firmware *
dell inspiron_5402_firmware *
dell xps_15_9510_firmware *
dell inspiron_5410_2-in-1_firmware *
dell vostro_15_5510_firmware *
dell optiplex_7090_uff_firmware *
dell vostro_3890_firmware *
dell xps_15_9500_firmware *
dell precision_7560_firmware *
dell latitude_5511_firmware *
dell precision_7760_firmware *
dell inspiron_5501_firmware *
dell inspiron_3501_firmware *
dell g15_5510_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_9520_firmware *
dell vostro_15_7510_firmware *
dell chengming_3990_firmware *
dell precision_3640_firmware *
dell inspiron_5301_firmware *
dell latitude_3320_firmware *
dell vostro_5300_firmware *
dell inspiron_3881_firmware *
dell inspiron_7300_firmware *
dell precision_17_m5750_firmware *
dell optiplex_7080_firmware *
dell inspiron_7400_firmware *
dell inspiron_7500_firmware *
dell vostro_3888_firmware *
dell latitude_3420_firmware *
dell latitude_5320_firmware *
dell precision_3550_firmware *
dell inspiron_7500_2-in-1_firmware *
dell inspiron_7300_2-in-1_firmware *
dell optiplex_3280_all-in-one_firmware *
dell xps_17_9700_firmware *
dell precision_7750_firmware *
dell chengming_3991_firmware *
dell precision_5550_firmware *
dell precision_3560_firmware *
dell inspiron_7706_2-in-1_firmware *
dell latitude_7320_detachable_firmware *
dell latitude_3510_firmware *
dell optiplex_3090_uff_firmware *
dell g15_5511_firmware *
dell inspiron_15_5518_firmware *
dell inspiron_7306_2-in-1_firmware *
dell vostro_5880_firmware *
CVE-2021-21575

Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
dell bsafe_micro-edition-suite *
CVE-2021-21576 MEDIUM

Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7
security_alert@emc.com 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
dell emc_idrac9_firmware *
CVE-2021-21577 MEDIUM

Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7
security_alert@emc.com 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
dell emc_idrac9_firmware *
CVE-2021-21578 MEDIUM

Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,CWE-601,

Products Affected

Vendor Product Version
dell emc_idrac9_firmware *
CVE-2021-21579 MEDIUM

Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,CWE-601,

Products Affected

Vendor Product Version
dell emc_idrac9_firmware *
CVE-2021-21580 MEDIUM

Dell EMC iDRAC8 versions prior to 2.80.80.80 & Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a Content spoofing / Text injection, where a malicious URL can inject text to present a customized message on the application that can phish users into believing that the message is legitimate.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 2.8 1.4
security_alert@emc.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,CWE-74,

Products Affected

Vendor Product Version
dell emc_idrac9_firmware *
dell emc_idrac8_firmware *
CVE-2021-21581 MEDIUM

Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 2.8 3.6
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
dell emc_idrac9_firmware *
CVE-2021-21584 MEDIUM

Dell OpenManage Enterprise version 3.5 and OpenManage Enterprise-Modular version 1.30.00 contain an information disclosure vulnerability. An authenticated low privileged attacker may potentially exploit this vulnerability leading to disclosure of the OIDC server credentials.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.7 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 3.1 4.0
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
dell openmanage_enterprise 3.5
dell openmanage_enterprise-modular 1.30.00
CVE-2021-21585 HIGH

Dell OpenManage Enterprise versions prior to 3.6.1 contain an OS command injection vulnerability in RACADM and IPMI tools. A remote authenticated malicious user with high privileges may potentially exploit this vulnerability to execute arbitrary OS commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
dell openmanage_enterprise *
CVE-2021-21586 MEDIUM

Wyse Management Suite versions 3.2 and earlier contain an absolute path traversal vulnerability. A remote authenticated malicious user could exploit this vulnerability in order to read arbitrary files on the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
security_alert@emc.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-36,CWE-22,

Products Affected

Vendor Product Version
dell wyse_management_suite *
CVE-2021-21587 LOW

Dell Wyse Management Suite versions 3.2 and earlier contain a full path disclosure vulnerability. A local unauthenticated attacker could exploit this vulnerability in order to obtain the path of files and folders.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 1.8 1.4
security_alert@emc.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
dell wyse_management_suite *
CVE-2021-21588 MEDIUM

Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vulnerability in the Presentation Server/WebUI. An unauthenticated attacker could potentially exploit this vulnerability by tricking the user into performing unwanted actions on the Presentation Server and perform which may lead to configuration changes.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-345,CWE-345,

Products Affected

Vendor Product Version
dell powerflex_presentation_server *
CVE-2021-21589 MEDIUM

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 do not exit on failed Initialization. A local authenticated Service user could potentially exploit this vulnerability to escalate privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
security_alert@emc.com 5.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H 0.5 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
dell emc_unityvsa_operating_environment *
dell emc_unity_xt_operating_environment *
dell emc_unity_operating_environment *
CVE-2021-21590 MEDIUM

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
security_alert@emc.com 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-522,

Products Affected

Vendor Product Version
dell emc_unityvsa_operating_environment *
dell emc_unity_xt_operating_environment *
dell emc_unity_operating_environment *
CVE-2021-21591 MEDIUM

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-522,

Products Affected

Vendor Product Version
dell emc_unityvsa_operating_environment *
dell emc_unity_xt_operating_environment *
dell emc_unity_operating_environment *
CVE-2021-21592 MEDIUM

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x improperly handle an exceptional condition. A remote low privileged user could potentially exploit this vulnerability, leading to unauthorized information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
security_alert@emc.com 3.1 LOW CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N 1.6 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-755,

Products Affected

Vendor Product Version
dell emc_powerscale_onefs 8.2.2
dell emc_powerscale_onefs *
CVE-2021-21594 MEDIUM

Dell PowerScale OneFS versions 8.2.2 - 9.1.0.x contain a use of get request method with sensitive query strings vulnerability. It can lead to potential disclosure of sensitive data. Dell recommends upgrading at your earliest opportunity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
security_alert@emc.com 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H 3.9 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-598,

Products Affected

Vendor Product Version
dell emc_powerscale_onefs 8.2.2
dell emc_powerscale_onefs *
CVE-2021-21595 MEDIUM

Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper neutralization of special elements used in an OS command. This vulnerability could allow the compadmin user to elevate privileges. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell recommends to update/upgrade at the earliest opportunity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
security_alert@emc.com 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 0.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,CWE-77,

Products Affected

Vendor Product Version
dell emc_powerscale_onefs 8.2.2
dell emc_powerscale_onefs *
CVE-2021-21596 MEDIUM

Dell OpenManage Enterprise versions 3.4 through 3.6.1 and Dell OpenManage Enterprise Modular versions 1.20.00 through 1.30.00, contain a remote code execution vulnerability. A malicious attacker with access to the immediate subnet may potentially exploit this vulnerability leading to information disclosure and a possible elevation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 9.6 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.8 6.0
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
dell openmanage_enterprise-modular *
dell openmanage_enterprise *
CVE-2021-21597 LOW

Dell Wyse ThinOS, version 9.0, contains a Sensitive Information Disclosure Vulnerability. An authenticated malicious user with physical access to the system could exploit this vulnerability to read sensitive information written to the log files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.9 LOW CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.3 3.6
security_alert@emc.com 7.2 HIGH CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 0.5 6.0

CVSS 2.0

Severity: LOW

Problem Type: CWE-532,

Products Affected

Vendor Product Version
dell wyse_thinos 9.1
dell wyse_thinos 9.0
CVE-2021-21598 LOW

Dell Wyse ThinOS, versions 9.0, 9.1, and 9.1 MR1, contain a Sensitive Information Disclosure Vulnerability. An authenticated attacker with physical access to the system could exploit this vulnerability to read sensitive Smartcard data in log files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 3.9 LOW CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.3 3.6
nvd@nist.gov 3.9 LOW CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.3 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-532,

Products Affected

Vendor Product Version
dell wyse_thinos 9.1
dell wyse_thinos 9.0
CVE-2021-21599 MEDIUM

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.1.x contain an OS command injection vulnerability. This may allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to escalate privileges and escape the compliance guarantees. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell recommends to update/upgrade at the earliest opportunity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
security_alert@emc.com 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 0.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
dell emc_powerscale_onefs 8.2.2
dell emc_powerscale_onefs *
CVE-2021-21600 MEDIUM

Dell EMC NetWorker, 19.4 or older, contain an uncontrolled resource consumption flaw in its API service. An authorized API user could potentially exploit this vulnerability via the web and desktop user interfaces, leading to denial of service in the manageability path.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
security_alert@emc.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-772,

Products Affected

Vendor Product Version
dell emc_networker *
CVE-2021-21601 LOW

Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: LOW

Problem Type: CWE-532,

Products Affected

Vendor Product Version
dell emc_integrated_data_protection_appliance *
dell emc_data_protection_search *
CVE-2021-36276 MEDIUM

Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-285,NVD-CWE-Other,

Products Affected

Vendor Product Version
dell dbutildrv2.sys_firmware 2.6
dell dbutildrv2.sys_firmware 2.5
CVE-2021-36277 HIGH

Dell Command | Update, Dell Update, and Alienware Update versions before 4.3 contains an Improper Verification of Cryptographic Signature Vulnerability. A local authenticated malicious user may exploit this vulnerability by executing arbitrary code on the system.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-347,CWE-347,

Products Affected

Vendor Product Version
dell update/alienware_update *
dell command_|_update *
dell alienware_command_center_application *
CVE-2021-36278 LOW

Dell EMC PowerScale OneFS versions 8.2.x, 9.1.0.x, and 9.1.1.1 contain a sensitive information exposure vulnerability in log files. A local malicious user with ISI_PRIV_LOGIN_SSH, ISI_PRIV_LOGIN_CONSOLE, or ISI_PRIV_SYS_SUPPORT privileges may exploit this vulnerability to access sensitive information. If any third-party consumes those logs, the same sensitive information is available to those systems as well.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
security_alert@emc.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: LOW

Problem Type: CWE-532,CWE-532,

Products Affected

Vendor Product Version
dell emc_powerscale_onefs *
dell emc_powerscale_onefs 9.2.0
dell emc_powerscale_onefs 9.1.1.1
CVE-2021-36279 HIGH

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H 1.1 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-732,

Products Affected

Vendor Product Version
dell emc_powerscale_onefs 8.2.2
dell emc_powerscale_onefs *
CVE-2021-36280 LOW

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H 1.1 6.0

CVSS 2.0

Severity: LOW

Problem Type: CWE-732,

Products Affected

Vendor Product Version
dell emc_powerscale_onefs 8.2.2
dell emc_powerscale_onefs *
CVE-2021-36281 MEDIUM

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment vulnerability. A low privileged authenticated user can potentially exploit this vulnerability to escalate privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,

Products Affected

Vendor Product Version
dell emc_powerscale_onefs 8.2.2
dell emc_powerscale_onefs *
CVE-2021-36282 LOW

Dell EMC PowerScale OneFS versions 8.2.x - 9.1.0.x contain a use of uninitialized resource vulnerability. This can potentially allow an authenticated user with ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH privileges to gain access up to 24 bytes of data within the /ifs kernel stack under certain conditions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 1.8 1.4
security_alert@emc.com 2.5 LOW CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N 1.0 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-908,

Products Affected

Vendor Product Version
dell emc_powerscale_onefs 8.2.2
dell emc_powerscale_onefs *
CVE-2021-36283 HIGH

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
dell precision_7540_firmware *
dell xps_7390_2-in-1_firmware *
dell inspiron_7501_firmware *
dell latitude_5400_firmware *
dell latitude_7310_firmware *
dell latitude_5310_firmware *
dell vostro_5590_firmware *
dell inspiron_3593_firmware *
dell latitude_7410_firmware *
dell inspiron_3880_firmware *
dell inspiron_5593_firmware *
dell latitude_7220ex_rugged_extreme_tablet_firmware *
dell inspiron_5598_firmware *
dell vostro_3881_firmware *
dell inspiron_7500_2-in-1_silver_firmware *
dell precision_7550_firmware *
dell inspiron_7590_firmware *
dell precision_3540_firmware *
dell precision_5750_firmware *
dell vostro_3681_firmware *
dell latitude_7400_firmware *
dell wyse_5470_firmware *
dell vostro_3501_firmware *
dell optiplex_5080_firmware *
dell inspiron_3493_firmware *
dell optiplex_7780_aio_firmware *
dell latitude_5310_2_in_1_firmware 1.4.2
dell inspiron_5400_2-in-1_firmware *
dell optiplex_3080_firmware *
dell precision_3551_firmware *
dell vostro_7500_firmware *
dell latitude_3310_2-in-1_firmware *
dell vostro_7590_firmware *
dell latitude_7200_2_in_1_firmware *
dell latitude_7400_2-in-1_firmware *
dell inspiron_5490_firmware *
dell vostro_3591_firmware *
dell latitude_5300_firmware *
dell latitude_5500_firmware *
dell optiplex_3280_aio_firmware *
dell precision_7740_firmware *
dell latitude_7210_2_in_1_firmware *
dell vostro_3491_firmware *
dell vostro_3401_firmware *
dell inspiron_7591_firmware *
dell latitude_5511_firmware *
dell inspiron_5493_firmware *
dell xps_9500_firmware *
dell inspiron_3501_firmware *
dell latitude_5410_firmware *
dell precision_3541_firmware *
dell latitude_9510_firmware *
dell g3_15_5500_firmware *
dell chengming_3990_firmware *
dell latitude_7300_firmware *
dell xps_13_9380_firmware *
dell inspiron_3881_firmware *
dell optiplex_7480_aio_firmware *
dell optiplex_7080_firmware *
dell inspiron_7500_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell g3_15_3590_firmware *
dell optiplex_5480_aio_firmware *
dell latitude_9410_firmware *
dell xps_7380_firmware *
dell precision_3550_firmware *
dell xps_7590_firmware *
dell latitude_5411_firmware *
dell inspiron_5498_firmware *
dell inspiron_3793_firmware *
dell xps_17_9700_firmware *
dell vostro_5490_firmware *
dell precision_7750_firmware *
dell g3_15_3500_firmware *
dell chengming_3991_firmware *
dell xps_13_9300_firmware *
dell precision_5550_firmware *
dell inspiron_7391_2-in-1_firmware *
dell latitude_5300_2-in-1_firmware *
dell latitude_3310_firmware *
dell precision_3440_firmware *
dell inspiron_5590_firmware *
dell precision_3640_tower_firmware *
dell precision_5540_firmware *
CVE-2021-36284 LOW

Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive admin password attempt mitigations in order to carry out a brute force attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6
security_alert@emc.com 5.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L 1.5 3.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-307,

Products Affected

Vendor Product Version
dell latitude_9410_firmware *
dell latitude_7420_firmware *
dell latitude_5320_firmware *
dell latitude_5400_firmware *
dell latitude_7370_firmware *
dell optiplex_3080_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_5411_firmware *
dell latitude_7212_rugged_extreme_tablet_firmware *
dell latitude_9520_firmware *
dell latitude_9510_firmware *
dell precision_3551_ffirmware *
dell latitude_5520_firmware *
dell latitude_7480_firmware *
dell latitude_7280_firmware *
dell latitude_5500_firmware *
dell optiplex_3280_aio_firmware *
dell latitude_7320_firmware *
dell optiplex_7480_aio_firmware *
dell latitude_5511_firmware *
dell precision_3640_tower_firmware *
CVE-2021-36285 LOW

Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive NVMe password attempt mitigations in order to carry out a brute force attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L 1.5 3.7
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-307,

Products Affected

Vendor Product Version
dell latitude_9410_firmware *
dell latitude_7420_firmware *
dell latitude_5320_firmware *
dell latitude_5400_firmware *
dell latitude_7370_firmware *
dell optiplex_3080_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_5411_firmware *
dell latitude_7212_rugged_extreme_tablet_firmware *
dell latitude_9520_firmware *
dell latitude_9510_firmware *
dell precision_3551_ffirmware *
dell latitude_5520_firmware *
dell latitude_7480_firmware *
dell latitude_7280_firmware *
dell latitude_5500_firmware *
dell optiplex_3280_aio_firmware *
dell latitude_7320_firmware *
dell optiplex_7480_aio_firmware *
dell latitude_5511_firmware *
dell precision_3640_tower_firmware *
CVE-2021-36286 LOW

Dell SupportAssist Client Consumer versions 3.9.13.0 and any versions prior to 3.9.13.0 contain an arbitrary file deletion vulnerability that can be exploited by using the Windows feature of NTFS called Symbolic links. Symbolic links can be created by any(non-privileged) user under some object directories, but by themselves are not sufficient to successfully escalate privileges. However, combining them with a different object, such as the NTFS junction point allows for the exploitation. Support assist clean files functionality do not distinguish junction points from the physical folder and proceeds to clean the target of the junction that allows nonprivileged users to create junction points and delete arbitrary files on the system which can be accessed only by the admin.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2
security_alert@emc.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-22,CWE-59,

Products Affected

Vendor Product Version
dell supportassist_client_consumer *
CVE-2021-36287 HIGH

Dell VNX2 for file version 8.1.21.266 and earlier, contain an unauthenticated remote code execution vulnerability which may lead unauthenticated users to execute commands on the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security_alert@emc.com 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
dell emc_unity_operating_environment *
CVE-2021-36288 MEDIUM

Dell VNX2 for File version 8.1.21.266 and earlier, contain a path traversal vulnerability which may lead unauthenticated users to read/write restricted files

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2
security_alert@emc.com 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L 3.9 4.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
dell emc_unity_operating_environment *
CVE-2021-36289 MEDIUM

Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information and use it.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-532,CWE-532,

Products Affected

Vendor Product Version
dell emc_unity_operating_environment *
CVE-2021-36290 MEDIUM

Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
security_alert@emc.com 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,CWE-269,

Products Affected

Vendor Product Version
dell emc_unity_operating_environment *
CVE-2021-36293 MEDIUM

Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
security_alert@emc.com 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,CWE-269,

Products Affected

Vendor Product Version
dell emc_unity_operating_environment *
CVE-2021-36294 HIGH

Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authentication bypass vulnerability. A remote unauthenticated attacker may exploit this vulnerability by forging a cookie to login as any user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security_alert@emc.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-331,CWE-330,

Products Affected

Vendor Product Version
dell emc_unity_operating_environment *
CVE-2021-36295 HIGH

Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authenticated remote code execution vulnerability. A remote malicious user with privileges may exploit this vulnerability to execute commands on the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
dell emc_unity_operating_environment *
CVE-2021-36296 HIGH

Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authenticated remote code execution vulnerability. A remote malicious user with privileges may exploit this vulnerability to execute commands on the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
dell emc_unity_operating_environment *
CVE-2021-36297 MEDIUM

SupportAssist Client version 3.8 and 3.9 contains an Untrusted search path vulnerability that allows attackers to load an arbitrary .dll file via .dll planting/hijacking, only by a separate administrative action that is not a default part of the SOSInstallerTool.exe installation for executing arbitrary dll's,

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-426,CWE-426,

Products Affected

Vendor Product Version
dell supportassist_for_home_pcs *
CVE-2021-36298 HIGH

Dell EMC InsightIQ, versions prior to 4.1.4, contain risky cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to authentication bypass and remote takeover of the InsightIQ. This allows an attacker to take complete control of InsightIQ to affect services provided by SSH; so Dell recommends customers to upgrade at the earliest opportunity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-327,

Products Affected

Vendor Product Version
dell isilon_insightiq_firmware *
CVE-2021-36299 MEDIUM

Dell iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.29.00 and 5.00.00.00 contain an SQL injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to the affected application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L 2.8 4.2
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,CWE-89,

Products Affected

Vendor Product Version
dell emc_idrac9_firmware *
dell emc_idrac9_firmware 5.00.00.00
CVE-2021-36300 MEDIUM

iDRAC9 versions prior to 5.00.00.00 contain an improper input validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability by sending a specially crafted malicious request to crash the webserver or cause information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L 2.2 4.2
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L 3.9 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
dell emc_idrac9_firmware *
CVE-2021-36301 MEDIUM

Dell iDRAC 9 prior to version 4.40.40.00 and iDRAC 8 prior to version 2.80.80.80 contain a Stack Buffer Overflow in Racadm. An authenticated remote attacker may potentially exploit this vulnerability to control process execution and gain access to the underlying operating system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
security_alert@emc.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N 0.7 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
dell emc_idrac9_firmware *
dell emc_idrac8_firmware *
CVE-2021-36302 HIGH

All Dell EMC Integrated System for Microsoft Azure Stack Hub versions contain a privilege escalation vulnerability. A remote malicious user with standard level JEA credentials may potentially exploit this vulnerability to elevate privileges and take over the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 3.1 6.0
nvd@nist.gov 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 3.1 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-269,CWE-269,

Products Affected

Vendor Product Version
dell emc_integrated_system_for_microsoft_azure_stack_hub_firmware *
CVE-2021-36305 MEDIUM

Dell PowerScale OneFS contains an Unsynchronized Access to Shared Data in a Multithreaded Context in SMB CA handling. An authenticated user of SMB on a cluster with CA could potentially exploit this vulnerability, leading to a denial of service over SMB.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-662,

Products Affected

Vendor Product Version
dell emc_powerscale_onefs 8.2.2
dell emc_powerscale_onefs 9.2.0.0
dell emc_powerscale_onefs 9.0.0.0
dell emc_powerscale_onefs 9.1.1.0
dell emc_powerscale_onefs 9.1.0.0
dell emc_powerscale_onefs 8.2.1
dell emc_powerscale_onefs 9.2.1.0
dell emc_powerscale_onefs 8.2.0
CVE-2021-36306 HIGH

Networking OS10, versions prior to October 2021 with RESTCONF API enabled, contains an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to gain access and perform actions on the affected system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security_alert@emc.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
dell networking_os10 *
CVE-2021-36307 HIGH

Networking OS10, versions prior to October 2021 with RESTCONF API enabled, contains a privilege escalation vulnerability. A malicious low privileged user with specific access to the API could potentially exploit this vulnerability to gain admin privileges on the affected system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
security_alert@emc.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-269,

Products Affected

Vendor Product Version
dell networking_os10 *
CVE-2021-36308 HIGH

Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to gain access and perform actions on the affected system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security_alert@emc.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-288,CWE-287,

Products Affected

Vendor Product Version
dell networking_os10 *
CVE-2021-36309 MEDIUM

Dell Enterprise SONiC OS, versions 3.3.0 and earlier, contains a sensitive information disclosure vulnerability. An authenticated malicious user with access to the system may use the TACACS\Radius credentials stored to read sensitive information and use it in further attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.1 HIGH CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-256,CWE-522,

Products Affected

Vendor Product Version
dell enterprise_sonic_os *
CVE-2021-36310 MEDIUM

Dell Networking OS10, versions 10.4.3.x, 10.5.0.x, 10.5.1.x & 10.5.2.x, contain an uncontrolled resource consumption flaw in its API service. A high-privileged API user may potentially exploit this vulnerability, leading to a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-693,CWE-400,

Products Affected

Vendor Product Version
dell networking_os10 *
CVE-2021-36311 MEDIUM

Dell EMC Networker versions prior to 19.5 contain an Improper Authorization vulnerability. Any local malicious user with networker user privileges may exploit this vulnerability to upload malicious file to unauthorized locations and execute it.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N 1.5 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-285,NVD-CWE-Other,

Products Affected

Vendor Product Version
dell emc_networker *
CVE-2021-36312 HIGH

Dell EMC CloudLink 7.1 and all prior versions contain a Hard-coded Password Vulnerability. A remote high privileged attacker, with the knowledge of the hard-coded credentials, may potentially exploit this vulnerability to gain unauthorized access to the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-259,

Products Affected

Vendor Product Version
dell cloudlink *
CVE-2021-36313 HIGH

Dell EMC CloudLink 7.1 and all prior versions contain an OS command injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. This vulnerability is considered critical as it may be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-74,CWE-78,

Products Affected

Vendor Product Version
dell cloudlink *
CVE-2021-36314 HIGH

Dell EMC CloudLink 7.1 and all prior versions contain an Arbitrary File Creation Vulnerability. A remote unauthenticated attacker, may potentially exploit this vulnerability, leading to the execution of arbitrary files on the end user system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security_alert@emc.com 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L 2.8 3.7

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
dell emc_cloud_link *
CVE-2021-36315 HIGH

Dell EMC PowerScale Nodes contain a hardware design flaw. This may allow a local unauthenticated user to escalate privileges. This also affects Compliance mode and for Compliance mode clusters, is a critical vulnerability. Dell EMC recommends applying the workaround at your earliest opportunity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
dell emc_powerscale_nodes_h400_firmware -
dell emc_powerscale_nodes_a200_firmware -
dell emc_powerscale_nodes_a3000_firmware -
dell emc_powerscale_nodes_h700_firmware -
dell emc_powerscale_nodes_nl410_firmware -
dell emc_powerscale_nodes_s210_firmware -
dell emc_powerscale_nodes_h7000_firmware -
dell emc_powerscale_nodes_h5600_firmware -
dell emc_powerscale_nodes_f600_firmware -
dell emc_powerscale_nodes_a300_firmware -
dell emc_powerscale_nodes_h500_firmware -
dell emc_powerscale_nodes_x210_firmware -
dell emc_powerscale_nodes_h600_firmware -
dell emc_powerscale_nodes_f800_firmware -
dell emc_powerscale_nodes_f810_firmware -
dell emc_powerscale_nodes_a2000_firmware -
dell emc_powerscale_nodes_f200_firmware -
dell emc_powerscale_nodes_a100_firmware -
dell emc_powerscale_nodes_x410_firmware -
CVE-2021-36316 MEDIUM

Dell EMC Avamar Server versions 18.2, 19.1, 19.2, 19.3, and 19.4 contain an improper privilege management vulnerability in AUI. A malicious user with high privileges could potentially exploit this vulnerability, leading to the disclosure of the AUI info and performing some unauthorized operation on the AUI.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H 1.2 5.5
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,CWE-269,

Products Affected

Vendor Product Version
dell emc_avamar_server 19.2
dell emc_avamar_server 19.4
dell emc_avamar_server 19.3
dell emc_avamar_server 18.2
dell emc_avamar_server 19.1
CVE-2021-36317 LOW

Dell EMC Avamar Server version 19.4 contains a plain-text password storage vulnerability in AvInstaller. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: LOW

Problem Type: CWE-256,CWE-522,

Products Affected

Vendor Product Version
dell emc_avamar_server 19.4
dell emc_powerprotect_data_protection_appliance 2.7
CVE-2021-36318 MEDIUM

Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage vulnerability. A high privileged user could potentially exploit this vulnerability, leading to a complete outage.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-532,CWE-522,

Products Affected

Vendor Product Version
dell emc_avamar_server 19.2
dell emc_avamar_server 19.4
dell emc_avamar_server 19.3
dell emc_avamar_server 18.2
dell emc_avamar_server 19.1
CVE-2021-36319 LOW

Dell Networking OS10 versions 10.4.3.x, 10.5.0.x and 10.5.1.x contain an information exposure vulnerability. A low privileged authenticated malicious user can gain access to SNMP authentication failure messages.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 1.8 1.4
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 1.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-665,CWE-668,

Products Affected

Vendor Product Version
dell networking_os10 *
CVE-2021-36320 HIGH

Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially hijack a session and access the webserver by forging the session ID.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 1.6 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-331,

Products Affected

Vendor Product Version
dell x1008p_firmware *
dell x1008_firmware *
dell x1018p_firmware *
dell x1026_firmware *
dell x1026p_firmware *
dell x1018_firmware *
dell x4012_firmware *
dell x1052p_firmware *
dell x1052_firmware *
CVE-2021-36321 MEDIUM

Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an improper input validation vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by sending specially crafted data to trigger a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
dell x1008p_firmware *
dell x1008_firmware *
dell x1018p_firmware *
dell x1026_firmware *
dell x1026p_firmware *
dell x1018_firmware *
dell x4012_firmware *
dell x1052p_firmware *
dell x1052_firmware *
CVE-2021-36322 MEDIUM

Dell Networking X-Series firmware versions prior to 3.0.1.8 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary host header values to poison the web-cache or trigger redirections.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7
security_alert@emc.com 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-74,

Products Affected

Vendor Product Version
dell x1008p_firmware *
dell x1008_firmware *
dell x1018p_firmware *
dell x1026_firmware *
dell x1026p_firmware *
dell x1018_firmware *
dell x4012_firmware *
dell x1052p_firmware *
dell x1052_firmware *
CVE-2021-36323 HIGH

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
dell optiplex_7760_firmware *
dell precision_7540_firmware *
dell latitude_5289_firmware *
dell chengming_3988_firmware *
dell optiplex_7440_firmware *
dell optiplex_7770_firmware *
dell xps_27_7760_firmware *
dell latitude_7370_firmware *
dell latitude_5280_firmware *
dell inspiron_5491_firmware *
dell latitude_e7470_firmware *
dell inspiron_3477_firmware *
dell inspiron_7590_firmware *
dell inspiron_5400_firmware *
dell latitude_7490_firmware *
dell optiplex_7040_firmware *
dell inspiron_7777_firmware *
dell precision_3520_firmware *
dell latitude_rugged_5414_firmware *
dell latitude_rugged_extreme_7214_firmware *
dell inspiron_7386_firmware *
dell latitude_3480_firmware *
dell latitude_3580_firmware *
dell chengming_3977_firmware *
dell inspiron_7380_firmware *
dell vostro_5481_firmware *
dell latitude_5285_firmware *
dell latitude_3390_firmware *
dell latitude_3570_firmware *
dell latitude_7480_firmware *
dell inspiron_7370_firmware *
dell vostro_15_3568_firmware *
dell latitude_3490_firmware *
dell optiplex_5250_firmware *
dell g7_7587_firmware *
dell xps_15_9560_firmware *
dell alienware_m17_r1_firmware *
dell inspiron_7591_firmware *
dell optiplex_5270_firmware *
dell latitude_5410_firmware *
dell latitude_3551_firmware *
dell alienware_13_r3_firmware *
dell wyse_7040_firmware *
dell latitude_9510_firmware *
dell inspiron_7373_firmware *
dell optiplex_5060_firmware *
dell precision_5820_firmware *
dell inspiron_5401_firmware *
dell precision_3430_firmware *
dell inspiron_7567_firmware *
dell inspiron_5370_firmware *
dell alienware_m15_r2_firmware *
dell alienware_x15_r1_firmware *
dell xps_8930_firmware *
dell latitude_9410_firmware *
dell vostro_15_7580_firmware *
dell precision_5530_firmware *
dell vostro_3070_firmware *
dell optiplex_3050_firmware *
dell vostro_15_3578_firmware *
dell latitude_5411_firmware *
dell precision_3510_firmware *
dell latitude_5491_firmware *
dell g5_5090_firmware *
dell inspiron_3277_firmware *
dell inspiron_3781_firmware *
dell optiplex_3060_firmware *
dell vostro_5581_firmware *
dell inspiron_3581_firmware *
dell optiplex_xe3_firmware *
dell precision_7820_firmware *
dell latitude_7389_firmware *
dell vostro_3580_firmware *
dell precision_5540_firmware *
dell embedded_box_pc_5000_firmware *
dell latitude_7285_firmware *
dell precision_3930_firmware *
dell precision_7730_firmware *
dell precision_5720_firmware *
dell inspiron_7700_firmware *
dell latitude_rugged_7220_firmware *
dell latitude_5490_firmware *
dell inspiron_3880_firmware *
dell vostro_3881_firmware *
dell latitude_7380_firmware *
dell optiplex_5080_firmware *
dell inspiron_7580_firmware *
dell alienware_m17_r2_firmware *
dell alienware_15_r4_firmware *
dell alienware_aurora_r11_firmware *
dell inspiron_15_7570_firmware *
dell inspiron_15_7577_firmware *
dell latitude_5175_firmware *
dell inspiron_15_5582_firmware *
dell xps_13_9360_firmware *
dell precision_3240_firmware *
dell latitude_3470_firmware *
dell inspiron_3576_firmware *
dell optiplex_7460_firmware *
dell g3_3779_firmware *
dell g5_5590_firmware *
dell latitude_rugged_tablet_7212_firmware *
dell optiplex_7780_firmware *
dell optiplex_7070_firmware *
dell latitude_5288_firmware *
dell latitude_3300_firmware *
dell precision_7740_firmware *
dell vostro_3667_firmware *
dell g5_5587_firmware *
dell optiplex_5070_firmware *
dell vostro_3470_firmware *
dell inspiron_3480_firmware *
dell latitude_5501_firmware *
dell latitude_7300_firmware *
dell xps_13_9380_firmware *
dell latitude_7390_firmware *
dell inspiron_15_3567_firmware *
dell latitude_5179_firmware *
dell inspiron_15_5578_firmware *
dell vostro_3670_firmware *
dell optiplex_3046_firmware *
dell optiplex_5040_firmware *
dell inspiron_3671_firmware *
dell inspiron_14_3467_firmware *
dell optiplex_7080_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell inspiron_15_5566_firmware *
dell inspiron_5770_firmware *
dell latitude_e5570_firmware *
dell xps_7590_firmware *
dell alienware_aurora_r8_firmware *
dell inspiron_7790_firmware *
dell inspiron_3668_firmware *
dell inspiron_5480_firmware *
dell precision_7750_firmware *
dell alienware_area_51m_r2_firmware *
dell optiplex_5260_firmware *
dell latitude_3190_firmware *
dell latitude_5290_firmware *
dell chengming_3991_firmware *
dell alienware_x17_r1_firmware *
dell latitude_rugged_7220ex_firmware *
dell vostro_5880_firmware *
dell latitude_e7270_firmware *
dell inspiron_3470_firmware *
dell optiplex_7480_firmware *
dell latitude_7210_firmware *
dell latitude_5400_firmware *
dell latitude_5310_firmware *
dell optiplex_7060_firmware *
dell vostro_5471_firmware *
dell inspiron_15_7572_firmware *
dell xps_13_9370_firmware *
dell inspiron_7472_firmware *
dell vostro_3268_firmware *
dell vostro_3583_firmware *
dell latitude_5510_firmware *
dell precision_7550_firmware *
dell precision_3540_firmware *
dell vostro_3471_firmware *
dell latitude_3379_firmware *
dell precision_3620_firmware *
dell inspiron_7467_firmware *
dell latitude_7200_firmware *
dell vostro_14_5468_firmware *
dell vostro_3480_firmware *
dell precision_3420_firmware *
dell latitude_7280_firmware *
dell latitude_7290_firmware *
dell latitude_5300_firmware *
dell inspiron_3670_firmware *
dell inspiron_3471_firmware *
dell optiplex_7071_firmware *
dell latitude_rugged_5424_firmware *
dell inspiron_5482_firmware *
dell latitude_e5270_firmware *
dell precision_3541_firmware *
dell latitude_3380_firmware *
dell inspiron_3476_firmware *
dell g3_3579_firmware *
dell latitude_5480_firmware *
dell inspiron_15_5579_firmware *
dell precision_3630_firmware *
dell alienware_aurora_ryzen_edition_firmware *
dell inspiron_7586_firmware *
dell vostro_3660_firmware *
dell precision_7720_firmware *
dell vostro_15_7570_firmware *
dell inspiron_15_7573_firmware *
dell inspiron_14_5468_firmware *
dell vostro_3267_firmware *
dell alienware_17_r5_firmware *
dell inspiron_13_5379_firmware *
dell optiplex_5050_firmware *
dell optiplex_3240_firmware *
dell vostro_3481_firmware *
dell inspiron_3780_firmware *
dell vostro_3671_firmware *
dell precision_3440_firmware *
dell precision_7510_firmware *
dell chengming_3980_firmware *
dell inspiron_3280_firmware *
dell precision_3431_firmware *
dell latitude_rugged_5420_firmware *
dell latitude_rugged_extreme_7414_firmware *
dell latitude_7310_firmware *
dell precision_7710_firmware *
dell alienware_aurora_r9_firmware *
dell latitude_5580_firmware *
dell vostro_15_5568_firmware *
dell latitude_7410_firmware *
dell g7_7588_firmware *
dell g7_7790_firmware *
dell alienware_area_51m_r1_firmware *
dell optiplex_3070_firmware *
dell latitude_3189_firmware *
dell precision_7530_firmware *
dell vostro_3681_firmware *
dell precision_5520_firmware *
dell alienware_15_r3_firmware *
dell latitude_7400_firmware *
dell wyse_5470_firmware *
dell precision_7920_firmware *
dell optiplex_3280_firmware *
dell vostro_3581_firmware *
dell inspiron_5481_firmware *
dell optiplex_3080_firmware *
dell alienware_m17_r3_firmware *
dell alienware_aurora_r7_firmware *
dell inspiron_13_5378_firmware *
dell latitude_5591_firmware *
dell vostro_7590_firmware *
dell inspiron_3580_firmware *
dell latitude_3590_firmware *
dell optiplex_3040_firmware *
dell precision_7520_firmware *
dell inspiron_5680_firmware *
dell inspiron_5490_firmware *
dell latitude_3180_firmware *
dell optiplex_5480_firmware *
dell vostro_14_3478_firmware *
dell latitude_5500_firmware *
dell latitude_5488_firmware *
dell inspiron_17_7773_firmware *
dell latitude_5511_firmware *
dell precision_3530_firmware *
dell latitude_7275_firmware *
dell xps_15_9575_firmware *
dell inspiron_5580_firmware *
dell latitude_5590_firmware *
dell wyse_5070_firmware *
dell optiplex_7050_firmware *
dell chengming_3990_firmware *
dell precision_3640_firmware *
dell inspiron_7786_firmware *
dell inspiron_3268_firmware *
dell vostro_3668_firmware *
dell vostro_3584_firmware *
dell inspiron_3881_firmware *
dell vostro_5090_firmware *
dell latitude_rugged_7424_firmware *
dell optiplex_7450_firmware *
dell alienware_aurora_r12_firmware *
dell xps_8940_firmware *
dell g3_3590_firmware *
dell vostro_5370_firmware *
dell alienware_m15_r3_firmware *
dell inspiron_5570_firmware *
dell vostro_3669_firmware *
dell precision_3550_firmware *
dell precision_5510_firmware *
dell inspiron_3481_firmware *
dell latitude_e5470_firmware *
dell inspiron_5477_firmware *
dell alienware_17_r4_firmware *
dell alienware_m15_r1_firmware *
dell xps_15_7590_firmware *
dell g7_7590_firmware *
dell latitude_3310_firmware *
dell g5_5000_firmware *
dell optiplex_7470_firmware *
dell vostro_14_3468_firmware *
CVE-2021-36324 HIGH

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
dell optiplex_7760_firmware *
dell precision_7540_firmware *
dell latitude_5289_firmware *
dell chengming_3988_firmware *
dell optiplex_7440_firmware *
dell optiplex_7770_firmware *
dell xps_27_7760_firmware *
dell latitude_7370_firmware *
dell latitude_5280_firmware *
dell inspiron_5491_firmware *
dell latitude_e7470_firmware *
dell inspiron_3477_firmware *
dell inspiron_7590_firmware *
dell inspiron_5400_firmware *
dell latitude_7490_firmware *
dell optiplex_7040_firmware *
dell inspiron_7777_firmware *
dell precision_3520_firmware *
dell latitude_rugged_5414_firmware *
dell latitude_rugged_extreme_7214_firmware *
dell inspiron_7386_firmware *
dell latitude_3480_firmware *
dell latitude_3580_firmware *
dell chengming_3977_firmware *
dell inspiron_7380_firmware *
dell vostro_5481_firmware *
dell latitude_5285_firmware *
dell latitude_3390_firmware *
dell latitude_3570_firmware *
dell latitude_7480_firmware *
dell inspiron_7370_firmware *
dell vostro_15_3568_firmware *
dell latitude_3490_firmware *
dell optiplex_5250_firmware *
dell g7_7587_firmware *
dell xps_15_9560_firmware *
dell alienware_m17_r1_firmware *
dell inspiron_7591_firmware *
dell optiplex_5270_firmware *
dell latitude_5410_firmware *
dell latitude_3551_firmware *
dell alienware_13_r3_firmware *
dell wyse_7040_firmware *
dell latitude_9510_firmware *
dell inspiron_7373_firmware *
dell optiplex_5060_firmware *
dell precision_5820_firmware *
dell inspiron_5401_firmware *
dell precision_3430_firmware *
dell inspiron_7567_firmware *
dell inspiron_5370_firmware *
dell alienware_m15_r2_firmware *
dell alienware_x15_r1_firmware *
dell xps_8930_firmware *
dell latitude_9410_firmware *
dell vostro_15_7580_firmware *
dell precision_5530_firmware *
dell vostro_3070_firmware *
dell optiplex_3050_firmware *
dell vostro_15_3578_firmware *
dell latitude_5411_firmware *
dell precision_3510_firmware *
dell latitude_5491_firmware *
dell g5_5090_firmware *
dell inspiron_3277_firmware *
dell inspiron_3781_firmware *
dell optiplex_3060_firmware *
dell vostro_5581_firmware *
dell inspiron_3581_firmware *
dell optiplex_xe3_firmware *
dell precision_7820_firmware *
dell latitude_7389_firmware *
dell vostro_3580_firmware *
dell precision_5540_firmware *
dell embedded_box_pc_5000_firmware *
dell latitude_7285_firmware *
dell precision_3930_firmware *
dell precision_7730_firmware *
dell precision_5720_firmware *
dell inspiron_7700_firmware *
dell latitude_rugged_7220_firmware *
dell latitude_5490_firmware *
dell inspiron_3880_firmware *
dell vostro_3881_firmware *
dell latitude_7380_firmware *
dell optiplex_5080_firmware *
dell inspiron_7580_firmware *
dell alienware_m17_r2_firmware *
dell alienware_15_r4_firmware *
dell alienware_aurora_r11_firmware *
dell inspiron_15_7570_firmware *
dell inspiron_15_7577_firmware *
dell latitude_5175_firmware *
dell inspiron_15_5582_firmware *
dell xps_13_9360_firmware *
dell precision_3240_firmware *
dell latitude_3470_firmware *
dell inspiron_3576_firmware *
dell optiplex_7460_firmware *
dell g3_3779_firmware *
dell g5_5590_firmware *
dell latitude_rugged_tablet_7212_firmware *
dell optiplex_7780_firmware *
dell optiplex_7070_firmware *
dell latitude_5288_firmware *
dell latitude_3300_firmware *
dell precision_7740_firmware *
dell vostro_3667_firmware *
dell g5_5587_firmware *
dell optiplex_5070_firmware *
dell vostro_3470_firmware *
dell inspiron_3480_firmware *
dell latitude_5501_firmware *
dell latitude_7300_firmware *
dell xps_13_9380_firmware *
dell latitude_7390_firmware *
dell inspiron_15_3567_firmware *
dell latitude_5179_firmware *
dell inspiron_15_5578_firmware *
dell vostro_3670_firmware *
dell optiplex_3046_firmware *
dell optiplex_5040_firmware *
dell inspiron_3671_firmware *
dell inspiron_14_3467_firmware *
dell optiplex_7080_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell inspiron_15_5566_firmware *
dell inspiron_5770_firmware *
dell latitude_e5570_firmware *
dell xps_7590_firmware *
dell alienware_aurora_r8_firmware *
dell inspiron_7790_firmware *
dell inspiron_3668_firmware *
dell inspiron_5480_firmware *
dell precision_7750_firmware *
dell alienware_area_51m_r2_firmware *
dell optiplex_5260_firmware *
dell latitude_3190_firmware *
dell latitude_5290_firmware *
dell chengming_3991_firmware *
dell alienware_x17_r1_firmware *
dell latitude_rugged_7220ex_firmware *
dell vostro_5880_firmware *
dell latitude_e7270_firmware *
dell inspiron_3470_firmware *
dell optiplex_7480_firmware *
dell latitude_7210_firmware *
dell latitude_5400_firmware *
dell latitude_5310_firmware *
dell optiplex_7060_firmware *
dell vostro_5471_firmware *
dell inspiron_15_7572_firmware *
dell xps_13_9370_firmware *
dell inspiron_7472_firmware *
dell vostro_3268_firmware *
dell vostro_3583_firmware *
dell latitude_5510_firmware *
dell precision_7550_firmware *
dell precision_3540_firmware *
dell vostro_3471_firmware *
dell latitude_3379_firmware *
dell precision_3620_firmware *
dell inspiron_7467_firmware *
dell latitude_7200_firmware *
dell vostro_14_5468_firmware *
dell vostro_3480_firmware *
dell precision_3420_firmware *
dell latitude_7280_firmware *
dell latitude_7290_firmware *
dell latitude_5300_firmware *
dell inspiron_3670_firmware *
dell inspiron_3471_firmware *
dell optiplex_7071_firmware *
dell latitude_rugged_5424_firmware *
dell inspiron_5482_firmware *
dell latitude_e5270_firmware *
dell precision_3541_firmware *
dell latitude_3380_firmware *
dell inspiron_3476_firmware *
dell g3_3579_firmware *
dell latitude_5480_firmware *
dell inspiron_15_5579_firmware *
dell precision_3630_firmware *
dell alienware_aurora_ryzen_edition_firmware *
dell inspiron_7586_firmware *
dell vostro_3660_firmware *
dell precision_7720_firmware *
dell vostro_15_7570_firmware *
dell inspiron_15_7573_firmware *
dell inspiron_14_5468_firmware *
dell vostro_3267_firmware *
dell alienware_17_r5_firmware *
dell inspiron_13_5379_firmware *
dell optiplex_5050_firmware *
dell optiplex_3240_firmware *
dell vostro_3481_firmware *
dell inspiron_3780_firmware *
dell vostro_3671_firmware *
dell precision_3440_firmware *
dell precision_7510_firmware *
dell chengming_3980_firmware *
dell inspiron_3280_firmware *
dell precision_3431_firmware *
dell latitude_rugged_5420_firmware *
dell latitude_rugged_extreme_7414_firmware *
dell latitude_7310_firmware *
dell precision_7710_firmware *
dell alienware_aurora_r9_firmware *
dell latitude_5580_firmware *
dell vostro_15_5568_firmware *
dell latitude_7410_firmware *
dell g7_7588_firmware *
dell g7_7790_firmware *
dell alienware_area_51m_r1_firmware *
dell optiplex_3070_firmware *
dell latitude_3189_firmware *
dell precision_7530_firmware *
dell vostro_3681_firmware *
dell precision_5520_firmware *
dell alienware_15_r3_firmware *
dell latitude_7400_firmware *
dell wyse_5470_firmware *
dell precision_7920_firmware *
dell optiplex_3280_firmware *
dell vostro_3581_firmware *
dell inspiron_5481_firmware *
dell optiplex_3080_firmware *
dell alienware_m17_r3_firmware *
dell alienware_aurora_r7_firmware *
dell inspiron_13_5378_firmware *
dell latitude_5591_firmware *
dell vostro_7590_firmware *
dell inspiron_3580_firmware *
dell latitude_3590_firmware *
dell optiplex_3040_firmware *
dell precision_7520_firmware *
dell inspiron_5680_firmware *
dell inspiron_5490_firmware *
dell latitude_3180_firmware *
dell optiplex_5480_firmware *
dell vostro_14_3478_firmware *
dell latitude_5500_firmware *
dell latitude_5488_firmware *
dell inspiron_17_7773_firmware *
dell latitude_5511_firmware *
dell precision_3530_firmware *
dell latitude_7275_firmware *
dell xps_15_9575_firmware *
dell inspiron_5580_firmware *
dell latitude_5590_firmware *
dell wyse_5070_firmware *
dell optiplex_7050_firmware *
dell chengming_3990_firmware *
dell precision_3640_firmware *
dell inspiron_7786_firmware *
dell inspiron_3268_firmware *
dell vostro_3668_firmware *
dell vostro_3584_firmware *
dell inspiron_3881_firmware *
dell vostro_5090_firmware *
dell latitude_rugged_7424_firmware *
dell optiplex_7450_firmware *
dell alienware_aurora_r12_firmware *
dell xps_8940_firmware *
dell g3_3590_firmware *
dell vostro_5370_firmware *
dell alienware_m15_r3_firmware *
dell inspiron_5570_firmware *
dell vostro_3669_firmware *
dell precision_3550_firmware *
dell precision_5510_firmware *
dell inspiron_3481_firmware *
dell latitude_e5470_firmware *
dell inspiron_5477_firmware *
dell alienware_17_r4_firmware *
dell alienware_m15_r1_firmware *
dell xps_15_7590_firmware *
dell g7_7590_firmware *
dell latitude_3310_firmware *
dell g5_5000_firmware *
dell optiplex_7470_firmware *
dell vostro_14_3468_firmware *
CVE-2021-36325 HIGH

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
dell optiplex_7760_firmware *
dell precision_7540_firmware *
dell latitude_5289_firmware *
dell chengming_3988_firmware *
dell optiplex_7440_firmware *
dell optiplex_7770_firmware *
dell xps_27_7760_firmware *
dell latitude_7370_firmware *
dell latitude_5280_firmware *
dell inspiron_5491_firmware *
dell latitude_e7470_firmware *
dell inspiron_3477_firmware *
dell inspiron_7590_firmware *
dell inspiron_5400_firmware *
dell latitude_7490_firmware *
dell optiplex_7040_firmware *
dell inspiron_7777_firmware *
dell precision_3520_firmware *
dell latitude_rugged_5414_firmware *
dell latitude_rugged_extreme_7214_firmware *
dell inspiron_7386_firmware *
dell latitude_3480_firmware *
dell latitude_3580_firmware *
dell chengming_3977_firmware *
dell inspiron_7380_firmware *
dell vostro_5481_firmware *
dell latitude_5285_firmware *
dell latitude_3390_firmware *
dell latitude_3570_firmware *
dell latitude_7480_firmware *
dell inspiron_7370_firmware *
dell vostro_15_3568_firmware *
dell latitude_3490_firmware *
dell optiplex_5250_firmware *
dell g7_7587_firmware *
dell xps_15_9560_firmware *
dell alienware_m17_r1_firmware *
dell inspiron_7591_firmware *
dell optiplex_5270_firmware *
dell latitude_5410_firmware *
dell latitude_3551_firmware *
dell alienware_13_r3_firmware *
dell wyse_7040_firmware *
dell latitude_9510_firmware *
dell inspiron_7373_firmware *
dell optiplex_5060_firmware *
dell precision_5820_firmware *
dell inspiron_5401_firmware *
dell precision_3430_firmware *
dell inspiron_7567_firmware *
dell inspiron_5370_firmware *
dell alienware_m15_r2_firmware *
dell alienware_x15_r1_firmware *
dell xps_8930_firmware *
dell latitude_9410_firmware *
dell vostro_15_7580_firmware *
dell precision_5530_firmware *
dell vostro_3070_firmware *
dell optiplex_3050_firmware *
dell vostro_15_3578_firmware *
dell latitude_5411_firmware *
dell precision_3510_firmware *
dell latitude_5491_firmware *
dell g5_5090_firmware *
dell inspiron_3277_firmware *
dell inspiron_3781_firmware *
dell optiplex_3060_firmware *
dell vostro_5581_firmware *
dell inspiron_3581_firmware *
dell optiplex_xe3_firmware *
dell precision_7820_firmware *
dell latitude_7389_firmware *
dell vostro_3580_firmware *
dell precision_5540_firmware *
dell embedded_box_pc_5000_firmware *
dell latitude_7285_firmware *
dell precision_3930_firmware *
dell precision_7730_firmware *
dell precision_5720_firmware *
dell inspiron_7700_firmware *
dell latitude_rugged_7220_firmware *
dell latitude_5490_firmware *
dell inspiron_3880_firmware *
dell vostro_3881_firmware *
dell latitude_7380_firmware *
dell optiplex_5080_firmware *
dell inspiron_7580_firmware *
dell alienware_m17_r2_firmware *
dell alienware_15_r4_firmware *
dell alienware_aurora_r11_firmware *
dell inspiron_15_7570_firmware *
dell inspiron_15_7577_firmware *
dell latitude_5175_firmware *
dell inspiron_15_5582_firmware *
dell xps_13_9360_firmware *
dell precision_3240_firmware *
dell latitude_3470_firmware *
dell inspiron_3576_firmware *
dell optiplex_7460_firmware *
dell g3_3779_firmware *
dell g5_5590_firmware *
dell latitude_rugged_tablet_7212_firmware *
dell optiplex_7780_firmware *
dell optiplex_7070_firmware *
dell latitude_5288_firmware *
dell latitude_3300_firmware *
dell precision_7740_firmware *
dell vostro_3667_firmware *
dell g5_5587_firmware *
dell optiplex_5070_firmware *
dell vostro_3470_firmware *
dell inspiron_3480_firmware *
dell latitude_5501_firmware *
dell latitude_7300_firmware *
dell xps_13_9380_firmware *
dell latitude_7390_firmware *
dell inspiron_15_3567_firmware *
dell latitude_5179_firmware *
dell inspiron_15_5578_firmware *
dell vostro_3670_firmware *
dell optiplex_3046_firmware *
dell optiplex_5040_firmware *
dell inspiron_3671_firmware *
dell inspiron_14_3467_firmware *
dell optiplex_7080_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell inspiron_15_5566_firmware *
dell inspiron_5770_firmware *
dell latitude_e5570_firmware *
dell xps_7590_firmware *
dell alienware_aurora_r8_firmware *
dell inspiron_7790_firmware *
dell inspiron_3668_firmware *
dell inspiron_5480_firmware *
dell precision_7750_firmware *
dell alienware_area_51m_r2_firmware *
dell optiplex_5260_firmware *
dell latitude_3190_firmware *
dell latitude_5290_firmware *
dell chengming_3991_firmware *
dell alienware_x17_r1_firmware *
dell latitude_rugged_7220ex_firmware *
dell vostro_5880_firmware *
dell latitude_e7270_firmware *
dell inspiron_3470_firmware *
dell optiplex_7480_firmware *
dell latitude_7210_firmware *
dell latitude_5400_firmware *
dell latitude_5310_firmware *
dell optiplex_7060_firmware *
dell vostro_5471_firmware *
dell inspiron_15_7572_firmware *
dell xps_13_9370_firmware *
dell inspiron_7472_firmware *
dell vostro_3268_firmware *
dell vostro_3583_firmware *
dell latitude_5510_firmware *
dell precision_7550_firmware *
dell precision_3540_firmware *
dell vostro_3471_firmware *
dell latitude_3379_firmware *
dell precision_3620_firmware *
dell inspiron_7467_firmware *
dell latitude_7200_firmware *
dell vostro_14_5468_firmware *
dell vostro_3480_firmware *
dell precision_3420_firmware *
dell latitude_7280_firmware *
dell latitude_7290_firmware *
dell latitude_5300_firmware *
dell inspiron_3670_firmware *
dell inspiron_3471_firmware *
dell optiplex_7071_firmware *
dell latitude_rugged_5424_firmware *
dell inspiron_5482_firmware *
dell latitude_e5270_firmware *
dell precision_3541_firmware *
dell latitude_3380_firmware *
dell inspiron_3476_firmware *
dell g3_3579_firmware *
dell latitude_5480_firmware *
dell inspiron_15_5579_firmware *
dell precision_3630_firmware *
dell alienware_aurora_ryzen_edition_firmware *
dell inspiron_7586_firmware *
dell vostro_3660_firmware *
dell precision_7720_firmware *
dell vostro_15_7570_firmware *
dell inspiron_15_7573_firmware *
dell inspiron_14_5468_firmware *
dell vostro_3267_firmware *
dell alienware_17_r5_firmware *
dell inspiron_13_5379_firmware *
dell optiplex_5050_firmware *
dell optiplex_3240_firmware *
dell vostro_3481_firmware *
dell inspiron_3780_firmware *
dell vostro_3671_firmware *
dell precision_3440_firmware *
dell precision_7510_firmware *
dell chengming_3980_firmware *
dell inspiron_3280_firmware *
dell precision_3431_firmware *
dell latitude_rugged_5420_firmware *
dell latitude_rugged_extreme_7414_firmware *
dell latitude_7310_firmware *
dell precision_7710_firmware *
dell alienware_aurora_r9_firmware *
dell latitude_5580_firmware *
dell vostro_15_5568_firmware *
dell latitude_7410_firmware *
dell g7_7588_firmware *
dell g7_7790_firmware *
dell alienware_area_51m_r1_firmware *
dell optiplex_3070_firmware *
dell latitude_3189_firmware *
dell precision_7530_firmware *
dell vostro_3681_firmware *
dell precision_5520_firmware *
dell alienware_15_r3_firmware *
dell latitude_7400_firmware *
dell wyse_5470_firmware *
dell precision_7920_firmware *
dell optiplex_3280_firmware *
dell vostro_3581_firmware *
dell inspiron_5481_firmware *
dell optiplex_3080_firmware *
dell alienware_m17_r3_firmware *
dell alienware_aurora_r7_firmware *
dell inspiron_13_5378_firmware *
dell latitude_5591_firmware *
dell vostro_7590_firmware *
dell inspiron_3580_firmware *
dell latitude_3590_firmware *
dell optiplex_3040_firmware *
dell precision_7520_firmware *
dell inspiron_5680_firmware *
dell inspiron_5490_firmware *
dell latitude_3180_firmware *
dell optiplex_5480_firmware *
dell vostro_14_3478_firmware *
dell latitude_5500_firmware *
dell latitude_5488_firmware *
dell inspiron_17_7773_firmware *
dell latitude_5511_firmware *
dell precision_3530_firmware *
dell latitude_7275_firmware *
dell xps_15_9575_firmware *
dell inspiron_5580_firmware *
dell latitude_5590_firmware *
dell wyse_5070_firmware *
dell optiplex_7050_firmware *
dell chengming_3990_firmware *
dell precision_3640_firmware *
dell inspiron_7786_firmware *
dell inspiron_3268_firmware *
dell vostro_3668_firmware *
dell vostro_3584_firmware *
dell inspiron_3881_firmware *
dell vostro_5090_firmware *
dell latitude_rugged_7424_firmware *
dell optiplex_7450_firmware *
dell alienware_aurora_r12_firmware *
dell xps_8940_firmware *
dell g3_3590_firmware *
dell vostro_5370_firmware *
dell alienware_m15_r3_firmware *
dell inspiron_5570_firmware *
dell vostro_3669_firmware *
dell precision_3550_firmware *
dell precision_5510_firmware *
dell inspiron_3481_firmware *
dell latitude_e5470_firmware *
dell inspiron_5477_firmware *
dell alienware_17_r4_firmware *
dell alienware_m15_r1_firmware *
dell xps_15_7590_firmware *
dell g7_7590_firmware *
dell latitude_3310_firmware *
dell g5_5000_firmware *
dell optiplex_7470_firmware *
dell vostro_14_3468_firmware *
CVE-2021-36326 MEDIUM

Dell EMC Streaming Data Platform, versions prior to 1.3 contain an SSL Strip Vulnerability in the User Interface (UI). A remote unauthenticated attacker could potentially exploit this vulnerability, leading to a downgrade in the communications between the client and server into an unencrypted format.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 2.8 3.6
security_alert@emc.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-757,

Products Affected

Vendor Product Version
dell emc_streaming_data_platform *
CVE-2021-36327 MEDIUM

Dell EMC Streaming Data Platform versions before 1.3 contain a Server Side Request Forgery Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to perform port scanning of internal networks and make HTTP requests to an arbitrary domain of the attacker's choice.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
dell emc_streaming_data_platform *
CVE-2021-36328 MEDIUM

Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Injection Vulnerability. A remote malicious user may potentially exploit this vulnerability to execute SQL commands to perform unauthorized actions and retrieve sensitive information from the database.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-598,CWE-89,

Products Affected

Vendor Product Version
dell emc_streaming_data_platform *
CVE-2021-36329 MEDIUM

Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerability. A remote malicious user may potentially exploit this vulnerability to gain sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
security_alert@emc.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-639,

Products Affected

Vendor Product Version
dell emc_streaming_data_platform *
CVE-2021-36330 HIGH

Dell EMC Streaming Data Platform versions before 1.3 contain an Insufficient Session Expiration Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to reuse old session artifacts to impersonate a legitimate user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security_alert@emc.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-613,

Products Affected

Vendor Product Version
dell emc_streaming_data_platform *
CVE-2021-36332 MEDIUM

Dell EMC CloudLink 7.1 and all prior versions contain a HTML and Javascript Injection Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, directing end user to arbitrary and potentially malicious websites.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.8 2.5
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,

Products Affected

Vendor Product Version
dell emc_cloud_link *
CVE-2021-36333 LOW

Dell EMC CloudLink 7.1 and all prior versions contain a Buffer Overflow Vulnerability. A local low privileged attacker, may potentially exploit this vulnerability, leading to an application crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
security_alert@emc.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-120,

Products Affected

Vendor Product Version
dell emc_cloud_link *
CVE-2021-36334 MEDIUM

Dell EMC CloudLink 7.1 and all prior versions contain a CSV formula Injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to arbitrary code execution on end user machine

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L 1.7 3.7
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1236,

Products Affected

Vendor Product Version
dell emc_cloud_link *
CVE-2021-36335 MEDIUM

Dell EMC CloudLink 7.1 and all prior versions contain an Improper Input Validation Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, leading to execution of arbitrary files on the server

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
security_alert@emc.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
dell emc_cloud_link *
CVE-2021-36336 HIGH

Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that could allow an unauthenticated attacker to execute code on the affected system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
dell wyse_management_suite *
CVE-2021-36337 MEDIUM

Dell Wyse Management Suite version 3.3.1 and prior support insecure Transport Security Protocols TLS 1.0 and TLS 1.1 which are susceptible to Man-In-The-Middle attacks thereby compromising Confidentiality and Integrity of data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2
security_alert@emc.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N 2.2 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-326,

Products Affected

Vendor Product Version
dell wyse_management_suite *
CVE-2021-36338 MEDIUM

Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. CVE-2022-31233 addresses the partial fix in CVE-2021-36338.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-602,CWE-565,

Products Affected

Vendor Product Version
dell solutions_enabler_virtual_appliance *
dell unisphere_for_powermax_virtual_appliance *
dell unisphere_360 *
dell solutions_enabler *
dell vasa *
dell powermax_os 5978
dell unisphere_for_powermax *
CVE-2021-36339 MEDIUM

The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-250,NVD-CWE-Other,

Products Affected

Vendor Product Version
dell solutions_enabler_virtual_appliance *
dell unisphere_for_powermax_virtual_appliance *
dell unisphere_360 *
dell solutions_enabler *
dell vasa *
dell powermax_os 5978
dell unisphere_for_powermax *
CVE-2021-36340 LOW

Dell EMC SCG 5.00.00.10 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information and use it.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-532,

Products Affected

Vendor Product Version
dell secure_connect_gateway 5.00.00.10
dell secure_connect_gateway 3.52.10.08
dell emc_secure_connect_gateway 5.00.00.10
dell emc_secure_connect_gateway 3.52.10.08
CVE-2021-36341 LOW

Dell Wyse Device Agent version 14.5.4.1 and below contain a sensitive data exposure vulnerability. A local authenticated user with low privileges could potentially exploit this vulnerability in order to access sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
dell wyse_device_agent *
CVE-2021-36342 HIGH

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-20,

Products Affected

Vendor Product Version
dell inspiron_5310_firmware *
dell inspiron_5591_2-in-1_firmware *
dell optiplex_3090_firmware *
dell optiplex_7480_all-in-one_firmware *
dell inspiron_3593_firmware *
dell inspiron_5593_firmware *
dell latitude_e7470_firmware *
dell latitude_7414_rugged_extreme_firmware *
dell optiplex_7070_uff_firmware *
dell latitude_3410_firmware *
dell optiplex_7040_firmware *
dell latitude_7210_2-in-1_firmware *
dell precision_3520_firmware *
dell latitude_3520_firmware *
dell latitude_3580_firmware *
dell dell_g7_7587_firmware *
dell inspiron_5409_firmware *
dell inspiron_7380_firmware *
dell inspiron_3477_aio_firmware *
dell latitude_3390_firmware *
dell latitude_7480_firmware *
dell latitude_3490_firmware *
dell precision_3630_tower_firmware *
dell alienware_m17_r1_firmware *
dell precision_7820_tower_firmware *
dell inspiron_7591_firmware *
dell latitude_3551_firmware *
dell optiplex_7460_all_in_one_firmware *
dell latitude_9510_firmware *
dell optiplex_5060_firmware *
dell inspiron_7610_firmware *
dell precision_3430_tower_firmware *
dell alienware_x15_r1_firmware *
dell optiplex_5260_all-in-one_firmware *
dell latitude_9410_firmware *
dell g7_7700_firmware *
dell precision_5530_firmware *
dell inspiron_13_7370_firmware *
dell optiplex_5490_aio_firmware *
dell vostro_3070_firmware *
dell inspiron_5300_firmware *
dell optiplex_3050_firmware *
dell precision_3510_firmware *
dell latitude_5491_firmware *
dell vostro_5502_firmware *
dell inspiron_3781_firmware *
dell precision_5820_tower_firmware *
dell vostro_5581_firmware *
dell inspiron_7510_firmware *
dell vostro_5501_firmware *
dell g3_3500_firmware *
dell vostro_3580_firmware *
dell latitude_rugged_7220_firmware *
dell vostro_5390_firmware *
dell inspiron_14_3473_firmware *
dell inspiron_3880_firmware *
dell inspiron_3482_firmware *
dell dell_g7_7588_firmware *
dell dell_g5_5590_firmware *
dell vostro_3400_firmware *
dell latitude_7380_firmware *
dell alienware_m17_r2_firmware *
dell latitude_7420_firmware *
dell inspiron_15_7570_firmware *
dell inspiron_15_5582_firmware *
dell dell_g3_3779_firmware *
dell g3_3779_firmware *
dell g5_5590_firmware *
dell alienware_m17_r4_firmware *
dell optiplex_7070_firmware *
dell precision_7740_firmware *
dell vostro_3890_firmware *
dell precision_7560_firmware *
dell precision_7760_firmware *
dell vostro_3470_firmware *
dell inspiron_5493_firmware *
dell latitude_9520_firmware *
dell inspiron_7506_2-in-1_firmware *
dell precision_5530_2-in-1_firmware *
dell latitude_7300_firmware *
dell latitude_3320_firmware *
dell precision_3420_tower_firmware *
dell vostro_5300_firmware *
dell inspiron_15_3567_firmware *
dell inspiron_3790_firmware *
dell inspiron_15_5578_firmware *
dell vostro_3670_firmware *
dell inspiron_3671_firmware *
dell inspiron_14_3467_firmware *
dell inspiron_15_gaming_7577_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell inspiron_15_5566_firmware *
dell latitude_5320_firmware *
dell inspiron_7500_2-in-1_firmware *
dell latitude_e5570_firmware *
dell latitude_13_7370_ultrabook_firmware *
dell alienware_aurora_r8_firmware *
dell inspiron_3668_firmware *
dell inspiron_5480_firmware *
dell latitude_5290_firmware *
dell latitude_rugged_7220ex_firmware *
dell precision_3560_firmware *
dell latitude_7320_detachable_firmware *
dell latitude_3510_firmware *
dell g15_5511_firmware *
dell inspiron_7306_2-in-1_firmware *
dell latitude_e7270_firmware *
dell inspiron_13_7378_firmware *
dell inspiron_3470_firmware *
dell latitude_14_rugged_5414_firmware *
dell inspiron_3582_firmware *
dell inspiron_15_7572_firmware *
dell vostro_3690_firmware *
dell latitude_5510_firmware *
dell vostro_3471_firmware *
dell latitude_3379_firmware *
dell dell_g7_7590_firmware *
dell vostro_14_5468_firmware *
dell latitude_9420_firmware *
dell precision_3450_firmware *
dell latitude_7400_2-in-1_firmware *
dell latitude_7290_firmware *
dell vostro_15_5410_firmware *
dell latitude_5300_firmware *
dell latitude_7320_firmware *
dell latitude_12_7285_firmware *
dell optiplex_7071_firmware *
dell latitude_e5270_firmware *
dell latitude_3380_firmware *
dell inspiron_3476_firmware *
dell optiplex_7780_all-in-one_firmware *
dell vostro_5491_firmware *
dell dell_g7_7500_firmware *
dell vostro_3660_firmware *
dell inspiron_3590_firmware *
dell vostro_15_7570_firmware *
dell latitude_7275_2-in-1_firmware *
dell vostro_3582_firmware *
dell precision_3431_tower_firmware *
dell alienware_17_r5_firmware *
dell vostro_5591_firmware *
dell inspiron_5502_firmware *
dell optiplex_5050_firmware *
dell vostro_3481_firmware *
dell vostro_3490_firmware *
dell inspiron_5583_firmware *
dell alienware_m15_r4_firmware *
dell inspiron_5406_2-in-1_firmware *
dell latitude_5290_2-in-1_firmware *
dell precision_3440_firmware *
dell precision_7510_firmware *
dell chengming_3980_firmware *
dell inspiron_3280_firmware *
dell latitude_rugged_5420_firmware *
dell latitude_5310_2_in_1_firmware *
dell precision_7710_firmware *
dell latitude_5580_firmware *
dell latitude_3120_firmware *
dell vostro_15_5568_firmware *
dell latitude_7410_firmware *
dell g7_7588_firmware *
dell g7_7790_firmware *
dell inspiron_5598_firmware *
dell latitude_3189_firmware *
dell inspiron_7791_firmware *
dell precision_5750_firmware *
dell vostro_3681_firmware *
dell inspiron_5491_2-in-1_firmware *
dell optiplex_3080_firmware *
dell inspiron_13_5378_firmware *
dell latitude_3590_firmware *
dell optiplex_3040_firmware *
dell inspiron_5402_firmware *
dell precision_7520_firmware *
dell latitude_3400_firmware *
dell vostro_15_5510_firmware *
dell latitude_3180_firmware *
dell inspiron_5584_firmware *
dell latitude_12_rugged_tablet_7212_firmware *
dell optiplex_7760_aio_firmware *
dell vostro_14_3478_firmware *
dell latitude_5500_firmware *
dell inspiron_5391_firmware *
dell inspiron_5501_firmware *
dell inspiron_5580_firmware *
dell inspiron_5594_firmware *
dell chengming_3990_firmware *
dell inspiron_7786_firmware *
dell inspiron_5301_firmware *
dell vostro_3584_firmware *
dell inspiron_3277_aio_firmware *
dell inspiron_3881_firmware *
dell vostro_5090_firmware *
dell latitude_rugged_7424_firmware *
dell alienware_aurora_r12_firmware *
dell inspiron_13_7373_firmware *
dell dell_g5_5500_firmware *
dell inspiron_5570_firmware *
dell precision_3550_firmware *
dell inspiron_7300_2-in-1_firmware *
dell optiplex_3280_all-in-one_firmware *
dell optiplex_5480_all-in-one_firmware *
dell dell_g3_3500_firmware *
dell precision_3930_rack_firmware *
dell alienware_17_r4_firmware *
dell alienware_m15_r1_firmware *
dell inspiron_3490_firmware *
dell inspiron_15_5518_firmware *
dell g5_5000_firmware *
dell vostro_14_3468_firmware *
dell precision_7540_firmware *
dell chengming_3988_firmware *
dell latitude_5280_firmware *
dell inspiron_5410_firmware *
dell vostro_3510_firmware *
dell optiplex_7770_all-in-one_firmware *
dell inspiron_5408_firmware *
dell inspiron_3502_firmware *
dell inspiron_7590_firmware *
dell latitude_7490_firmware *
dell inspiron_7777_aio_firmware *
dell inspiron_3493_firmware *
dell inspiron_7386_firmware *
dell latitude_7520_firmware *
dell latitude_3480_firmware *
dell latitude_3310_2-in-1_firmware *
dell vostro_3590_firmware *
dell chengming_3977_firmware *
dell vostro_5481_firmware *
dell latitude_3570_firmware *
dell vostro_15_3568_firmware *
dell optiplex_5250_firmware *
dell g7_7587_firmware *
dell inspiron_3510_firmware *
dell latitude_5410_firmware *
dell vostro_5391_firmware *
dell alienware_13_r3_firmware *
dell optiplex_3050_aio_firmware *
dell optiplex_7490_aio_firmware *
dell inspiron_5401_firmware *
dell optiplex_7470_all-in-one_firmware *
dell inspiron_5370_firmware *
dell alienware_m15_r2_firmware *
dell vostro_15_7580_firmware *
dell vostro_15_3578_firmware *
dell latitude_5411_firmware *
dell g5_5090_firmware *
dell g7_7500_firmware *
dell optiplex_3060_firmware *
dell inspiron_3581_firmware *
dell optiplex_xe3_firmware *
dell inspiron_5590_firmware *
dell precision_5540_firmware *
dell embedded_box_pc_5000_firmware *
dell precision_7730_firmware *
dell inspiron_7501_firmware *
dell vostro_7510_firmware *
dell latitude_5490_firmware *
dell precision_5720_aio_firmware *
dell inspiron_7390_firmware *
dell latitude_5520_firmware *
dell precision_3561_firmware *
dell inspiron_5508_firmware *
dell g5_5500_firmware *
dell vostro_3881_firmware *
dell inspiron_5509_firmware *
dell latitude_5521_firmware *
dell vostro_5401_firmware *
dell vostro_3500_firmware *
dell vostro_3501_firmware *
dell vostro_15_3572_firmware *
dell optiplex_5080_firmware *
dell inspiron_7580_firmware *
dell latitude_5420_firmware *
dell alienware_15_r4_firmware *
dell alienware_aurora_r11_firmware *
dell latitude_12_7280_ultrabook_firmware *
dell inspiron_7490_firmware *
dell inspiron_5400_2-in-1_firmware *
dell latitude_5175_firmware *
dell inspiron_14_5410_firmware *
dell inspiron_3891_firmware *
dell latitude_7200_2-in-1_firmware *
dell latitude_3470_firmware *
dell inspiron_3576_firmware *
dell precision_3620_tower_firmware *
dell latitude_5288_firmware *
dell latitude_3300_firmware *
dell optiplex_7090_uff_firmware *
dell vostro_3667_firmware *
dell inspiron_5494_firmware *
dell optiplex_5070_firmware *
dell inspiron_5477_aio_firmware *
dell inspiron_13_7000_firmware *
dell dell_g5_5090_firmware *
dell inspiron_3480_firmware *
dell latitude_5501_firmware *
dell inspiron_15_3573_firmware *
dell latitude_7390_firmware *
dell precision_3240_cff_firmware *
dell latitude_5179_firmware *
dell inspiron_5490_aio_firmware *
dell optiplex_3046_firmware *
dell optiplex_5040_firmware *
dell inspiron_7300_firmware *
dell optiplex_7080_firmware *
dell inspiron_7400_firmware *
dell latitude_3420_firmware *
dell inspiron_5770_firmware *
dell inspiron_3793_firmware *
dell inspiron_7790_firmware *
dell inspiron_3472_firmware *
dell precision_7750_firmware *
dell alienware_area_51m_r2_firmware *
dell latitude_3190_firmware *
dell chengming_3991_firmware *
dell alienware_x17_r1_firmware *
dell precision_5550_firmware *
dell inspiron_7706_2-in-1_firmware *
dell latitude_5300_2-in-1_firmware *
dell vostro_5880_firmware *
dell vostro_3562_firmware *
dell inspiron_5401_aio_firmware *
dell inspiron_7700_aio_firmware *
dell latitude_5400_firmware *
dell optiplex_5090_tower_firmware *
dell latitude_5310_firmware *
dell optiplex_7060_firmware *
dell inspiron_5400_aio_firmware *
dell inspiron_7472_firmware *
dell vostro_3268_firmware *
dell vostro_3583_firmware *
dell precision_7550_firmware *
dell precision_3540_firmware *
dell vostro_3480_firmware *
dell dell_g3_3579_firmware *
dell optiplex_5270_all-in-one_firmware *
dell optiplex_3240_all-in-one_firmware *
dell dell_g15_5511_firmware *
dell inspiron_5491_aio_firmware *
dell inspiron_3782_firmware *
dell precision_7920_tower_firmware *
dell inspiron_3670_firmware *
dell latitude_5285_2-in-1_firmware *
dell optiplex_7440_aio_firmware *
dell inspiron_3471_firmware *
dell vostro_5301_firmware *
dell latitude_rugged_5424_firmware *
dell inspiron_5482_firmware *
dell latitude_3190_2-in-1_firmware *
dell precision_3541_firmware *
dell dell_g7_7790_firmware *
dell g3_3579_firmware *
dell latitude_5480_firmware *
dell inspiron_15_5579_firmware *
dell dell_g15_5510_firmware *
dell inspiron_7586_firmware *
dell precision_7720_firmware *
dell inspiron_15_7573_firmware *
dell latitude_3500_firmware *
dell vostro_3267_firmware *
dell inspiron_5390_firmware *
dell inspiron_13_5379_firmware *
dell latitude_5421_firmware *
dell inspiron_3780_firmware *
dell vostro_3671_firmware *
dell vostro_5890_firmware *
dell dell_g7_7700_firmware *
dell latitude_7310_firmware *
dell vostro_5590_firmware *
dell alienware_aurora_r9_firmware *
dell dell_g5_5000_firmware *
dell optiplex_7090_tower_firmware *
dell vostro_14_5471_firmware *
dell alienware_area_51m_r1_firmware *
dell latitude_12_rugged_extreme_7214_firmware *
dell vostro_5310_firmware *
dell optiplex_3070_firmware *
dell latitude_13_7389_2-in-1_firmware *
dell precision_7530_firmware *
dell precision_5520_firmware *
dell alienware_15_r3_firmware *
dell latitude_7400_firmware *
dell vostro_5402_firmware *
dell latitude_13_7390_2-in-1_firmware *
dell vostro_3581_firmware *
dell inspiron_5481_firmware *
dell alienware_m17_r3_firmware *
dell latitude_5591_firmware *
dell vostro_7500_firmware *
dell vostro_7590_firmware *
dell inspiron_3580_firmware *
dell inspiron_5680_firmware *
dell inspiron_5490_firmware *
dell latitude_5488_firmware *
dell inspiron_17_7773_firmware *
dell vostro_3401_firmware *
dell dell_g3_3590_firmware *
dell latitude_5511_firmware *
dell inspiron_3480_aio_firmware *
dell precision_3530_firmware *
dell inspiron_3501_firmware *
dell g15_5510_firmware *
dell latitude_5590_firmware *
dell optiplex_7050_firmware *
dell precision_3640_firmware *
dell inspiron_3268_firmware *
dell latitude_12_5289_2-in-1_firmware *
dell inspiron_3462_firmware *
dell inspiron_7391_firmware *
dell vostro_3668_firmware *
dell inspiron_3511_firmware *
dell optiplex_7450_firmware *
dell inspiron_7500_firmware *
dell g3_3590_firmware *
dell alienware_m15_r3_firmware *
dell vostro_3669_firmware *
dell precision_5510_firmware *
dell inspiron_3481_firmware *
dell latitude_e5470_firmware *
dell inspiron_5498_firmware *
dell vostro_5490_firmware *
dell vostro_13_5370_firmware *
dell g7_7590_firmware *
dell latitude_3310_firmware *
dell latitude_3301_firmware *
CVE-2021-36343 HIGH

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-20,

Products Affected

Vendor Product Version
dell inspiron_5310_firmware *
dell inspiron_5591_2-in-1_firmware *
dell optiplex_3090_firmware *
dell optiplex_7480_all-in-one_firmware *
dell inspiron_3593_firmware *
dell inspiron_5593_firmware *
dell latitude_e7470_firmware *
dell latitude_7414_rugged_extreme_firmware *
dell optiplex_7070_uff_firmware *
dell latitude_3410_firmware *
dell optiplex_7040_firmware *
dell latitude_7210_2-in-1_firmware *
dell precision_3520_firmware *
dell latitude_3520_firmware *
dell latitude_3580_firmware *
dell dell_g7_7587_firmware *
dell inspiron_5409_firmware *
dell inspiron_7380_firmware *
dell inspiron_3477_aio_firmware *
dell latitude_3390_firmware *
dell latitude_7480_firmware *
dell latitude_3490_firmware *
dell precision_3630_tower_firmware *
dell alienware_m17_r1_firmware *
dell precision_7820_tower_firmware *
dell inspiron_7591_firmware *
dell latitude_3551_firmware *
dell optiplex_7460_all_in_one_firmware *
dell latitude_9510_firmware *
dell optiplex_5060_firmware *
dell inspiron_7610_firmware *
dell precision_3430_tower_firmware *
dell alienware_x15_r1_firmware *
dell optiplex_5260_all-in-one_firmware *
dell latitude_9410_firmware *
dell precision_5530_firmware *
dell inspiron_13_7370_firmware *
dell optiplex_5490_aio_firmware *
dell vostro_3070_firmware *
dell inspiron_5300_firmware *
dell optiplex_3050_firmware *
dell precision_3510_firmware *
dell latitude_5491_firmware *
dell vostro_5502_firmware *
dell inspiron_3781_firmware *
dell precision_5820_tower_firmware *
dell vostro_5581_firmware *
dell inspiron_7510_firmware *
dell vostro_5501_firmware *
dell vostro_3580_firmware *
dell latitude_rugged_7220_firmware *
dell vostro_5390_firmware *
dell inspiron_14_3473_firmware *
dell inspiron_3880_firmware *
dell inspiron_3482_firmware *
dell dell_g7_7588_firmware *
dell dell_g5_5590_firmware *
dell vostro_3400_firmware *
dell latitude_7380_firmware *
dell alienware_m17_r2_firmware *
dell latitude_7420_firmware *
dell inspiron_15_7570_firmware *
dell inspiron_15_5582_firmware *
dell dell_g3_3779_firmware *
dell alienware_m17_r4_firmware *
dell optiplex_7070_firmware *
dell precision_7740_firmware *
dell vostro_3890_firmware *
dell precision_7560_firmware *
dell precision_7760_firmware *
dell vostro_3470_firmware *
dell inspiron_5493_firmware *
dell latitude_9520_firmware *
dell inspiron_7506_2-in-1_firmware *
dell precision_5530_2-in-1_firmware *
dell latitude_7300_firmware *
dell latitude_3320_firmware *
dell precision_3420_tower_firmware *
dell vostro_5300_firmware *
dell inspiron_15_3567_firmware *
dell inspiron_3790_firmware *
dell inspiron_15_5578_firmware *
dell vostro_3670_firmware *
dell inspiron_3671_firmware *
dell inspiron_14_3467_firmware *
dell inspiron_15_gaming_7577_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell inspiron_15_5566_firmware *
dell latitude_5320_firmware *
dell inspiron_7500_2-in-1_firmware *
dell latitude_e5570_firmware *
dell latitude_13_7370_ultrabook_firmware *
dell alienware_aurora_r8_firmware *
dell inspiron_3668_firmware *
dell inspiron_5480_firmware *
dell latitude_5290_firmware *
dell latitude_rugged_7220ex_firmware *
dell precision_3560_firmware *
dell latitude_7320_detachable_firmware *
dell latitude_3510_firmware *
dell inspiron_7306_2-in-1_firmware *
dell latitude_e7270_firmware *
dell inspiron_13_7378_firmware *
dell inspiron_3470_firmware *
dell latitude_14_rugged_5414_firmware *
dell inspiron_3582_firmware *
dell inspiron_15_7572_firmware *
dell vostro_3690_firmware *
dell latitude_5510_firmware *
dell vostro_3471_firmware *
dell latitude_3379_firmware *
dell dell_g7_7590_firmware *
dell vostro_14_5468_firmware *
dell latitude_9420_firmware *
dell precision_3450_firmware *
dell latitude_7400_2-in-1_firmware *
dell latitude_7290_firmware *
dell vostro_15_5410_firmware *
dell latitude_5300_firmware *
dell latitude_7320_firmware *
dell latitude_12_7285_firmware *
dell optiplex_7071_firmware *
dell latitude_e5270_firmware *
dell latitude_3380_firmware *
dell inspiron_3476_firmware *
dell optiplex_7780_all-in-one_firmware *
dell vostro_5491_firmware *
dell dell_g7_7500_firmware *
dell vostro_3660_firmware *
dell inspiron_3590_firmware *
dell vostro_15_7570_firmware *
dell latitude_7275_2-in-1_firmware *
dell vostro_3582_firmware *
dell precision_3431_tower_firmware *
dell alienware_17_r5_firmware *
dell vostro_5591_firmware *
dell inspiron_5502_firmware *
dell optiplex_5050_firmware *
dell vostro_3481_firmware *
dell vostro_3490_firmware *
dell inspiron_5583_firmware *
dell alienware_m15_r4_firmware *
dell inspiron_5406_2-in-1_firmware *
dell latitude_5290_2-in-1_firmware *
dell precision_3440_firmware *
dell precision_7510_firmware *
dell chengming_3980_firmware *
dell inspiron_3280_firmware *
dell latitude_rugged_5420_firmware *
dell latitude_5310_2_in_1_firmware *
dell precision_7710_firmware *
dell latitude_5580_firmware *
dell latitude_3120_firmware *
dell vostro_15_5568_firmware *
dell latitude_7410_firmware *
dell inspiron_5598_firmware *
dell latitude_3189_firmware *
dell inspiron_7791_firmware *
dell precision_5750_firmware *
dell vostro_3681_firmware *
dell inspiron_5491_2-in-1_firmware *
dell optiplex_3080_firmware *
dell inspiron_13_5378_firmware *
dell latitude_3590_firmware *
dell optiplex_3040_firmware *
dell inspiron_5402_firmware *
dell precision_7520_firmware *
dell latitude_3400_firmware *
dell vostro_15_5510_firmware *
dell latitude_3180_firmware *
dell inspiron_5584_firmware *
dell latitude_12_rugged_tablet_7212_firmware *
dell optiplex_7760_aio_firmware *
dell vostro_14_3478_firmware *
dell latitude_5500_firmware *
dell inspiron_5391_firmware *
dell inspiron_5501_firmware *
dell inspiron_5580_firmware *
dell inspiron_5594_firmware *
dell chengming_3990_firmware *
dell inspiron_7786_firmware *
dell inspiron_5301_firmware *
dell vostro_3584_firmware *
dell inspiron_3277_aio_firmware *
dell inspiron_3881_firmware *
dell vostro_5090_firmware *
dell latitude_rugged_7424_firmware *
dell alienware_aurora_r12_firmware *
dell inspiron_13_7373_firmware *
dell dell_g5_5500_firmware *
dell inspiron_5570_firmware *
dell precision_3550_firmware *
dell inspiron_7300_2-in-1_firmware *
dell optiplex_3280_all-in-one_firmware *
dell optiplex_5480_all-in-one_firmware *
dell dell_g3_3500_firmware *
dell precision_3930_rack_firmware *
dell alienware_17_r4_firmware *
dell alienware_m15_r1_firmware *
dell inspiron_3490_firmware *
dell inspiron_15_5518_firmware *
dell vostro_14_3468_firmware *
dell precision_7540_firmware *
dell chengming_3988_firmware *
dell latitude_5280_firmware *
dell inspiron_5410_firmware *
dell vostro_3510_firmware *
dell optiplex_7770_all-in-one_firmware *
dell inspiron_5408_firmware *
dell inspiron_3502_firmware *
dell inspiron_7590_firmware *
dell latitude_7490_firmware *
dell inspiron_7777_aio_firmware *
dell inspiron_3493_firmware *
dell inspiron_7386_firmware *
dell latitude_7520_firmware *
dell latitude_3480_firmware *
dell latitude_3310_2-in-1_firmware *
dell vostro_3590_firmware *
dell chengming_3977_firmware *
dell vostro_5481_firmware *
dell latitude_3570_firmware *
dell vostro_15_3568_firmware *
dell optiplex_5250_firmware *
dell inspiron_3510_firmware *
dell latitude_5410_firmware *
dell vostro_5391_firmware *
dell alienware_13_r3_firmware *
dell optiplex_3050_aio_firmware *
dell optiplex_7490_aio_firmware *
dell inspiron_5401_firmware *
dell optiplex_7470_all-in-one_firmware *
dell inspiron_5370_firmware *
dell alienware_m15_r2_firmware *
dell vostro_15_7580_firmware *
dell vostro_15_3578_firmware *
dell latitude_5411_firmware *
dell optiplex_3060_firmware *
dell inspiron_3581_firmware *
dell optiplex_xe3_firmware *
dell inspiron_5590_firmware *
dell precision_5540_firmware *
dell embedded_box_pc_5000_firmware *
dell precision_7730_firmware *
dell inspiron_7501_firmware *
dell vostro_7510_firmware *
dell latitude_5490_firmware *
dell precision_5720_aio_firmware *
dell inspiron_7390_firmware *
dell latitude_5520_firmware *
dell precision_3561_firmware *
dell inspiron_5508_firmware *
dell vostro_3881_firmware *
dell inspiron_5509_firmware *
dell latitude_5521_firmware *
dell vostro_5401_firmware *
dell vostro_3500_firmware *
dell vostro_3501_firmware *
dell vostro_15_3572_firmware *
dell optiplex_5080_firmware *
dell inspiron_7580_firmware *
dell latitude_5420_firmware *
dell alienware_15_r4_firmware *
dell alienware_aurora_r11_firmware *
dell latitude_12_7280_ultrabook_firmware *
dell inspiron_7490_firmware *
dell inspiron_5400_2-in-1_firmware *
dell latitude_5175_firmware *
dell inspiron_14_5410_firmware *
dell inspiron_3891_firmware *
dell latitude_7200_2-in-1_firmware *
dell latitude_3470_firmware *
dell inspiron_3576_firmware *
dell precision_3620_tower_firmware *
dell latitude_5288_firmware *
dell latitude_3300_firmware *
dell optiplex_7090_uff_firmware *
dell vostro_3667_firmware *
dell inspiron_5494_firmware *
dell optiplex_5070_firmware *
dell inspiron_5477_aio_firmware *
dell inspiron_13_7000_firmware *
dell dell_g5_5090_firmware *
dell inspiron_3480_firmware *
dell latitude_5501_firmware *
dell inspiron_15_3573_firmware *
dell latitude_7390_firmware *
dell precision_3240_cff_firmware *
dell latitude_5179_firmware *
dell inspiron_5490_aio_firmware *
dell optiplex_3046_firmware *
dell optiplex_5040_firmware *
dell inspiron_7300_firmware *
dell optiplex_7080_firmware *
dell inspiron_7400_firmware *
dell latitude_3420_firmware *
dell inspiron_5770_firmware *
dell inspiron_3793_firmware *
dell inspiron_7790_firmware *
dell inspiron_3472_firmware *
dell precision_7750_firmware *
dell alienware_area_51m_r2_firmware *
dell latitude_3190_firmware *
dell chengming_3991_firmware *
dell alienware_x17_r1_firmware *
dell precision_5550_firmware *
dell inspiron_7706_2-in-1_firmware *
dell latitude_5300_2-in-1_firmware *
dell vostro_5880_firmware *
dell vostro_3562_firmware *
dell inspiron_5401_aio_firmware *
dell inspiron_7700_aio_firmware *
dell latitude_5400_firmware *
dell optiplex_5090_tower_firmware *
dell latitude_5310_firmware *
dell optiplex_7060_firmware *
dell inspiron_5400_aio_firmware *
dell inspiron_7472_firmware *
dell vostro_3268_firmware *
dell vostro_3583_firmware *
dell precision_7550_firmware *
dell precision_3540_firmware *
dell vostro_3480_firmware *
dell dell_g3_3579_firmware *
dell optiplex_5270_all-in-one_firmware *
dell optiplex_3240_all-in-one_firmware *
dell dell_g15_5511_firmware *
dell inspiron_5491_aio_firmware *
dell inspiron_3782_firmware *
dell precision_7920_tower_firmware *
dell inspiron_3670_firmware *
dell latitude_5285_2-in-1_firmware *
dell optiplex_7440_aio_firmware *
dell inspiron_3471_firmware *
dell vostro_5301_firmware *
dell latitude_rugged_5424_firmware *
dell inspiron_5482_firmware *
dell latitude_3190_2-in-1_firmware *
dell precision_3541_firmware *
dell dell_g7_7790_firmware *
dell latitude_5480_firmware *
dell inspiron_15_5579_firmware *
dell dell_g15_5510_firmware *
dell inspiron_7586_firmware *
dell precision_7720_firmware *
dell inspiron_15_7573_firmware *
dell latitude_3500_firmware *
dell vostro_3267_firmware *
dell inspiron_5390_firmware *
dell inspiron_13_5379_firmware *
dell latitude_5421_firmware *
dell inspiron_3780_firmware *
dell vostro_3671_firmware *
dell vostro_5890_firmware *
dell dell_g7_7700_firmware *
dell latitude_7310_firmware *
dell vostro_5590_firmware *
dell alienware_aurora_r9_firmware *
dell dell_g5_5000_firmware *
dell optiplex_7090_tower_firmware *
dell vostro_14_5471_firmware *
dell alienware_area_51m_r1_firmware *
dell latitude_12_rugged_extreme_7214_firmware *
dell vostro_5310_firmware *
dell optiplex_3070_firmware *
dell latitude_13_7389_2-in-1_firmware *
dell precision_7530_firmware *
dell precision_5520_firmware *
dell alienware_15_r3_firmware *
dell latitude_7400_firmware *
dell vostro_5402_firmware *
dell latitude_13_7390_2-in-1_firmware *
dell vostro_3581_firmware *
dell inspiron_5481_firmware *
dell alienware_m17_r3_firmware *
dell latitude_5591_firmware *
dell vostro_7500_firmware *
dell vostro_7590_firmware *
dell inspiron_3580_firmware *
dell inspiron_5680_firmware *
dell inspiron_5490_firmware *
dell latitude_5488_firmware *
dell inspiron_17_7773_firmware *
dell vostro_3401_firmware *
dell dell_g3_3590_firmware *
dell latitude_5511_firmware *
dell inspiron_3480_aio_firmware *
dell precision_3530_firmware *
dell inspiron_3501_firmware *
dell latitude_5590_firmware *
dell optiplex_7050_firmware *
dell precision_3640_firmware *
dell inspiron_3268_firmware *
dell latitude_12_5289_2-in-1_firmware *
dell inspiron_3462_firmware *
dell inspiron_7391_firmware *
dell vostro_3668_firmware *
dell inspiron_3511_firmware *
dell optiplex_7450_firmware *
dell inspiron_7500_firmware *
dell alienware_m15_r3_firmware *
dell vostro_3669_firmware *
dell precision_5510_firmware *
dell inspiron_3481_firmware *
dell latitude_e5470_firmware *
dell inspiron_5498_firmware *
dell vostro_5490_firmware *
dell vostro_13_5370_firmware *
dell latitude_3310_firmware *
dell latitude_3301_firmware *
CVE-2021-36346 MEDIUM

Dell iDRAC 8 prior to version 2.82.82.82 contain a denial of service vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to deny access to the iDRAC webserver.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
dell integrated_dell_remote_access_controller_8_firmware *
CVE-2021-36347 HIGH

iDRAC9 versions prior to 5.00.20.00 and iDRAC8 versions prior to 2.82.82.82 contain a stack-based buffer overflow vulnerability. An authenticated remote attacker with high privileges could potentially exploit this vulnerability to control process execution and gain access to the iDRAC operating system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
dell integrated_dell_remote_access_controller_8_firmware *
dell integrated_dell_remote_access_controller_9_firmware *
CVE-2021-36348 MEDIUM

iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to iDRAC.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,CWE-74,

Products Affected

Vendor Product Version
dell integrated_dell_remote_access_controller_9_firmware *
CVE-2021-36349 MEDIUM

Dell EMC Data Protection Central versions 19.5 and prior contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user could potentially exploit this vulnerability, allowing port scanning of external hosts.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,CWE-918,

Products Affected

Vendor Product Version
dell emc_data_protection_central *
CVE-2021-36350 MEDIUM

Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authentication bypass by primary weakness in one of the authentication factors. A remote unauthenticated attacker may potentially exploit this vulnerability and bypass one of the factors of authentication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6
security_alert@emc.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2021-43587 HIGH

Dell PowerPath Management Appliance, versions 3.2, 3.1, 3.0 P01, 3.0, and 2.6, use hard-coded cryptographic key. A local high-privileged malicious user may potentially exploit this vulnerability to gain access to secrets and elevate to gain higher privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-321,

Products Affected

Vendor Product Version
dell powerpath_management_appliance 3.2
dell powerpath_management_appliance 2.6
dell powerpath_management_appliance 3.1
dell powerpath_management_appliance 3.0
CVE-2021-43588 MEDIUM

Dell EMC Data Protection Central version 19.5 contains an Improper Input Validation Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 2.8 1.4
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
dell emc_data_protection_central *
CVE-2021-43589 HIGH

Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT versions prior to 5.1.2.0.5.007 contain an operating system (OS) command injection Vulnerability. A locally authenticated user with high privileges may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the Unity underlying OS, with the privileges of the vulnerable application. Exploitation may lead to an elevation of privilege.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 0.8 5.2
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,CWE-78,

Products Affected

Vendor Product Version
dell emc_unityvsa_operating_environment *
dell emc_unity_xt_operating_environment *
dell emc_unity_operating_environment *
CVE-2021-43590 LOW

Dell EMC Enterprise Storage Analytics for vRealize Operations, versions 4.0.1 to 6.2.1, contain a Plain-text password storage vulnerability. A local high privileged malicious user may potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.8 5.2
security_alert@emc.com 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-256,CWE-312,

Products Affected

Vendor Product Version
dell enterprise_storage_analytics *
CVE-2022-22549 MEDIUM

Dell PowerScale OneFS, 8.2.x-9.3.x, contains a Improper Certificate Validation. A unauthenticated remote attacker could potentially exploit this vulnerability, leading to a man-in-the-middle capture of administrative credentials.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,CWE-295,

Products Affected

Vendor Product Version
dell emc_powerscale_onefs *
CVE-2022-22550 MEDIUM

Dell PowerScale OneFS, versions 8.2.2 and above, contain a password disclosure vulnerability. An unprivileged local attacker could potentially exploit this vulnerability, leading to account take over.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-549,CWE-522,

Products Affected

Vendor Product Version
dell emc_powerscale_onefs *
CVE-2022-22551 MEDIUM

DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. An Adjacent, unauthenticated attacker could potentially exploit this vulnerability, and hijack the victim session.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
security_alert@emc.com 8.3 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H 2.8 5.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-598,CWE-384,

Products Affected

Vendor Product Version
dell emc_appsync *
CVE-2022-22552 MEDIUM

Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerability in AppSync. A remote unauthenticated attacker could potentially exploit this vulnerability to trick the victim into executing state changing operations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:H 1.6 4.7
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1021,CWE-1021,

Products Affected

Vendor Product Version
dell emc_appsync *
CVE-2022-22553 HIGH

Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction of Excessive Authentication Attempts Vulnerability that can be exploited from UI and CLI. An adjacent unauthenticated attacker could potentially exploit this vulnerability, leading to password brute-forcing. Account takeover is possible if weak passwords are used by users.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-307,CWE-307,

Products Affected

Vendor Product Version
dell emc_appsync *
CVE-2022-22554 LOW

Dell EMC System Update, version 1.9.2 and prior, contain an Unprotected Storage of Credentials vulnerability. A local attacker with user privleges could potentially exploit this vulnerability leading to the disclosure of user passwords.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
security_alert@emc.com 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H 1.5 6.0

CVSS 2.0

Severity: LOW

Problem Type: CWE-256,CWE-522,

Products Affected

Vendor Product Version
dell emc_system_update *
CVE-2022-22555

Dell EMC PowerStore, contains an OS command injection Vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the PowerStore underlying OS, with the privileges of the vulnerable application. Exploitation may lead to an elevation of privilege.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 0.8 5.2
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell emc_powerstore_1200t_firmware *
dell emc_powerstore_3200t_firmware *
dell emc_powerstore_9200t_firmware *
dell emc_powerstore_500t_firmware *
dell emc_powerstore_5200t_firmware *
CVE-2022-22556 HIGH

Dell PowerStore contains an Uncontrolled Resource Consumption Vulnerability in PowerStore User Interface. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the Denial of Service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
security_alert@emc.com 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 2.2 1.4

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
dell powerstoreos *
CVE-2022-22557 HIGH

PowerStore contains Plain-Text Password Storage Vulnerability in PowerStore X & T environments running versions 2.0.0.x and 2.0.1.x A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-256,CWE-522,

Products Affected

Vendor Product Version
dell powerstoreos *
CVE-2022-22558 LOW

Dell PowerEdge Server BIOS and Dell Precision Workstation 7910 and 7920 Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A Local High Privileged attacker could potentially exploit this vulnerability leading to arbitrary writes or denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H 0.5 5.2
nvd@nist.gov 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 0.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-119,CWE-119,

Products Affected

Vendor Product Version
dell m830_firmware *
dell c6320_firmware *
dell m630p_firmware *
dell fc630_firmware *
dell r730xd_firmware *
dell c4130_firmware *
dell r430_firmware *
dell r7425_firmware *
dell r7415_firmware *
dell fc430_firmware *
dell r6415_firmware *
dell t630_firmware *
dell m630_firmware *
dell fc830_firmware *
dell r630_firmware *
dell r830_firmware *
dell r730_firmware *
dell m830p_firmware *
dell r530_firmware *
dell t430_firmware *
CVE-2022-22559 MEDIUM

Dell PowerScale OneFS, version 9.3.0, contains a use of a broken or risky cryptographic algorithm. An unprivileged network attacker could exploit this vulnerability, leading to the potential for information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-327,CWE-327,

Products Affected

Vendor Product Version
dell emc_powerscale_onefs 9.3.0
CVE-2022-22560 MEDIUM

Dell EMC PowerScale OneFS 8.1.x - 9.1.x contain hard coded credentials. This allows a local user with knowledge of the credentials to login as the admin user to the backend ethernet switch of a PowerScale cluster. The attacker can exploit this vulnerability to take the switch offline.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 1.8 5.2
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,CWE-798,

Products Affected

Vendor Product Version
dell emc_powerscale_onefs *
CVE-2022-22561 HIGH

Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contain an improper restriction of excessive authentication attempts. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to compromised accounts.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security_alert@emc.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-307,CWE-307,

Products Affected

Vendor Product Version
dell emc_powerscale_onefs *
CVE-2022-22562 MEDIUM

Dell PowerScale OneFS, versions 8.2.0-9.3.0, contain a improper handling of missing values exploit. An unauthenticated network attacker could potentially exploit this denial-of-service vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-229,NVD-CWE-Other,

Products Affected

Vendor Product Version
dell emc_powerscale_onefs *
CVE-2022-22563 LOW

Dell EMC Powerscale OneFS 8.2.x - 9.2.x omit security-relevant information in /etc/master.passwd. A high-privileged user can exploit this vulnerability to not record information identifying the source of account information changes.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N 0.8 3.6
security_alert@emc.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N 0.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-223,NVD-CWE-Other,

Products Affected

Vendor Product Version
dell emc_powerscale_onefs *
CVE-2022-22564

Dell EMC Unity versions before 5.2.0.0.5.173 , use(es) broken cryptographic algorithm. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6
security_alert@emc.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

Products Affected

Vendor Product Version
dell emc_unityvsa_operating_environment *
dell emc_unity_xt_operating_environment *
dell emc_unity_operating_environment *
CVE-2022-22565 MEDIUM

Dell PowerScale OneFS, versions 9.0.0-9.3.0, contain an improper authorization of index containing sensitive information. An authenticated and privileged user could potentially exploit this vulnerability, leading to disclosure or modification of sensitive data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.7 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L 1.2 3.4
nvd@nist.gov 3.8 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N 1.2 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-612,NVD-CWE-Other,

Products Affected

Vendor Product Version
dell emc_powerscale_onefs *
CVE-2022-22566 HIGH

Select Dell Client Commercial and Consumer platforms contain a pre-boot direct memory access (DMA) vulnerability. An authenticated attacker with physical access to the system may potentially exploit this vulnerability in order to execute arbitrary code on the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 0.5 6.0
security_alert@emc.com 6.9 MEDIUM CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.3 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-1190,NVD-CWE-Other,

Products Affected

Vendor Product Version
dell inspiron_5310_firmware *
dell inspiron_5591_2-in-1_firmware *
dell precision_7540_firmware *
dell optiplex_7480_all-in-one_firmware *
dell inspiron_5410_firmware *
dell inspiron_3593_firmware *
dell vostro_3510_firmware *
dell inspiron_5593_firmware *
dell inspiron_5408_firmware *
dell inspiron_7590_firmware *
dell optiplex_7070_uff_firmware *
dell latitude_3410_firmware *
dell latitude_7210_2-in-1_firmware *
dell inspiron_3493_firmware *
dell precision_3520_firmware *
dell latitude_3520_firmware *
dell latitude_7520_firmware *
dell latitude_3310_2-in-1_firmware *
dell inspiron_5409_firmware *
dell vostro_3590_firmware *
dell inspiron_7591_firmware *
dell latitude_5410_firmware *
dell vostro_5391_firmware *
dell latitude_9510_firmware *
dell inspiron_7610_firmware *
dell optiplex_7490_aio_firmware *
dell precision_3650_firmware *
dell inspiron_5401_firmware *
dell latitude_9410_firmware *
dell precision_3240_compact_firmware *
dell g7_7700_firmware *
dell optiplex_5490_aio_firmware *
dell inspiron_5300_firmware *
dell alienware_m15_r6_firmware *
dell latitude_5411_firmware *
dell vostro_5502_firmware *
dell precision_5760_firmware *
dell g7_7500_firmware *
dell xps_9305_firmware *
dell inspiron_7510_firmware *
dell vostro_5501_firmware *
dell g3_3500_firmware *
dell inspiron_5590_firmware *
dell inspiron_7500_2-in-1_black_firmware *
dell precision_5540_firmware *
dell inspiron_7501_firmware *
dell vostro_7510_firmware *
dell latitude_rugged_7220_firmware *
dell vostro_5390_firmware *
dell inspiron_7390_firmware *
dell inspiron_3880_firmware *
dell latitude_5520_firmware *
dell precision_3561_firmware *
dell inspiron_5508_firmware *
dell g5_5500_firmware *
dell vostro_3881_firmware *
dell inspiron_5509_firmware *
dell vostro_3400_firmware *
dell inspiron_7500_2-in-1_silver_firmware *
dell latitude_5521_firmware *
dell vostro_5401_firmware *
dell vostro_3500_firmware *
dell vostro_3501_firmware *
dell optiplex_5080_firmware *
dell latitude_5420_firmware *
dell latitude_7420_firmware *
dell latitude_rugged_7330_firmware *
dell inspiron_7490_firmware *
dell xps_17_9710_firmware *
dell inspiron_5400_2-in-1_firmware *
dell optiplex_3090_ultra_firmware *
dell precision_3551_firmware *
dell inspiron_14_5410_firmware *
dell inspiron_3891_firmware *
dell latitude_7200_2-in-1_firmware *
dell xps_15_9510_firmware *
dell alienware_m17_r4_firmware *
dell precision_7740_firmware *
dell latitude_rugged_7220_extreme_firmware *
dell vostro_3890_firmware *
dell inspiron_5494_firmware *
dell xps_15_9500_firmware *
dell precision_7560_firmware *
dell precision_7760_firmware *
dell inspiron_5493_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_9520_firmware *
dell latitude_rugged_5430_firmware *
dell latitude_5501_firmware *
dell inspiron_7506_2-in-1_firmware *
dell latitude_7300_firmware *
dell latitude_3320_firmware *
dell xps_13_9380_firmware *
dell vostro_5300_firmware *
dell inspiron_3790_firmware *
dell inspiron_5490_aio_firmware *
dell inspiron_7300_firmware *
dell optiplex_7080_firmware *
dell inspiron_7400_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell latitude_3420_firmware *
dell latitude_5320_firmware *
dell xps_7590_firmware *
dell inspiron_3793_firmware *
dell optiplex_7090_firmware *
dell inspiron_7790_firmware *
dell xps_17_9700_firmware *
dell precision_7750_firmware *
dell alienware_area_51m_r2_firmware *
dell chengming_3991_firmware *
dell xps_13_9300_firmware *
dell precision_5550_firmware *
dell precision_3560_firmware *
dell inspiron_7706_2-in-1_firmware *
dell latitude_5300_2-in-1_firmware *
dell latitude_7320_detachable_firmware *
dell latitude_3510_firmware *
dell g15_5511_firmware *
dell inspiron_7306_2-in-1_firmware *
dell vostro_5880_firmware *
dell vostro_5510_firmware *
dell inspiron_5401_aio_firmware *
dell inspiron_7700_aio_firmware *
dell latitude_5400_firmware *
dell latitude_5310_firmware *
dell inspiron_5400_aio_firmware *
dell inspiron_14_5418_firmware *
dell vostro_3690_firmware *
dell latitude_5510_firmware *
dell precision_7550_firmware *
dell precision_3540_firmware *
dell latitude_9420_firmware *
dell precision_3450_firmware *
dell inspiron_5491_aio_firmware *
dell latitude_7400_2-in-1_firmware *
dell latitude_5300_firmware *
dell latitude_7320_firmware *
dell precision_5560_firmware *
dell xps_13_9310_2-in-1_firmware *
dell vostro_5301_firmware *
dell precision_3541_firmware *
dell optiplex_7780_all-in-one_firmware *
dell vostro_5491_firmware *
dell inspiron_3590_firmware *
dell latitude_3500_firmware *
dell inspiron_5390_firmware *
dell vostro_5591_firmware *
dell inspiron_5502_firmware *
dell vostro_3490_firmware *
dell latitude_5421_firmware *
dell inspiron_5583_firmware *
dell alienware_m15_r4_firmware *
dell inspiron_5406_2-in-1_firmware *
dell vostro_5890_firmware *
dell xps_13_7390_2-in-1_firmware *
dell precision_3440_firmware *
dell xps_13_9310_firmware *
dell latitude_7310_firmware *
dell vostro_5590_firmware *
dell latitude_3120_firmware *
dell latitude_7410_firmware *
dell alienware_area_51m_r1_firmware *
dell inspiron_5598_firmware *
dell vostro_5310_firmware *
dell inspiron_7791_firmware *
dell precision_5750_firmware *
dell vostro_3681_firmware *
dell latitude_7400_firmware *
dell inspiron_5491_2-in-1_firmware *
dell vostro_5402_firmware *
dell optiplex_3080_firmware *
dell alienware_m17_r3_firmware *
dell vostro_7500_firmware *
dell vostro_7590_firmware *
dell inspiron_5402_firmware *
dell latitude_3400_firmware *
dell inspiron_5490_firmware *
dell inspiron_5584_firmware *
dell latitude_5500_firmware *
dell vostro_3401_firmware *
dell latitude_5511_firmware *
dell inspiron_5391_firmware *
dell precision_3530_firmware *
dell inspiron_5501_firmware *
dell inspiron_3501_firmware *
dell g15_5510_firmware *
dell optiplex_5090_firmware *
dell inspiron_5594_firmware *
dell chengming_3990_firmware *
dell precision_3640_firmware *
dell inspiron_5301_firmware *
dell xps_13_7390_firmware *
dell inspiron_7391_firmware *
dell inspiron_3881_firmware *
dell inspiron_3511_firmware *
dell xps_8940_firmware *
dell inspiron_7500_firmware *
dell g3_3590_firmware *
dell inspiron_15_5510_firmware *
dell optiplex_7090_ultra_firmware *
dell alienware_m15_r3_firmware *
dell precision_3550_firmware *
dell vostro_5410_firmware *
dell inspiron_5498_firmware *
dell inspiron_7300_2-in-1_firmware *
dell optiplex_3280_all-in-one_firmware *
dell optiplex_5480_all-in-one_firmware *
dell vostro_5490_firmware *
dell inspiron_3490_firmware *
dell latitude_3310_firmware *
dell inspiron_15_5518_firmware *
dell latitude_3301_firmware *
dell g5_5000_firmware *
CVE-2022-22567 LOW

Select Dell Client Commercial and Consumer platforms are vulnerable to an insufficient verification of data authenticity vulnerability. An authenticated malicious user may exploit this vulnerability in order to install modified BIOS firmware.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L 0.8 4.2
security_alert@emc.com 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:L 0.5 4.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-345,CWE-345,

Products Affected

Vendor Product Version
dell inspiron_5310_firmware *
dell inspiron_5591_2-in-1_firmware *
dell precision_7540_firmware *
dell optiplex_7480_all-in-one_firmware *
dell inspiron_5410_firmware *
dell inspiron_3593_firmware *
dell vostro_3510_firmware *
dell inspiron_5593_firmware *
dell inspiron_5408_firmware *
dell inspiron_7590_firmware *
dell optiplex_7070_uff_firmware *
dell latitude_3410_firmware *
dell latitude_7210_2-in-1_firmware *
dell inspiron_3493_firmware *
dell precision_3520_firmware *
dell latitude_3520_firmware *
dell latitude_7520_firmware *
dell latitude_3310_2-in-1_firmware *
dell inspiron_5409_firmware *
dell vostro_3590_firmware *
dell inspiron_7591_firmware *
dell latitude_5410_firmware *
dell vostro_5391_firmware *
dell latitude_9510_firmware *
dell inspiron_7610_firmware *
dell optiplex_7490_aio_firmware *
dell precision_3650_firmware *
dell inspiron_5401_firmware *
dell latitude_9410_firmware *
dell precision_3240_compact_firmware *
dell g7_7700_firmware *
dell optiplex_5490_aio_firmware *
dell inspiron_5300_firmware *
dell alienware_m15_r6_firmware *
dell latitude_5411_firmware *
dell vostro_5502_firmware *
dell precision_5760_firmware *
dell g7_7500_firmware *
dell xps_9305_firmware *
dell inspiron_7510_firmware *
dell vostro_5501_firmware *
dell g3_3500_firmware *
dell inspiron_5590_firmware *
dell inspiron_7500_2-in-1_black_firmware *
dell precision_5540_firmware *
dell inspiron_7501_firmware *
dell vostro_7510_firmware *
dell latitude_rugged_7220_firmware *
dell vostro_5390_firmware *
dell inspiron_7390_firmware *
dell inspiron_3880_firmware *
dell latitude_5520_firmware *
dell precision_3561_firmware *
dell inspiron_5508_firmware *
dell g5_5500_firmware *
dell vostro_3881_firmware *
dell inspiron_5509_firmware *
dell vostro_3400_firmware *
dell inspiron_7500_2-in-1_silver_firmware *
dell latitude_5521_firmware *
dell vostro_5401_firmware *
dell vostro_3500_firmware *
dell vostro_3501_firmware *
dell optiplex_5080_firmware *
dell latitude_5420_firmware *
dell latitude_7420_firmware *
dell latitude_rugged_7330_firmware *
dell inspiron_7490_firmware *
dell xps_17_9710_firmware *
dell inspiron_5400_2-in-1_firmware *
dell optiplex_3090_ultra_firmware *
dell precision_3551_firmware *
dell inspiron_14_5410_firmware *
dell inspiron_3891_firmware *
dell latitude_7200_2-in-1_firmware *
dell xps_15_9510_firmware *
dell alienware_m17_r4_firmware *
dell precision_7740_firmware *
dell latitude_rugged_7220_extreme_firmware *
dell vostro_3890_firmware *
dell inspiron_5494_firmware *
dell xps_15_9500_firmware *
dell precision_7560_firmware *
dell precision_7760_firmware *
dell inspiron_5493_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_9520_firmware *
dell latitude_rugged_5430_firmware *
dell latitude_5501_firmware *
dell inspiron_7506_2-in-1_firmware *
dell latitude_7300_firmware *
dell latitude_3320_firmware *
dell xps_13_9380_firmware *
dell vostro_5300_firmware *
dell inspiron_3790_firmware *
dell inspiron_5490_aio_firmware *
dell inspiron_7300_firmware *
dell optiplex_7080_firmware *
dell inspiron_7400_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell latitude_3420_firmware *
dell latitude_5320_firmware *
dell xps_7590_firmware *
dell inspiron_3793_firmware *
dell optiplex_7090_firmware *
dell inspiron_7790_firmware *
dell xps_17_9700_firmware *
dell precision_7750_firmware *
dell alienware_area_51m_r2_firmware *
dell chengming_3991_firmware *
dell xps_13_9300_firmware *
dell precision_5550_firmware *
dell precision_3560_firmware *
dell inspiron_7706_2-in-1_firmware *
dell latitude_5300_2-in-1_firmware *
dell latitude_7320_detachable_firmware *
dell latitude_3510_firmware *
dell g15_5511_firmware *
dell inspiron_7306_2-in-1_firmware *
dell vostro_5880_firmware *
dell vostro_5510_firmware *
dell inspiron_5401_aio_firmware *
dell inspiron_7700_aio_firmware *
dell latitude_5400_firmware *
dell latitude_5310_firmware *
dell inspiron_5400_aio_firmware *
dell inspiron_14_5418_firmware *
dell vostro_3690_firmware *
dell latitude_5510_firmware *
dell precision_7550_firmware *
dell precision_3540_firmware *
dell latitude_9420_firmware *
dell precision_3450_firmware *
dell inspiron_5491_aio_firmware *
dell latitude_7400_2-in-1_firmware *
dell latitude_5300_firmware *
dell latitude_7320_firmware *
dell precision_5560_firmware *
dell xps_13_9310_2-in-1_firmware *
dell vostro_5301_firmware *
dell precision_3541_firmware *
dell optiplex_7780_all-in-one_firmware *
dell vostro_5491_firmware *
dell inspiron_3590_firmware *
dell latitude_3500_firmware *
dell inspiron_5390_firmware *
dell vostro_5591_firmware *
dell inspiron_5502_firmware *
dell vostro_3490_firmware *
dell latitude_5421_firmware *
dell inspiron_5583_firmware *
dell alienware_m15_r4_firmware *
dell inspiron_5406_2-in-1_firmware *
dell vostro_5890_firmware *
dell xps_13_7390_2-in-1_firmware *
dell precision_3440_firmware *
dell xps_13_9310_firmware *
dell latitude_7310_firmware *
dell vostro_5590_firmware *
dell latitude_3120_firmware *
dell latitude_7410_firmware *
dell alienware_area_51m_r1_firmware *
dell inspiron_5598_firmware *
dell vostro_5310_firmware *
dell inspiron_7791_firmware *
dell precision_5750_firmware *
dell vostro_3681_firmware *
dell latitude_7400_firmware *
dell inspiron_5491_2-in-1_firmware *
dell vostro_5402_firmware *
dell optiplex_3080_firmware *
dell alienware_m17_r3_firmware *
dell vostro_7500_firmware *
dell vostro_7590_firmware *
dell inspiron_5402_firmware *
dell latitude_3400_firmware *
dell inspiron_5490_firmware *
dell inspiron_5584_firmware *
dell latitude_5500_firmware *
dell vostro_3401_firmware *
dell latitude_5511_firmware *
dell inspiron_5391_firmware *
dell precision_3530_firmware *
dell inspiron_5501_firmware *
dell inspiron_3501_firmware *
dell g15_5510_firmware *
dell optiplex_5090_firmware *
dell inspiron_5594_firmware *
dell chengming_3990_firmware *
dell precision_3640_firmware *
dell inspiron_5301_firmware *
dell xps_13_7390_firmware *
dell inspiron_7391_firmware *
dell inspiron_3881_firmware *
dell inspiron_3511_firmware *
dell xps_8940_firmware *
dell inspiron_7500_firmware *
dell g3_3590_firmware *
dell inspiron_15_5510_firmware *
dell optiplex_7090_ultra_firmware *
dell alienware_m15_r3_firmware *
dell precision_3550_firmware *
dell vostro_5410_firmware *
dell inspiron_5498_firmware *
dell inspiron_7300_2-in-1_firmware *
dell optiplex_3280_all-in-one_firmware *
dell optiplex_5480_all-in-one_firmware *
dell vostro_5490_firmware *
dell inspiron_3490_firmware *
dell latitude_3310_firmware *
dell inspiron_15_5518_firmware *
dell latitude_3301_firmware *
dell g5_5000_firmware *
CVE-2022-23155 HIGH

Dell Wyse Management Suite versions 2.0 through 3.5.2 contain an unrestricted file upload vulnerability. A malicious user with admin privileges can exploit this vulnerability in order to execute arbitrary code on the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-434,CWE-434,

Products Affected

Vendor Product Version
dell wyse_management_suite *
CVE-2022-23156 MEDIUM

Wyse Device Agent version 14.6.1.4 and below contain an Improper Authentication vulnerability. A malicious user could potentially exploit this vulnerability by providing invalid input in order to obtain a connection to WMS server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N 1.5 4.0
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
dell wyse_device_agent *
CVE-2022-23157 LOW

Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A authenticated malicious user could potentially exploit this vulnerability in order to view sensitive information from the WMS Server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6
security_alert@emc.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
dell wyse_device_agent *
CVE-2022-23158 LOW

Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A local authenticated user with standard privilege could potentially exploit this vulnerability and provide incorrect port information and get connected to valid WMS server

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N 1.5 4.0
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-183,CWE-200,

Products Affected

Vendor Product Version
dell wyse_device_agent *
CVE-2022-23159 MEDIUM

Dell PowerScale OneFS, 8.2.2 - 9.3.0.x, contain a missing release of memory after effective lifetime vulnerability. An authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE and ISI_PRIV_AUTH_PROVIDERS privileges could exploit this vulnerability, leading to a Denial-Of-Service. This can also impact a cluster in Compliance mode. Dell recommends to update at the earliest opportunity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H 1.2 3.6
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,CWE-401,

Products Affected

Vendor Product Version
dell emc_powerscale_onefs *
CVE-2022-23160 MEDIUM

Dell PowerScale OneFS, versions 8.2.0-9.3.0, contains an Improper Handling of Insufficient Permissions vulnerability. An remote malicious user could potentially exploit this vulnerability, leading to gaining write permissions on read-only files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4
security_alert@emc.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L 2.8 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-274,CWE-269,

Products Affected

Vendor Product Version
dell emc_powerscale_onefs *
CVE-2022-23161 MEDIUM

Dell PowerScale OneFS versions 8.2.x - 9.3.0.x contain a denial-of-service vulnerability in SmartConnect. An unprivileged network attacker may potentially exploit this vulnerability, leading to denial-of-service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-755,CWE-755,

Products Affected

Vendor Product Version
dell emc_powerscale_onefs *
CVE-2022-23163 LOW

Dell PowerScale OneFS, 8.2,x, 9.1.0.x, 9.2.1.x, and 9.3.0.x contain a denial of service vulnerability. A local malicious user could potentially exploit this vulnerability, leading to denial of service/data unavailability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
security_alert@emc.com 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 1.0 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-379,CWE-668,

Products Affected

Vendor Product Version
dell emc_powerscale_onefs *
CVE-2022-24409 HIGH

Dell BSAFE SSL-J contains remediation for a covert timing channel vulnerability that may be exploited by malicious users to compromise the affected system. Only customers with active BSAFE maintenance contracts can receive details about this vulnerability. Public disclosure of the vulnerability details will be shared at a later date.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.6 5.9
security_alert@emc.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-385,NVD-CWE-Other,

Products Affected

Vendor Product Version
dell bsafe_ssl-j *
CVE-2022-24410

Dell BIOS contains an information exposure vulnerability. An unauthenticated local attacker with physical access to the system and knowledge of the system configuration could potentially exploit this vulnerability to read system information via debug interfaces.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.8 MEDIUM CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H 0.5 5.8
nvd@nist.gov 4.2 MEDIUM CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 0.5 3.6

Products Affected

Vendor Product Version
dell inspiron_5310_firmware *
dell inspiron_5591_2-in-1_firmware *
dell inspiron_5401_aio_firmware *
dell inspiron_7700_aio_firmware *
dell chengming_3988_firmware *
dell inspiron_3582_firmware *
dell inspiron_14_5410_2-in-1_firmware *
dell inspiron_7000_firmware *
dell g7_17_7790_firmware *
dell inspiron_3593_firmware *
dell inspiron_5593_firmware *
dell inspiron_5408_firmware *
dell inspiron_3477_firmware *
dell inspiron_3502_firmware *
dell latitude_3379_firmware *
dell latitude_3410_firmware *
dell inspiron_5400_firmware *
dell inspiron_3493_firmware *
dell inspiron_7777_firmware *
dell latitude_3520_firmware *
dell latitude_3480_firmware *
dell latitude_3580_firmware *
dell latitude_3310_2-in-1_firmware *
dell inspiron_5409_firmware *
dell chengming_3977_firmware *
dell g7_15_7500_firmware *
dell inspiron_5491_aio_firmware *
dell inspiron_3782_firmware *
dell latitude_3570_firmware *
dell latitude_3490_firmware *
dell alienware_m17_r1_firmware *
dell inspiron_3670_firmware *
dell inspiron_3471_firmware *
dell g5_15_5590_firmware *
dell alienware_13_r3_firmware *
dell latitude_3190_2-in-1_firmware *
dell inspiron_7610_firmware *
dell inspiron_3470 *
dell g3_3579_firmware *
dell g7_15_7590_firmware *
dell g3_3500_firmware 1.12.0
dell inspiron_5401_firmware *
dell inspiron_3590_firmware *
dell alienware_m15_r2_firmware *
dell latitude_3500_firmware *
dell inspiron_5300_firmware *
dell alienware_m15_r6_firmware *
dell g5_5090_firmware *
dell inspiron_5390_firmware *
dell alienware_17_r5_firmware *
dell inspiron_3277_firmware *
dell inspiron_3781_firmware *
dell inspiron_5502_firmware *
dell inspiron_3581_firmware *
dell inspiron_5583_firmware *
dell alienware_m15_r4_firmware *
dell inspiron_7391_2-in-1_firmware *
dell inspiron_5406_2-in-1_firmware *
dell inspiron_3780_firmware *
dell inspiron_7510_firmware *
dell g3_3500_firmware *
dell inspiron_5590_firmware *
dell chengming_3980_firmware *
dell inspiron_3280_firmware *
dell alienware_15_r2_firmware *
dell inspiron_7500_2-in-1_black_firmware *
dell embedded_box_pc_5000_firmware *
dell inspiron_5480_2-in-1_firmware *
dell inspiron_7501_firmware *
dell alienware_aurora_r9_firmware *
dell latitude_3120_firmware *
dell inspiron_3880_firmware *
dell inspiron_3482_firmware *
dell inspiron_5508_firmware *
dell alienware_area_51m_r1_firmware *
dell latitude_13_3380_firmware *
dell inspiron_5509_firmware *
dell inspiron_7791_2-in-1_firmware *
dell latitude_3189_firmware *
dell inspiron_7500_2-in-1_silver_firmware *
dell inspiron_7591 *
dell alienware_15_r3_firmware *
dell inspiron_5491_2-in-1_firmware *
dell inspiron_15_3511_firmware *
dell alienware_m17_r2_firmware *
dell alienware_15_r4_firmware *
dell alienware_aurora_r11_firmware *
dell inspiron_7590 *
dell inspiron_7490_firmware *
dell inspiron_5400_2-in-1_firmware *
dell alienware_m17_r3_firmware *
dell alienware_aurora_r7_firmware *
dell inspiron_3891_firmware *
dell inspiron_3580_firmware *
dell latitude_3470_firmware *
dell latitude_3590_firmware *
dell inspiron_5402_firmware *
dell inspiron_5680_firmware *
dell g3_3779_firmware *
dell latitude_3400_firmware *
dell inspiron_5490_firmware *
dell alienware_m17_r4_firmware *
dell latitude_3180_firmware *
dell inspiron_5584_firmware *
dell alienware_17_r3_firmware *
dell g5_15_5500_firmware *
dell latitude_3390_2-in-1_firmware *
dell latitude_3300_firmware *
dell inspiron_5494_firmware *
dell inspiron_3480_aio_firmware *
dell inspiron_5391_firmware *
dell alienware_13_r2_firmware *
dell inspiron_5501_firmware *
dell inspiron_5493_firmware *
dell inspiron_3501_firmware *
dell g7_17_7700_firmware *
dell inspiron_3480_firmware *
dell inspiron_5594_firmware *
dell chengming_3990_firmware *
dell inspiron_7506_2-in-1_firmware *
dell inspiron_3268_firmware *
dell inspiron_5301_firmware *
dell latitude_3320_firmware *
dell inspiron_7591_2-in-1 *
dell inspiron_3790_firmware *
dell inspiron_3881_firmware *
dell inspiron_5490_aio_firmware *
dell inspiron_3671_firmware *
dell inspiron_3584_firmware *
dell inspiron_7300_firmware *
dell inspiron_7400_firmware *
dell inspiron_7500_firmware *
dell g3_15_3590_firmware *
dell alienware_m15_r3_firmware *
dell inspiron_5570_firmware *
dell latitude_3420_firmware *
dell inspiron_5770_firmware *
dell inspiron_3481_firmware *
dell inspiron_7300_2-in-1_firmware *
dell inspiron_3793_firmware *
dell alienware_aurora_r8_firmware *
dell inspiron_7790_firmware *
dell inspiron_3668_firmware *
dell inspiron_5480_firmware *
dell inspiron_5477_firmware *
dell alienware_area_51m_r2_firmware *
dell alienware_17_r4_firmware *
dell latitude_3190_firmware *
dell chengming_3991_firmware *
dell alienware_m15_r1_firmware *
dell inspiron_7706_2-in-1_firmware *
dell inspiron_3490_firmware *
dell latitude_3510_firmware *
dell latitude_3310_firmware *
dell g15_5511_firmware *
dell inspiron_7306_2-in-1_firmware *
dell latitude_3301_firmware *
dell g5_5000_firmware *
dell g15_5511_firmware 1.9.0
CVE-2022-24411 MEDIUM

Dell PowerScale OneFS 8.2.2 and above contain an elevation of privilege vulnerability. A local attacker with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE could potentially exploit this vulnerability, leading to elevation of privilege. This could potentially allow users to circumvent PowerScale Compliance Mode guarantees.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-378,CWE-668,

Products Affected

Vendor Product Version
dell emc_powerscale_onefs *
CVE-2022-24412 MEDIUM

Dell EMC PowerScale OneFS 8.2.x - 9.3.0.x contain an improper handling of value vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to denial-of-service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-229,NVD-CWE-Other,

Products Affected

Vendor Product Version
dell emc_powerscale_onefs *
CVE-2022-24413 LOW

Dell PowerScale OneFS, versions 8.2.2-9.3.x, contain a time-of-check-to-time-of-use vulnerability. A local user with access to the filesystem could potentially exploit this vulnerability, leading to data loss.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L 1.8 2.5
nvd@nist.gov 3.6 LOW CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L 1.0 2.5

CVSS 2.0

Severity: LOW

Problem Type: CWE-367,CWE-367,

Products Affected

Vendor Product Version
dell emc_powerscale_onefs *
CVE-2022-24414 MEDIUM

Dell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is exposed in GET requests. These request parameters can get logged in reverse proxies and server logs. Attackers may potentially use these tokens to access CloudLink server. Tokens should not be used in request URL to avoid such attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.6 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L 2.8 4.7
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-598,CWE-200,

Products Affected

Vendor Product Version
dell cloudlink *
CVE-2022-24415 HIGH

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-119,

Products Affected

Vendor Product Version
dell embedded_box_pc_5000_firmware *
dell inspiron_3582_firmware *
dell edge_gateway_3000_firmware *
dell alienware_13_r3_firmware *
dell vostro_15_5568_firmware *
dell inspiron_14_3473_firmware *
dell inspiron_3465_firmware *
dell inspiron_3482_firmware *
dell alienware_area_51m_r1_firmware *
dell inspiron_15_3573_firmware *
dell inspiron_3477_firmware *
dell wyse_7040_thin_client_firmware *
dell vostro_3668_firmware *
dell inspiron_3502_firmware *
dell vostro_3268_firmware *
dell latitude_3379_firmware *
dell alienware_15_r3_firmware *
dell vostro_3660_firmware *
dell alienware_m15_r2_firmware *
dell alienware_x15_r1_firmware *
dell xps_8930_firmware *
dell inspiron_3565_firmware *
dell edge_gateway_5000_firmware *
dell alienware_m17_r2_firmware *
dell alienware_15_r4_firmware *
dell inspiron_15_5566_firmware *
dell vostro_14_5468_firmware *
dell alienware_m15_r3_firmware *
dell vostro_3669_firmware *
dell vostro_3582_firmware *
dell vostro_3267_firmware *
dell alienware_m17_r3_firmware *
dell alienware_aurora_r8_firmware *
dell alienware_17_r5_firmware *
dell edge_gateway_5100_firmware *
dell alienware_area_51m_r2_firmware *
dell inspiron_3277_firmware *
dell alienware_17_r4_firmware *
dell alienware_x17_r1_firmware *
dell vostro_3572_firmware *
dell alienware_m17_r4_firmware *
dell inspiron_3782_firmware *
dell alienware_m15_r4_firmware *
dell vostro_3667_firmware *
dell embedded_box_pc_3000_firmware *
dell inspiron_3510_firmware *
CVE-2022-24416 HIGH

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-119,

Products Affected

Vendor Product Version
dell embedded_box_pc_5000_firmware *
dell inspiron_3582_firmware *
dell edge_gateway_3000_firmware *
dell alienware_13_r3_firmware *
dell vostro_15_5568_firmware *
dell inspiron_14_3473_firmware *
dell inspiron_3465_firmware *
dell inspiron_3482_firmware *
dell alienware_area_51m_r1_firmware *
dell inspiron_15_3573_firmware *
dell inspiron_3477_firmware *
dell wyse_7040_thin_client_firmware *
dell vostro_3668_firmware *
dell inspiron_3502_firmware *
dell vostro_3268_firmware *
dell latitude_3379_firmware *
dell alienware_15_r3_firmware *
dell vostro_3660_firmware *
dell alienware_m15_r2_firmware *
dell alienware_x15_r1_firmware *
dell xps_8930_firmware *
dell inspiron_3565_firmware *
dell edge_gateway_5000_firmware *
dell alienware_m17_r2_firmware *
dell alienware_15_r4_firmware *
dell inspiron_15_5566_firmware *
dell vostro_14_5468_firmware *
dell alienware_m15_r3_firmware *
dell vostro_3669_firmware *
dell vostro_3582_firmware *
dell vostro_3267_firmware *
dell alienware_m17_r3_firmware *
dell alienware_aurora_r8_firmware *
dell alienware_17_r5_firmware *
dell edge_gateway_5100_firmware *
dell alienware_area_51m_r2_firmware *
dell inspiron_3277_firmware *
dell alienware_17_r4_firmware *
dell alienware_x17_r1_firmware *
dell vostro_3572_firmware *
dell alienware_m17_r4_firmware *
dell inspiron_3782_firmware *
dell alienware_m15_r4_firmware *
dell vostro_3667_firmware *
dell embedded_box_pc_3000_firmware *
dell inspiron_3510_firmware *
CVE-2022-24417 HIGH

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
dell inspiron_27_7775_firmware *
dell inspiron_3515_firmware *
dell inspiron_3180_firmware *
dell vostro_3515_firmware *
dell inspiron_5575_firmware *
dell inspiron_5515_firmware *
dell inspiron_5775_firmware *
dell inspiron_5675_firmware *
dell inspiron_22-3275_firmware *
dell inspiron_7375_firmware *
dell inspiron_7405_firmware *
dell inspiron_5505_firmware *
dell vostro_5415_firmware *
dell inspiron_24-3475_firmware *
dell inspiron_3585_firmware *
dell inspiron_5405_firmware *
dell dell_g5_5505_firmware *
dell inspiron_5485_firmware *
dell inspiron_3785_firmware *
dell inspiron_3595_firmware *
dell inspiron_7415_firmware *
dell inspiron_3195_firmware *
dell vostro_5515_firmware *
dell inspiron_3505_firmware *
dell inspiron_5415_firmware *
dell inspiron_5585_firmware *
dell inspiron_3185_firmware *
dell vostro_3405_firmware *
CVE-2022-24418 HIGH

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
dell inspiron_27_7775_firmware *
dell inspiron_3515_firmware *
dell inspiron_3180_firmware *
dell vostro_3515_firmware *
dell inspiron_5575_firmware *
dell inspiron_5515_firmware *
dell inspiron_5775_firmware *
dell inspiron_5675_firmware *
dell inspiron_22-3275_firmware *
dell inspiron_7375_firmware *
dell inspiron_7405_firmware *
dell inspiron_5505_firmware *
dell vostro_5415_firmware *
dell inspiron_24-3475_firmware *
dell inspiron_3585_firmware *
dell inspiron_5405_firmware *
dell dell_g5_5505_firmware *
dell inspiron_5485_firmware *
dell inspiron_3785_firmware *
dell inspiron_3595_firmware *
dell inspiron_7415_firmware *
dell inspiron_3195_firmware *
dell vostro_5515_firmware *
dell inspiron_3505_firmware *
dell inspiron_5415_firmware *
dell inspiron_5585_firmware *
dell inspiron_3185_firmware *
dell vostro_3405_firmware *
CVE-2022-24419 HIGH

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-119,

Products Affected

Vendor Product Version
dell embedded_box_pc_5000_firmware *
dell inspiron_3582_firmware *
dell edge_gateway_3000_firmware *
dell alienware_13_r3_firmware *
dell vostro_15_5568_firmware *
dell inspiron_14_3473_firmware *
dell inspiron_3465_firmware *
dell inspiron_3482_firmware *
dell alienware_area_51m_r1_firmware *
dell inspiron_15_3573_firmware *
dell inspiron_3477_firmware *
dell wyse_7040_thin_client_firmware *
dell vostro_3668_firmware *
dell inspiron_3502_firmware *
dell vostro_3268_firmware *
dell latitude_3379_firmware *
dell alienware_15_r3_firmware *
dell vostro_3660_firmware *
dell alienware_m15_r2_firmware *
dell alienware_x15_r1_firmware *
dell xps_8930_firmware *
dell inspiron_3565_firmware *
dell edge_gateway_5000_firmware *
dell alienware_m17_r2_firmware *
dell alienware_15_r4_firmware *
dell inspiron_15_5566_firmware *
dell vostro_14_5468_firmware *
dell alienware_m15_r3_firmware *
dell vostro_3669_firmware *
dell vostro_3582_firmware *
dell vostro_3267_firmware *
dell alienware_m17_r3_firmware *
dell alienware_aurora_r8_firmware *
dell alienware_17_r5_firmware *
dell edge_gateway_5100_firmware *
dell alienware_area_51m_r2_firmware *
dell inspiron_3277_firmware *
dell alienware_17_r4_firmware *
dell alienware_x17_r1_firmware *
dell vostro_3572_firmware *
dell alienware_m17_r4_firmware *
dell inspiron_3782_firmware *
dell alienware_m15_r4_firmware *
dell vostro_3667_firmware *
dell embedded_box_pc_3000_firmware *
dell inspiron_3510_firmware *
CVE-2022-24420 HIGH

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-119,

Products Affected

Vendor Product Version
dell embedded_box_pc_5000_firmware *
dell inspiron_3582_firmware *
dell edge_gateway_3000_firmware *
dell alienware_13_r3_firmware *
dell vostro_15_5568_firmware *
dell inspiron_14_3473_firmware *
dell inspiron_3465_firmware *
dell inspiron_3482_firmware *
dell alienware_area_51m_r1_firmware *
dell inspiron_15_3573_firmware *
dell inspiron_3477_firmware *
dell wyse_7040_thin_client_firmware *
dell vostro_3668_firmware *
dell inspiron_3502_firmware *
dell vostro_3268_firmware *
dell latitude_3379_firmware *
dell alienware_15_r3_firmware *
dell vostro_3660_firmware *
dell alienware_m15_r2_firmware *
dell alienware_x15_r1_firmware *
dell xps_8930_firmware *
dell inspiron_3565_firmware *
dell edge_gateway_5000_firmware *
dell alienware_m17_r2_firmware *
dell alienware_15_r4_firmware *
dell inspiron_15_5566_firmware *
dell vostro_14_5468_firmware *
dell alienware_m15_r3_firmware *
dell vostro_3669_firmware *
dell vostro_3582_firmware *
dell vostro_3267_firmware *
dell alienware_m17_r3_firmware *
dell alienware_aurora_r8_firmware *
dell alienware_17_r5_firmware *
dell edge_gateway_5100_firmware *
dell alienware_area_51m_r2_firmware *
dell inspiron_3277_firmware *
dell alienware_17_r4_firmware *
dell alienware_x17_r1_firmware *
dell vostro_3572_firmware *
dell alienware_m17_r4_firmware *
dell inspiron_3782_firmware *
dell alienware_m15_r4_firmware *
dell vostro_3667_firmware *
dell embedded_box_pc_3000_firmware *
dell inspiron_3510_firmware *
CVE-2022-24421 HIGH

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-119,

Products Affected

Vendor Product Version
dell embedded_box_pc_5000_firmware *
dell inspiron_3582_firmware *
dell edge_gateway_3000_firmware *
dell alienware_13_r3_firmware *
dell vostro_15_5568_firmware *
dell inspiron_14_3473_firmware *
dell inspiron_3465_firmware *
dell inspiron_3482_firmware *
dell alienware_area_51m_r1_firmware *
dell inspiron_15_3573_firmware *
dell inspiron_3477_firmware *
dell wyse_7040_thin_client_firmware *
dell vostro_3668_firmware *
dell inspiron_3502_firmware *
dell vostro_3268_firmware *
dell latitude_3379_firmware *
dell alienware_15_r3_firmware *
dell vostro_3660_firmware *
dell alienware_m15_r2_firmware *
dell alienware_x15_r1_firmware *
dell xps_8930_firmware *
dell inspiron_3565_firmware *
dell edge_gateway_5000_firmware *
dell alienware_m17_r2_firmware *
dell alienware_15_r4_firmware *
dell inspiron_15_5566_firmware *
dell vostro_14_5468_firmware *
dell alienware_m15_r3_firmware *
dell vostro_3669_firmware *
dell vostro_3582_firmware *
dell vostro_3267_firmware *
dell alienware_m17_r3_firmware *
dell alienware_aurora_r8_firmware *
dell alienware_17_r5_firmware *
dell edge_gateway_5100_firmware *
dell alienware_area_51m_r2_firmware *
dell inspiron_3277_firmware *
dell alienware_17_r4_firmware *
dell alienware_x17_r1_firmware *
dell vostro_3572_firmware *
dell alienware_m17_r4_firmware *
dell inspiron_3782_firmware *
dell alienware_m15_r4_firmware *
dell vostro_3667_firmware *
dell embedded_box_pc_3000_firmware *
dell inspiron_3510_firmware *
CVE-2022-24422 HIGH

Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC Console.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security_alert@emc.com 9.6 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 2.8 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
dell idrac9 *
CVE-2022-24423 MEDIUM

Dell iDRAC8 versions prior to 2.83.83.83 contain a denial of service vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to cause resource exhaustion in the webserver, resulting in a denial of service condition.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
dell integrated_dell_remote_access_controller_8_firmware *
CVE-2022-24424 MEDIUM

Dell EMC AppSync versions from 3.9 to 4.3 contain a path traversal vulnerability in AppSync server. A remote unauthenticated attacker may potentially exploit this vulnerability to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
dell emc_appsync *
CVE-2022-24426 HIGH

Dell Command | Update, Dell Update, and Alienware Update version 4.4.0 contains a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-427,CWE-427,

Products Affected

Vendor Product Version
dell command_update 4.4.0
dell update 4.4.0
dell alienware_update 4.4.0
CVE-2022-24428 MEDIUM

Dell PowerScale OneFS, versions 8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x, 9.2.1.x, and 9.3.0.x, contain an improper preservation of privileges. A remote filesystem user with a local account could potentially exploit this vulnerability, leading to an escalation of file privileges and information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2.8 3.4
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-281,CWE-281,

Products Affected

Vendor Product Version
dell emc_powerscale_onefs *
CVE-2022-26851 MEDIUM

Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name from observable state vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to data loss.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-330,CWE-330,

Products Affected

Vendor Product Version
dell emc_powerscale_onefs *
CVE-2022-26852 HIGH

Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number generator. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to an account compromise.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security_alert@emc.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-337,CWE-335,

Products Affected

Vendor Product Version
dell emc_powerscale_onefs *
CVE-2022-26854 HIGH

Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain risky cryptographic algorithms. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-327,CWE-327,

Products Affected

Vendor Product Version
dell emc_powerscale_onefs *
CVE-2022-26855 LOW

Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability, leading to a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
security_alert@emc.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-276,CWE-276,

Products Affected

Vendor Product Version
dell emc_powerscale_onefs *
CVE-2022-26856 LOW

Dell EMC Repository Manager version 3.4.0 contains a plain-text password storage vulnerability. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application's database with privileges of the compromised account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H 1.5 6.0

CVSS 2.0

Severity: LOW

Problem Type: CWE-522,CWE-522,

Products Affected

Vendor Product Version
dell emc_repository_manager 3.4.0
CVE-2022-26857 MEDIUM

Dell OpenManage Enterprise Versions 3.8.3 and prior contain an improper authorization vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass blocked functionalities and perform unauthorized actions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 9.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H 2.3 6.0
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-285,NVD-CWE-Other,

Products Affected

Vendor Product Version
dell openmanage_enterprise *
CVE-2022-26858

Dell BIOS versions contain an Improper Authentication vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.1 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N 0.8 4.7
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell inspiron_5310_firmware *
dell inspiron_5591_2-in-1_firmware *
dell optiplex_3090_firmware *
dell optiplex_7480_all-in-one_firmware *
dell xps_27_7760_firmware *
dell latitude_7370_firmware *
dell inspiron_3593_firmware *
dell inspiron_5593_firmware *
dell vostro_3710_firmware *
dell latitude_e7470_firmware *
dell latitude_7414_rugged_extreme_firmware *
dell latitude_3410_firmware *
dell inspiron_14_3476_firmware *
dell latitude_7390_2-in-1_firmware *
dell inspiron_5400_firmware *
dell optiplex_7040_firmware *
dell latitude_7210_2-in-1_firmware *
dell precision_3520_firmware *
dell latitude_3520_firmware *
dell latitude_3580_firmware *
dell inspiron_5409_firmware *
dell inspiron_7380_firmware *
dell latitude_3390_firmware *
dell latitude_7480_firmware *
dell inspiron_7370_firmware *
dell latitude_3490_firmware *
dell precision_3630_tower_firmware *
dell precision_7820_tower_firmware *
dell inspiron_7591_firmware *
dell optiplex_7490_all-in-one_firmware *
dell g5_15_5590_firmware *
dell latitude_9510_firmware *
dell optiplex_5060_firmware *
dell inspiron_7610_firmware *
dell xps_13_9365_firmware *
dell precision_3430_tower_firmware *
dell optiplex_5260_all-in-one_firmware *
dell latitude_9410_firmware *
dell precision_3240_compact_firmware *
dell precision_5530_firmware *
dell optiplex_5490_aio_firmware *
dell vostro_3070_firmware *
dell inspiron_5300_firmware *
dell optiplex_3050_firmware *
dell alienware_m15_r6_firmware *
dell precision_3510_firmware *
dell latitude_5491_firmware *
dell vostro_5502_firmware *
dell precision_5760_firmware *
dell inspiron_3781_firmware *
dell precision_5820_tower_firmware *
dell vostro_5581_firmware *
dell inspiron_7510_firmware *
dell vostro_5501_firmware *
dell latitude_7389_firmware *
dell vostro_3568_firmware *
dell g3_3500_firmware *
dell vostro_3580_firmware *
dell vostro_5390_firmware *
dell inspiron_3880_firmware *
dell vostro_3400_firmware *
dell latitude_7380_firmware *
dell latitude_7420_firmware *
dell latitude_rugged_7330_firmware *
dell xps_17_9710_firmware *
dell optiplex_3090_ultra_firmware *
dell precision_3551_firmware *
dell inspiron_15_5582_firmware *
dell xps_15_9510_firmware *
dell optiplex_7460_firmware *
dell optiplex_7070_firmware *
dell precision_7740_firmware *
dell vostro_3890_firmware *
dell xps_15_9500_firmware *
dell precision_7560_firmware *
dell precision_7760_firmware *
dell vostro_3470_firmware *
dell inspiron_5493_firmware *
dell precision_3650_tower_firmware *
dell latitude_9520_firmware *
dell latitude_rugged_5430_firmware *
dell inspiron_7506_2-in-1_firmware *
dell wyse_5470_all-in-one_firmware *
dell precision_5530_2-in-1_firmware *
dell latitude_7300_firmware *
dell latitude_3320_firmware *
dell xps_13_9380_firmware *
dell precision_3420_tower_firmware *
dell vostro_5300_firmware *
dell inspiron_15_3567_firmware *
dell inspiron_3790_firmware *
dell inspiron_15_5578_firmware *
dell vostro_3670_firmware *
dell inspiron_3671_firmware *
dell inspiron_14_3467_firmware *
dell inspiron_15_gaming_7577_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell inspiron_15_5566_firmware *
dell latitude_5320_firmware *
dell inspiron_7500_2-in-1_firmware *
dell latitude_e5570_firmware *
dell xps_7590_firmware *
dell xps_17_9700_firmware *
dell inspiron_5480_firmware *
dell latitude_5290_firmware *
dell precision_3560_firmware *
dell latitude_7320_detachable_firmware *
dell latitude_3510_firmware *
dell g15_5511_firmware *
dell inspiron_7306_2-in-1_firmware *
dell latitude_e7270_firmware *
dell inspiron_13_7378_firmware *
dell inspiron_3470_firmware *
dell inspiron_5510_firmware *
dell vostro_5510_firmware *
dell inspiron_7000_firmware *
dell inspiron_15_7572_firmware *
dell latitude_7220ex_rugged_extreme_tablet_firmware *
dell vostro_3690_firmware *
dell latitude_5510_firmware *
dell vostro_3471_firmware *
dell latitude_3379_firmware *
dell latitude_9420_firmware *
dell precision_3450_firmware *
dell latitude_7400_2-in-1_firmware *
dell latitude_7280_firmware *
dell latitude_7290_firmware *
dell latitude_5300_firmware *
dell latitude_7320_firmware *
dell precision_5560_firmware *
dell xps_13_9310_2-in-1_firmware *
dell optiplex_7071_firmware *
dell edge_gateway_3000_firmware *
dell latitude_e5270_firmware *
dell latitude_3380_firmware *
dell optiplex_7780_all-in-one_firmware *
dell vostro_5491_firmware *
dell vostro_3468_firmware *
dell vostro_3660_firmware *
dell inspiron_3590_firmware *
dell vostro_15_7570_firmware *
dell latitude_7275_2-in-1_firmware *
dell precision_3431_tower_firmware *
dell vostro_5591_firmware *
dell inspiron_5502_firmware *
dell optiplex_5050_firmware *
dell vostro_3481_firmware *
dell vostro_3490_firmware *
dell inspiron_5583_firmware *
dell inspiron_5406_2-in-1_firmware *
dell latitude_5290_2-in-1_firmware *
dell precision_3440_firmware *
dell chengming_3980_firmware *
dell xps_13_9310_firmware *
dell precision_7710_firmware *
dell latitude_5580_firmware *
dell latitude_3120_firmware *
dell latitude_7410_firmware *
dell g7_7588_firmware *
dell inspiron_5598_firmware *
dell latitude_3189_firmware *
dell inspiron_7791_firmware *
dell precision_5750_firmware *
dell vostro_3681_firmware *
dell inspiron_5491_2-in-1_firmware *
dell latitude_5495_firmware *
dell optiplex_3080_firmware *
dell inspiron_13_5378_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell latitude_3590_firmware *
dell optiplex_3040_firmware *
dell inspiron_5402_firmware *
dell precision_7520_firmware *
dell latitude_3400_firmware *
dell inspiron_5410_2-in-1_firmware *
dell latitude_3180_firmware *
dell inspiron_5584_firmware *
dell optiplex_7760_aio_firmware *
dell latitude_5500_firmware *
dell inspiron_5391_firmware *
dell inspiron_5501_firmware *
dell g7_17_7700_firmware *
dell inspiron_5580_firmware *
dell wyse_5070_firmware *
dell inspiron_5594_firmware *
dell chengming_3990_firmware *
dell inspiron_7786_firmware *
dell inspiron_5301_firmware *
dell vostro_3578_firmware *
dell vostro_3584_firmware *
dell inspiron_3881_firmware *
dell vostro_5090_firmware *
dell latitude_7220_rugged_extreme_tablet_firmware *
dell g3_15_3590_firmware *
dell optiplex_7090_ultra_firmware *
dell inspiron_5570_firmware *
dell precision_3550_firmware *
dell vostro_5410_firmware *
dell inspiron_7300_2-in-1_firmware *
dell optiplex_3280_all-in-one_firmware *
dell optiplex_5480_all-in-one_firmware *
dell inspiron_7570_firmware *
dell precision_3930_rack_firmware *
dell xps_15_7590_firmware *
dell inspiron_3490_firmware *
dell g5_5000_firmware *
dell precision_7540_firmware *
dell latitude_5289_firmware *
dell chengming_3988_firmware *
dell latitude_5280_firmware *
dell inspiron_5410_firmware *
dell vostro_3510_firmware *
dell xps_13_9305_firmware *
dell optiplex_7770_all-in-one_firmware *
dell inspiron_5408_firmware *
dell inspiron_7590_firmware *
dell latitude_7490_firmware *
dell inspiron_3493_firmware *
dell inspiron_7386_firmware *
dell latitude_7520_firmware *
dell latitude_3480_firmware *
dell latitude_3310_2-in-1_firmware *
dell vostro_3590_firmware *
dell vostro_5481_firmware *
dell latitude_3570_firmware *
dell latitude_7214_firmware *
dell optiplex_5250_firmware *
dell latitude_5410_firmware *
dell vostro_5391_firmware *
dell inspiron_7373_firmware *
dell optiplex_3050_aio_firmware *
dell inspiron_5401_firmware *
dell optiplex_7470_all-in-one_firmware *
dell inspiron_5370_firmware *
dell edge_gateway_5000_firmware *
dell vostro_15_7580_firmware *
dell latitude_5411_firmware *
dell g5_5090_firmware *
dell g7_7500_firmware *
dell optiplex_3060_firmware *
dell inspiron_3581_firmware *
dell optiplex_xe3_firmware *
dell inspiron_7573_firmware *
dell inspiron_5590_firmware *
dell precision_5540_firmware *
dell embedded_box_pc_5000_firmware *
dell latitude_7285_firmware *
dell precision_7730_firmware *
dell inspiron_7501_firmware *
dell vostro_7510_firmware *
dell latitude_5490_firmware *
dell inspiron_7390_firmware *
dell latitude_5520_firmware *
dell precision_3561_firmware *
dell inspiron_5508_firmware *
dell g5_5500_firmware *
dell vostro_3881_firmware *
dell inspiron_5509_firmware *
dell latitude_5521_firmware *
dell vostro_5401_firmware *
dell vostro_3500_firmware *
dell vostro_3501_firmware *
dell optiplex_5080_firmware *
dell inspiron_7580_firmware *
dell latitude_5420_firmware *
dell inspiron_7490_firmware *
dell inspiron_5400_2-in-1_firmware *
dell latitude_5175_firmware *
dell inspiron_3891_firmware *
dell latitude_7200_2-in-1_firmware *
dell inspiron_3910_firmware *
dell xps_13_9360_firmware *
dell latitude_3470_firmware *
dell inspiron_3576_firmware *
dell precision_3620_tower_firmware *
dell latitude_5288_firmware *
dell latitude_3300_firmware *
dell vostro_3667_firmware *
dell inspiron_5494_firmware *
dell optiplex_5070_firmware *
dell inspiron_3480_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_7212_rugged_extreme_tablet_firmware *
dell latitude_5501_firmware *
dell vostro_3910_firmware *
dell latitude_7390_firmware *
dell latitude_5179_firmware *
dell inspiron_5490_aio_firmware *
dell optiplex_3046_firmware *
dell optiplex_5040_firmware *
dell inspiron_7300_firmware *
dell optiplex_7070_ultra_firmware *
dell optiplex_7080_firmware *
dell inspiron_7400_firmware *
dell latitude_3420_firmware *
dell inspiron_5770_firmware *
dell inspiron_3793_firmware *
dell optiplex_7090_firmware *
dell inspiron_7790_firmware *
dell precision_7750_firmware *
dell latitude_3190_firmware *
dell chengming_3991_firmware *
dell latitude_5424_rugged_firmware *
dell precision_5550_firmware *
dell inspiron_7706_2-in-1_firmware *
dell latitude_5300_2-in-1_firmware *
dell vostro_5880_firmware *
dell inspiron_5401_aio_firmware *
dell inspiron_7700_aio_firmware *
dell latitude_5400_firmware *
dell latitude_5310_firmware *
dell g7_17_7790_firmware *
dell optiplex_7060_firmware *
dell vostro_5471_firmware *
dell vostro_5468_firmware *
dell xps_13_9370_firmware *
dell inspiron_7472_firmware *
dell vostro_3268_firmware *
dell vostro_3583_firmware *
dell precision_7550_firmware *
dell precision_3540_firmware *
dell vostro_5568_firmware *
dell vostro_3480_firmware *
dell optiplex_5270_all-in-one_firmware *
dell optiplex_3240_all-in-one_firmware *
dell inspiron_5491_aio_firmware *
dell precision_7920_tower_firmware *
dell inspiron_3670_firmware *
dell latitude_5285_2-in-1_firmware *
dell optiplex_7440_aio_firmware *
dell inspiron_3471_firmware *
dell vostro_5301_firmware *
dell inspiron_5482_firmware *
dell latitude_3190_2-in-1_firmware *
dell precision_3541_firmware *
dell latitude_5414_rugged_firmware *
dell g3_3579_firmware *
dell latitude_5480_firmware *
dell inspiron_15_5579_firmware *
dell g5_15_5587_firmware *
dell inspiron_7586_firmware *
dell precision_7720_firmware *
dell latitude_3500_firmware *
dell vostro_3267_firmware *
dell inspiron_5390_firmware *
dell inspiron_13_5379_firmware *
dell latitude_5421_firmware *
dell inspiron_3780_firmware *
dell vostro_3671_firmware *
dell vostro_5890_firmware *
dell precision_3640_tower_firmware *
dell xps_15_9575_2-in-1_firmware *
dell latitude_7310_firmware *
dell vostro_5590_firmware *
dell vostro_5310_firmware *
dell optiplex_3070_firmware *
dell precision_7530_firmware *
dell precision_5520_firmware *
dell latitude_7400_firmware *
dell wyse_5470_firmware *
dell vostro_5402_firmware *
dell vostro_3581_firmware *
dell inspiron_5481_firmware *
dell latitude_5591_firmware *
dell vostro_7500_firmware *
dell vostro_7590_firmware *
dell inspiron_3580_firmware *
dell inspiron_5490_firmware *
dell latitude_5420_rugged_firmware *
dell latitude_5488_firmware *
dell inspiron_17_7773_firmware *
dell embedded_box_pc_3000_firmware *
dell vostro_3401_firmware *
dell latitude_5511_firmware *
dell precision_3530_firmware *
dell inspiron_3501_firmware *
dell g15_5510_firmware *
dell latitude_5590_firmware *
dell optiplex_5090_firmware *
dell vostro_3478_firmware *
dell optiplex_7050_firmware *
dell inspiron_7391_firmware *
dell wyse_7040_thin_client_firmware *
dell vostro_3668_firmware *
dell inspiron_3511_firmware *
dell optiplex_7450_firmware *
dell xps_8940_firmware *
dell inspiron_7500_firmware *
dell vostro_5370_firmware *
dell vostro_3669_firmware *
dell precision_5510_firmware *
dell inspiron_3481_firmware *
dell latitude_e5470_firmware *
dell inspiron_5498_firmware *
dell vostro_5490_firmware *
dell optiplex_5055_firmware *
dell latitude_3310_firmware *
dell latitude_3301_firmware *
CVE-2022-26859

Dell BIOS contains a race condition vulnerability. A local attacker could exploit this vulnerability by sending malicious input via SMI in order to bypass security checks during SMM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9
security_alert@emc.com 6.1 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N 0.8 4.7

Products Affected

Vendor Product Version
dell inspiron_5310_firmware *
dell inspiron_5591_2-in-1_firmware *
dell optiplex_3090_firmware *
dell optiplex_7480_all-in-one_firmware *
dell xps_27_7760_firmware *
dell latitude_7370_firmware *
dell inspiron_3593_firmware *
dell inspiron_5593_firmware *
dell vostro_3710_firmware *
dell latitude_e7470_firmware *
dell latitude_7414_rugged_extreme_firmware *
dell latitude_3410_firmware *
dell inspiron_14_3476_firmware *
dell latitude_7390_2-in-1_firmware *
dell inspiron_5400_firmware *
dell optiplex_7040_firmware *
dell latitude_7210_2-in-1_firmware *
dell precision_3520_firmware *
dell latitude_3520_firmware *
dell latitude_3580_firmware *
dell inspiron_5409_firmware *
dell inspiron_7380_firmware *
dell latitude_3390_firmware *
dell latitude_7480_firmware *
dell inspiron_7370_firmware *
dell latitude_3490_firmware *
dell precision_3630_tower_firmware *
dell precision_7820_tower_firmware *
dell inspiron_7591_firmware *
dell optiplex_7490_all-in-one_firmware *
dell g5_15_5590_firmware *
dell latitude_9510_firmware *
dell optiplex_5060_firmware *
dell inspiron_7610_firmware *
dell xps_13_9365_firmware *
dell precision_3430_tower_firmware *
dell optiplex_5260_all-in-one_firmware *
dell latitude_9410_firmware *
dell precision_3240_compact_firmware *
dell precision_5530_firmware *
dell optiplex_5490_aio_firmware *
dell vostro_3070_firmware *
dell inspiron_5300_firmware *
dell optiplex_3050_firmware *
dell alienware_m15_r6_firmware *
dell precision_3510_firmware *
dell latitude_5491_firmware *
dell vostro_5502_firmware *
dell precision_5760_firmware *
dell inspiron_3781_firmware *
dell precision_5820_tower_firmware *
dell vostro_5581_firmware *
dell inspiron_7510_firmware *
dell vostro_5501_firmware *
dell latitude_7389_firmware *
dell vostro_3568_firmware *
dell g3_3500_firmware *
dell vostro_3580_firmware *
dell vostro_5390_firmware *
dell inspiron_3880_firmware *
dell vostro_3400_firmware *
dell latitude_7380_firmware *
dell latitude_7420_firmware *
dell latitude_rugged_7330_firmware *
dell xps_17_9710_firmware *
dell optiplex_3090_ultra_firmware *
dell precision_3551_firmware *
dell inspiron_15_5582_firmware *
dell xps_15_9510_firmware *
dell optiplex_7460_firmware *
dell optiplex_7070_firmware *
dell precision_7740_firmware *
dell vostro_3890_firmware *
dell xps_15_9500_firmware *
dell precision_7560_firmware *
dell precision_7760_firmware *
dell vostro_3470_firmware *
dell inspiron_5493_firmware *
dell precision_3650_tower_firmware *
dell latitude_9520_firmware *
dell latitude_rugged_5430_firmware *
dell inspiron_7506_2-in-1_firmware *
dell wyse_5470_all-in-one_firmware *
dell precision_5530_2-in-1_firmware *
dell latitude_7300_firmware *
dell latitude_3320_firmware *
dell xps_13_9380_firmware *
dell precision_3420_tower_firmware *
dell vostro_5300_firmware *
dell inspiron_15_3567_firmware *
dell inspiron_3790_firmware *
dell inspiron_15_5578_firmware *
dell vostro_3670_firmware *
dell inspiron_3671_firmware *
dell inspiron_14_3467_firmware *
dell inspiron_15_gaming_7577_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell inspiron_15_5566_firmware *
dell latitude_5320_firmware *
dell inspiron_7500_2-in-1_firmware *
dell latitude_e5570_firmware *
dell xps_7590_firmware *
dell xps_17_9700_firmware *
dell inspiron_5480_firmware *
dell latitude_5290_firmware *
dell precision_3560_firmware *
dell latitude_7320_detachable_firmware *
dell latitude_3510_firmware *
dell g15_5511_firmware *
dell inspiron_7306_2-in-1_firmware *
dell latitude_e7270_firmware *
dell inspiron_13_7378_firmware *
dell inspiron_3470_firmware *
dell inspiron_5510_firmware *
dell vostro_5510_firmware *
dell inspiron_7000_firmware *
dell inspiron_15_7572_firmware *
dell latitude_7220ex_rugged_extreme_tablet_firmware *
dell vostro_3690_firmware *
dell latitude_5510_firmware *
dell vostro_3471_firmware *
dell latitude_3379_firmware *
dell latitude_9420_firmware *
dell precision_3450_firmware *
dell latitude_7400_2-in-1_firmware *
dell latitude_7280_firmware *
dell latitude_7290_firmware *
dell latitude_5300_firmware *
dell latitude_7320_firmware *
dell precision_5560_firmware *
dell xps_13_9310_2-in-1_firmware *
dell optiplex_7071_firmware *
dell edge_gateway_3000_firmware *
dell latitude_e5270_firmware *
dell latitude_3380_firmware *
dell optiplex_7780_all-in-one_firmware *
dell vostro_5491_firmware *
dell vostro_3468_firmware *
dell vostro_3660_firmware *
dell inspiron_3590_firmware *
dell vostro_15_7570_firmware *
dell latitude_7275_2-in-1_firmware *
dell precision_3431_tower_firmware *
dell vostro_5591_firmware *
dell inspiron_5502_firmware *
dell optiplex_5050_firmware *
dell vostro_3481_firmware *
dell vostro_3490_firmware *
dell inspiron_5583_firmware *
dell inspiron_5406_2-in-1_firmware *
dell latitude_5290_2-in-1_firmware *
dell precision_3440_firmware *
dell chengming_3980_firmware *
dell xps_13_9310_firmware *
dell precision_7710_firmware *
dell latitude_5580_firmware *
dell latitude_3120_firmware *
dell latitude_7410_firmware *
dell g7_7588_firmware *
dell inspiron_5598_firmware *
dell latitude_3189_firmware *
dell inspiron_7791_firmware *
dell precision_5750_firmware *
dell vostro_3681_firmware *
dell inspiron_5491_2-in-1_firmware *
dell latitude_5495_firmware *
dell optiplex_3080_firmware *
dell inspiron_13_5378_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell latitude_3590_firmware *
dell optiplex_3040_firmware *
dell inspiron_5402_firmware *
dell precision_7520_firmware *
dell latitude_3400_firmware *
dell inspiron_5410_2-in-1_firmware *
dell latitude_3180_firmware *
dell inspiron_5584_firmware *
dell optiplex_7760_aio_firmware *
dell latitude_5500_firmware *
dell inspiron_5391_firmware *
dell inspiron_5501_firmware *
dell g7_17_7700_firmware *
dell inspiron_5580_firmware *
dell wyse_5070_firmware *
dell inspiron_5594_firmware *
dell chengming_3990_firmware *
dell inspiron_7786_firmware *
dell inspiron_5301_firmware *
dell vostro_3578_firmware *
dell vostro_3584_firmware *
dell inspiron_3881_firmware *
dell vostro_5090_firmware *
dell latitude_7220_rugged_extreme_tablet_firmware *
dell g3_15_3590_firmware *
dell optiplex_7090_ultra_firmware *
dell inspiron_5570_firmware *
dell precision_3550_firmware *
dell vostro_5410_firmware *
dell inspiron_7300_2-in-1_firmware *
dell optiplex_3280_all-in-one_firmware *
dell optiplex_5480_all-in-one_firmware *
dell inspiron_7570_firmware *
dell precision_3930_rack_firmware *
dell xps_15_7590_firmware *
dell inspiron_3490_firmware *
dell g5_5000_firmware *
dell precision_7540_firmware *
dell latitude_5289_firmware *
dell chengming_3988_firmware *
dell latitude_5280_firmware *
dell inspiron_5410_firmware *
dell vostro_3510_firmware *
dell xps_13_9305_firmware *
dell optiplex_7770_all-in-one_firmware *
dell inspiron_5408_firmware *
dell inspiron_7590_firmware *
dell latitude_7490_firmware *
dell inspiron_3493_firmware *
dell inspiron_7386_firmware *
dell latitude_7520_firmware *
dell latitude_3480_firmware *
dell latitude_3310_2-in-1_firmware *
dell vostro_3590_firmware *
dell vostro_5481_firmware *
dell latitude_3570_firmware *
dell latitude_7214_firmware *
dell optiplex_5250_firmware *
dell latitude_5410_firmware *
dell vostro_5391_firmware *
dell inspiron_7373_firmware *
dell optiplex_3050_aio_firmware *
dell inspiron_5401_firmware *
dell optiplex_7470_all-in-one_firmware *
dell inspiron_5370_firmware *
dell edge_gateway_5000_firmware *
dell vostro_15_7580_firmware *
dell latitude_5411_firmware *
dell g5_5090_firmware *
dell g7_7500_firmware *
dell optiplex_3060_firmware *
dell inspiron_3581_firmware *
dell optiplex_xe3_firmware *
dell inspiron_7573_firmware *
dell inspiron_5590_firmware *
dell precision_5540_firmware *
dell embedded_box_pc_5000_firmware *
dell latitude_7285_firmware *
dell precision_7730_firmware *
dell inspiron_7501_firmware *
dell vostro_7510_firmware *
dell latitude_5490_firmware *
dell inspiron_7390_firmware *
dell latitude_5520_firmware *
dell precision_3561_firmware *
dell inspiron_5508_firmware *
dell g5_5500_firmware *
dell vostro_3881_firmware *
dell inspiron_5509_firmware *
dell latitude_5521_firmware *
dell vostro_5401_firmware *
dell vostro_3500_firmware *
dell vostro_3501_firmware *
dell optiplex_5080_firmware *
dell inspiron_7580_firmware *
dell latitude_5420_firmware *
dell inspiron_7490_firmware *
dell inspiron_5400_2-in-1_firmware *
dell latitude_5175_firmware *
dell inspiron_3891_firmware *
dell latitude_7200_2-in-1_firmware *
dell inspiron_3910_firmware *
dell xps_13_9360_firmware *
dell latitude_3470_firmware *
dell inspiron_3576_firmware *
dell precision_3620_tower_firmware *
dell latitude_5288_firmware *
dell latitude_3300_firmware *
dell vostro_3667_firmware *
dell inspiron_5494_firmware *
dell optiplex_5070_firmware *
dell inspiron_3480_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_7212_rugged_extreme_tablet_firmware *
dell latitude_5501_firmware *
dell vostro_3910_firmware *
dell latitude_7390_firmware *
dell latitude_5179_firmware *
dell inspiron_5490_aio_firmware *
dell optiplex_3046_firmware *
dell optiplex_5040_firmware *
dell inspiron_7300_firmware *
dell optiplex_7070_ultra_firmware *
dell optiplex_7080_firmware *
dell inspiron_7400_firmware *
dell latitude_3420_firmware *
dell inspiron_5770_firmware *
dell inspiron_3793_firmware *
dell optiplex_7090_firmware *
dell inspiron_7790_firmware *
dell precision_7750_firmware *
dell latitude_3190_firmware *
dell chengming_3991_firmware *
dell latitude_5424_rugged_firmware *
dell precision_5550_firmware *
dell inspiron_7706_2-in-1_firmware *
dell latitude_5300_2-in-1_firmware *
dell vostro_5880_firmware *
dell inspiron_5401_aio_firmware *
dell inspiron_7700_aio_firmware *
dell latitude_5400_firmware *
dell latitude_5310_firmware *
dell g7_17_7790_firmware *
dell optiplex_7060_firmware *
dell vostro_5471_firmware *
dell vostro_5468_firmware *
dell xps_13_9370_firmware *
dell inspiron_7472_firmware *
dell vostro_3268_firmware *
dell vostro_3583_firmware *
dell precision_7550_firmware *
dell precision_3540_firmware *
dell vostro_5568_firmware *
dell vostro_3480_firmware *
dell optiplex_5270_all-in-one_firmware *
dell optiplex_3240_all-in-one_firmware *
dell inspiron_5491_aio_firmware *
dell precision_7920_tower_firmware *
dell inspiron_3670_firmware *
dell latitude_5285_2-in-1_firmware *
dell optiplex_7440_aio_firmware *
dell inspiron_3471_firmware *
dell vostro_5301_firmware *
dell inspiron_5482_firmware *
dell latitude_3190_2-in-1_firmware *
dell precision_3541_firmware *
dell latitude_5414_rugged_firmware *
dell g3_3579_firmware *
dell latitude_5480_firmware *
dell inspiron_15_5579_firmware *
dell g5_15_5587_firmware *
dell inspiron_7586_firmware *
dell precision_7720_firmware *
dell latitude_3500_firmware *
dell vostro_3267_firmware *
dell inspiron_5390_firmware *
dell inspiron_13_5379_firmware *
dell latitude_5421_firmware *
dell inspiron_3780_firmware *
dell vostro_3671_firmware *
dell vostro_5890_firmware *
dell precision_3640_tower_firmware *
dell xps_15_9575_2-in-1_firmware *
dell latitude_7310_firmware *
dell vostro_5590_firmware *
dell vostro_5310_firmware *
dell optiplex_3070_firmware *
dell precision_7530_firmware *
dell precision_5520_firmware *
dell latitude_7400_firmware *
dell wyse_5470_firmware *
dell vostro_5402_firmware *
dell vostro_3581_firmware *
dell inspiron_5481_firmware *
dell latitude_5591_firmware *
dell vostro_7500_firmware *
dell vostro_7590_firmware *
dell inspiron_3580_firmware *
dell inspiron_5490_firmware *
dell latitude_5420_rugged_firmware *
dell latitude_5488_firmware *
dell inspiron_17_7773_firmware *
dell embedded_box_pc_3000_firmware *
dell vostro_3401_firmware *
dell latitude_5511_firmware *
dell precision_3530_firmware *
dell inspiron_3501_firmware *
dell g15_5510_firmware *
dell latitude_5590_firmware *
dell optiplex_5090_firmware *
dell vostro_3478_firmware *
dell optiplex_7050_firmware *
dell inspiron_7391_firmware *
dell wyse_7040_thin_client_firmware *
dell vostro_3668_firmware *
dell inspiron_3511_firmware *
dell optiplex_7450_firmware *
dell xps_8940_firmware *
dell inspiron_7500_firmware *
dell vostro_5370_firmware *
dell vostro_3669_firmware *
dell precision_5510_firmware *
dell inspiron_3481_firmware *
dell latitude_e5470_firmware *
dell inspiron_5498_firmware *
dell vostro_5490_firmware *
dell optiplex_5055_firmware *
dell latitude_3310_firmware *
dell latitude_3301_firmware *
CVE-2022-26860

Dell BIOS versions contain a stack-based buffer overflow vulnerability. A local attacker could exploit this vulnerability by sending malicious input via SMI to bypass security checks resulting in arbitrary code execution in SMM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0

Products Affected

Vendor Product Version
dell inspiron_5310_firmware *
dell inspiron_5591_2-in-1_firmware *
dell optiplex_3090_firmware *
dell optiplex_7480_all-in-one_firmware *
dell xps_27_7760_firmware *
dell latitude_7370_firmware *
dell inspiron_3593_firmware *
dell inspiron_5593_firmware *
dell vostro_3710_firmware *
dell latitude_e7470_firmware *
dell latitude_7414_rugged_extreme_firmware *
dell latitude_3410_firmware *
dell inspiron_14_3476_firmware *
dell latitude_7390_2-in-1_firmware *
dell inspiron_5400_firmware *
dell optiplex_7040_firmware *
dell latitude_7210_2-in-1_firmware *
dell precision_3520_firmware *
dell latitude_3520_firmware *
dell latitude_3580_firmware *
dell inspiron_5409_firmware *
dell inspiron_7380_firmware *
dell latitude_3390_firmware *
dell latitude_7480_firmware *
dell inspiron_7370_firmware *
dell latitude_3490_firmware *
dell precision_3630_tower_firmware *
dell precision_7820_tower_firmware *
dell inspiron_7591_firmware *
dell optiplex_7490_all-in-one_firmware *
dell g5_15_5590_firmware *
dell latitude_9510_firmware *
dell optiplex_5060_firmware *
dell inspiron_7610_firmware *
dell xps_13_9365_firmware *
dell precision_3430_tower_firmware *
dell optiplex_5260_all-in-one_firmware *
dell latitude_9410_firmware *
dell precision_3240_compact_firmware *
dell precision_5530_firmware *
dell optiplex_5490_aio_firmware *
dell vostro_3070_firmware *
dell inspiron_5300_firmware *
dell optiplex_3050_firmware *
dell alienware_m15_r6_firmware *
dell precision_3510_firmware *
dell latitude_5491_firmware *
dell vostro_5502_firmware *
dell precision_5760_firmware *
dell inspiron_3781_firmware *
dell precision_5820_tower_firmware *
dell vostro_5581_firmware *
dell inspiron_7510_firmware *
dell vostro_5501_firmware *
dell latitude_7389_firmware *
dell vostro_3568_firmware *
dell g3_3500_firmware *
dell vostro_3580_firmware *
dell vostro_5390_firmware *
dell inspiron_3880_firmware *
dell vostro_3400_firmware *
dell latitude_7380_firmware *
dell latitude_7420_firmware *
dell latitude_rugged_7330_firmware *
dell xps_17_9710_firmware *
dell optiplex_3090_ultra_firmware *
dell precision_3551_firmware *
dell inspiron_15_5582_firmware *
dell xps_15_9510_firmware *
dell optiplex_7460_firmware *
dell optiplex_7070_firmware *
dell precision_7740_firmware *
dell vostro_3890_firmware *
dell xps_15_9500_firmware *
dell precision_7560_firmware *
dell precision_7760_firmware *
dell vostro_3470_firmware *
dell inspiron_5493_firmware *
dell precision_3650_tower_firmware *
dell latitude_9520_firmware *
dell latitude_rugged_5430_firmware *
dell inspiron_7506_2-in-1_firmware *
dell wyse_5470_all-in-one_firmware *
dell precision_5530_2-in-1_firmware *
dell latitude_7300_firmware *
dell latitude_3320_firmware *
dell xps_13_9380_firmware *
dell precision_3420_tower_firmware *
dell vostro_5300_firmware *
dell inspiron_15_3567_firmware *
dell inspiron_3790_firmware *
dell inspiron_15_5578_firmware *
dell vostro_3670_firmware *
dell inspiron_3671_firmware *
dell inspiron_14_3467_firmware *
dell inspiron_15_gaming_7577_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell inspiron_15_5566_firmware *
dell latitude_5320_firmware *
dell inspiron_7500_2-in-1_firmware *
dell latitude_e5570_firmware *
dell xps_7590_firmware *
dell xps_17_9700_firmware *
dell inspiron_5480_firmware *
dell latitude_5290_firmware *
dell precision_3560_firmware *
dell latitude_7320_detachable_firmware *
dell latitude_3510_firmware *
dell g15_5511_firmware *
dell inspiron_7306_2-in-1_firmware *
dell latitude_e7270_firmware *
dell inspiron_13_7378_firmware *
dell inspiron_3470_firmware *
dell inspiron_5510_firmware *
dell vostro_5510_firmware *
dell inspiron_7000_firmware *
dell inspiron_15_7572_firmware *
dell latitude_7220ex_rugged_extreme_tablet_firmware *
dell vostro_3690_firmware *
dell latitude_5510_firmware *
dell vostro_3471_firmware *
dell latitude_3379_firmware *
dell latitude_9420_firmware *
dell precision_3450_firmware *
dell latitude_7400_2-in-1_firmware *
dell latitude_7280_firmware *
dell latitude_7290_firmware *
dell latitude_5300_firmware *
dell latitude_7320_firmware *
dell precision_5560_firmware *
dell xps_13_9310_2-in-1_firmware *
dell optiplex_7071_firmware *
dell edge_gateway_3000_firmware *
dell latitude_e5270_firmware *
dell latitude_3380_firmware *
dell optiplex_7780_all-in-one_firmware *
dell vostro_5491_firmware *
dell vostro_3468_firmware *
dell vostro_3660_firmware *
dell inspiron_3590_firmware *
dell vostro_15_7570_firmware *
dell latitude_7275_2-in-1_firmware *
dell precision_3431_tower_firmware *
dell vostro_5591_firmware *
dell inspiron_5502_firmware *
dell optiplex_5050_firmware *
dell vostro_3481_firmware *
dell vostro_3490_firmware *
dell inspiron_5583_firmware *
dell inspiron_5406_2-in-1_firmware *
dell latitude_5290_2-in-1_firmware *
dell precision_3440_firmware *
dell chengming_3980_firmware *
dell xps_13_9310_firmware *
dell precision_7710_firmware *
dell latitude_5580_firmware *
dell latitude_3120_firmware *
dell latitude_7410_firmware *
dell g7_7588_firmware *
dell inspiron_5598_firmware *
dell latitude_3189_firmware *
dell inspiron_7791_firmware *
dell precision_5750_firmware *
dell vostro_3681_firmware *
dell inspiron_5491_2-in-1_firmware *
dell latitude_5495_firmware *
dell optiplex_3080_firmware *
dell inspiron_13_5378_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell latitude_3590_firmware *
dell optiplex_3040_firmware *
dell inspiron_5402_firmware *
dell precision_7520_firmware *
dell latitude_3400_firmware *
dell inspiron_5410_2-in-1_firmware *
dell latitude_3180_firmware *
dell inspiron_5584_firmware *
dell optiplex_7760_aio_firmware *
dell latitude_5500_firmware *
dell inspiron_5391_firmware *
dell inspiron_5501_firmware *
dell g7_17_7700_firmware *
dell inspiron_5580_firmware *
dell wyse_5070_firmware *
dell inspiron_5594_firmware *
dell chengming_3990_firmware *
dell inspiron_7786_firmware *
dell inspiron_5301_firmware *
dell vostro_3578_firmware *
dell vostro_3584_firmware *
dell inspiron_3881_firmware *
dell vostro_5090_firmware *
dell latitude_7220_rugged_extreme_tablet_firmware *
dell g3_15_3590_firmware *
dell optiplex_7090_ultra_firmware *
dell inspiron_5570_firmware *
dell precision_3550_firmware *
dell vostro_5410_firmware *
dell inspiron_7300_2-in-1_firmware *
dell optiplex_3280_all-in-one_firmware *
dell optiplex_5480_all-in-one_firmware *
dell inspiron_7570_firmware *
dell precision_3930_rack_firmware *
dell xps_15_7590_firmware *
dell inspiron_3490_firmware *
dell g5_5000_firmware *
dell precision_7540_firmware *
dell latitude_5289_firmware *
dell chengming_3988_firmware *
dell latitude_5280_firmware *
dell inspiron_5410_firmware *
dell vostro_3510_firmware *
dell xps_13_9305_firmware *
dell optiplex_7770_all-in-one_firmware *
dell inspiron_5408_firmware *
dell inspiron_7590_firmware *
dell latitude_7490_firmware *
dell inspiron_3493_firmware *
dell inspiron_7386_firmware *
dell latitude_7520_firmware *
dell latitude_3480_firmware *
dell latitude_3310_2-in-1_firmware *
dell vostro_3590_firmware *
dell vostro_5481_firmware *
dell latitude_3570_firmware *
dell latitude_7214_firmware *
dell optiplex_5250_firmware *
dell latitude_5410_firmware *
dell vostro_5391_firmware *
dell inspiron_7373_firmware *
dell optiplex_3050_aio_firmware *
dell inspiron_5401_firmware *
dell optiplex_7470_all-in-one_firmware *
dell inspiron_5370_firmware *
dell edge_gateway_5000_firmware *
dell vostro_15_7580_firmware *
dell latitude_5411_firmware *
dell g5_5090_firmware *
dell g7_7500_firmware *
dell optiplex_3060_firmware *
dell inspiron_3581_firmware *
dell optiplex_xe3_firmware *
dell inspiron_7573_firmware *
dell inspiron_5590_firmware *
dell precision_5540_firmware *
dell embedded_box_pc_5000_firmware *
dell latitude_7285_firmware *
dell precision_7730_firmware *
dell inspiron_7501_firmware *
dell vostro_7510_firmware *
dell latitude_5490_firmware *
dell inspiron_7390_firmware *
dell latitude_5520_firmware *
dell precision_3561_firmware *
dell inspiron_5508_firmware *
dell g5_5500_firmware *
dell vostro_3881_firmware *
dell inspiron_5509_firmware *
dell latitude_5521_firmware *
dell vostro_5401_firmware *
dell vostro_3500_firmware *
dell vostro_3501_firmware *
dell optiplex_5080_firmware *
dell inspiron_7580_firmware *
dell latitude_5420_firmware *
dell inspiron_7490_firmware *
dell inspiron_5400_2-in-1_firmware *
dell latitude_5175_firmware *
dell inspiron_3891_firmware *
dell latitude_7200_2-in-1_firmware *
dell inspiron_3910_firmware *
dell xps_13_9360_firmware *
dell latitude_3470_firmware *
dell inspiron_3576_firmware *
dell precision_3620_tower_firmware *
dell latitude_5288_firmware *
dell latitude_3300_firmware *
dell vostro_3667_firmware *
dell inspiron_5494_firmware *
dell optiplex_5070_firmware *
dell inspiron_3480_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_7212_rugged_extreme_tablet_firmware *
dell latitude_5501_firmware *
dell vostro_3910_firmware *
dell latitude_7390_firmware *
dell latitude_5179_firmware *
dell inspiron_5490_aio_firmware *
dell optiplex_3046_firmware *
dell optiplex_5040_firmware *
dell inspiron_7300_firmware *
dell optiplex_7070_ultra_firmware *
dell optiplex_7080_firmware *
dell inspiron_7400_firmware *
dell latitude_3420_firmware *
dell inspiron_5770_firmware *
dell inspiron_3793_firmware *
dell optiplex_7090_firmware *
dell inspiron_7790_firmware *
dell precision_7750_firmware *
dell latitude_3190_firmware *
dell chengming_3991_firmware *
dell latitude_5424_rugged_firmware *
dell precision_5550_firmware *
dell inspiron_7706_2-in-1_firmware *
dell latitude_5300_2-in-1_firmware *
dell vostro_5880_firmware *
dell inspiron_5401_aio_firmware *
dell inspiron_7700_aio_firmware *
dell latitude_5400_firmware *
dell latitude_5310_firmware *
dell g7_17_7790_firmware *
dell optiplex_7060_firmware *
dell vostro_5471_firmware *
dell vostro_5468_firmware *
dell xps_13_9370_firmware *
dell inspiron_7472_firmware *
dell vostro_3268_firmware *
dell vostro_3583_firmware *
dell precision_7550_firmware *
dell precision_3540_firmware *
dell vostro_5568_firmware *
dell vostro_3480_firmware *
dell optiplex_5270_all-in-one_firmware *
dell optiplex_3240_all-in-one_firmware *
dell inspiron_5491_aio_firmware *
dell precision_7920_tower_firmware *
dell inspiron_3670_firmware *
dell latitude_5285_2-in-1_firmware *
dell optiplex_7440_aio_firmware *
dell inspiron_3471_firmware *
dell vostro_5301_firmware *
dell inspiron_5482_firmware *
dell latitude_3190_2-in-1_firmware *
dell precision_3541_firmware *
dell latitude_5414_rugged_firmware *
dell g3_3579_firmware *
dell latitude_5480_firmware *
dell inspiron_15_5579_firmware *
dell g5_15_5587_firmware *
dell inspiron_7586_firmware *
dell precision_7720_firmware *
dell latitude_3500_firmware *
dell vostro_3267_firmware *
dell inspiron_5390_firmware *
dell inspiron_13_5379_firmware *
dell latitude_5421_firmware *
dell inspiron_3780_firmware *
dell vostro_3671_firmware *
dell vostro_5890_firmware *
dell precision_3640_tower_firmware *
dell xps_15_9575_2-in-1_firmware *
dell latitude_7310_firmware *
dell vostro_5590_firmware *
dell vostro_5310_firmware *
dell optiplex_3070_firmware *
dell precision_7530_firmware *
dell precision_5520_firmware *
dell latitude_7400_firmware *
dell wyse_5470_firmware *
dell vostro_5402_firmware *
dell vostro_3581_firmware *
dell inspiron_5481_firmware *
dell latitude_5591_firmware *
dell vostro_7500_firmware *
dell vostro_7590_firmware *
dell inspiron_3580_firmware *
dell inspiron_5490_firmware *
dell latitude_5420_rugged_firmware *
dell latitude_5488_firmware *
dell inspiron_17_7773_firmware *
dell embedded_box_pc_3000_firmware *
dell vostro_3401_firmware *
dell latitude_5511_firmware *
dell precision_3530_firmware *
dell inspiron_3501_firmware *
dell g15_5510_firmware *
dell latitude_5590_firmware *
dell optiplex_5090_firmware *
dell vostro_3478_firmware *
dell optiplex_7050_firmware *
dell inspiron_7391_firmware *
dell wyse_7040_thin_client_firmware *
dell vostro_3668_firmware *
dell inspiron_3511_firmware *
dell optiplex_7450_firmware *
dell xps_8940_firmware *
dell inspiron_7500_firmware *
dell vostro_5370_firmware *
dell vostro_3669_firmware *
dell precision_5510_firmware *
dell inspiron_3481_firmware *
dell latitude_e5470_firmware *
dell inspiron_5498_firmware *
dell vostro_5490_firmware *
dell optiplex_5055_firmware *
dell latitude_3310_firmware *
dell latitude_3301_firmware *
CVE-2022-26861

Dell BIOS versions contain an Insecure Automated Optimization vulnerability. A local authenticated malicious user could exploit this vulnerability by sending malicious input via SMI to obtain arbitrary code execution during SMM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.9 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N 1.5 5.8
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell inspiron_5310_firmware *
dell inspiron_5591_2-in-1_firmware *
dell optiplex_3090_firmware *
dell optiplex_7480_all-in-one_firmware *
dell xps_27_7760_firmware *
dell latitude_7370_firmware *
dell inspiron_3593_firmware *
dell inspiron_5593_firmware *
dell vostro_3710_firmware *
dell latitude_e7470_firmware *
dell latitude_7414_rugged_extreme_firmware *
dell latitude_3410_firmware *
dell inspiron_14_3476_firmware *
dell latitude_7390_2-in-1_firmware *
dell inspiron_5400_firmware *
dell optiplex_7040_firmware *
dell latitude_7210_2-in-1_firmware *
dell precision_3520_firmware *
dell latitude_3520_firmware *
dell latitude_3580_firmware *
dell inspiron_5409_firmware *
dell inspiron_7380_firmware *
dell latitude_3390_firmware *
dell latitude_7480_firmware *
dell inspiron_7370_firmware *
dell latitude_3490_firmware *
dell precision_3630_tower_firmware *
dell precision_7820_tower_firmware *
dell inspiron_7591_firmware *
dell optiplex_7490_all-in-one_firmware *
dell g5_15_5590_firmware *
dell latitude_9510_firmware *
dell optiplex_5060_firmware *
dell inspiron_7610_firmware *
dell xps_13_9365_firmware *
dell precision_3430_tower_firmware *
dell optiplex_5260_all-in-one_firmware *
dell latitude_9410_firmware *
dell precision_3240_compact_firmware *
dell precision_5530_firmware *
dell optiplex_5490_aio_firmware *
dell vostro_3070_firmware *
dell inspiron_5300_firmware *
dell optiplex_3050_firmware *
dell alienware_m15_r6_firmware *
dell precision_3510_firmware *
dell latitude_5491_firmware *
dell vostro_5502_firmware *
dell precision_5760_firmware *
dell inspiron_3781_firmware *
dell precision_5820_tower_firmware *
dell vostro_5581_firmware *
dell inspiron_7510_firmware *
dell vostro_5501_firmware *
dell latitude_7389_firmware *
dell vostro_3568_firmware *
dell g3_3500_firmware *
dell vostro_3580_firmware *
dell vostro_5390_firmware *
dell inspiron_3880_firmware *
dell vostro_3400_firmware *
dell latitude_7380_firmware *
dell latitude_7420_firmware *
dell latitude_rugged_7330_firmware *
dell xps_17_9710_firmware *
dell optiplex_3090_ultra_firmware *
dell precision_3551_firmware *
dell inspiron_15_5582_firmware *
dell xps_15_9510_firmware *
dell optiplex_7460_firmware *
dell optiplex_7070_firmware *
dell precision_7740_firmware *
dell vostro_3890_firmware *
dell xps_15_9500_firmware *
dell precision_7560_firmware *
dell precision_7760_firmware *
dell vostro_3470_firmware *
dell inspiron_5493_firmware *
dell precision_3650_tower_firmware *
dell latitude_9520_firmware *
dell latitude_rugged_5430_firmware *
dell inspiron_7506_2-in-1_firmware *
dell wyse_5470_all-in-one_firmware *
dell precision_5530_2-in-1_firmware *
dell latitude_7300_firmware *
dell latitude_3320_firmware *
dell xps_13_9380_firmware *
dell precision_3420_tower_firmware *
dell vostro_5300_firmware *
dell inspiron_15_3567_firmware *
dell inspiron_3790_firmware *
dell inspiron_15_5578_firmware *
dell vostro_3670_firmware *
dell inspiron_3671_firmware *
dell inspiron_14_3467_firmware *
dell inspiron_15_gaming_7577_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell inspiron_15_5566_firmware *
dell latitude_5320_firmware *
dell inspiron_7500_2-in-1_firmware *
dell latitude_e5570_firmware *
dell xps_7590_firmware *
dell xps_17_9700_firmware *
dell inspiron_5480_firmware *
dell latitude_5290_firmware *
dell precision_3560_firmware *
dell latitude_7320_detachable_firmware *
dell latitude_3510_firmware *
dell g15_5511_firmware *
dell inspiron_7306_2-in-1_firmware *
dell latitude_e7270_firmware *
dell inspiron_13_7378_firmware *
dell inspiron_3470_firmware *
dell inspiron_5510_firmware *
dell vostro_5510_firmware *
dell inspiron_7000_firmware *
dell inspiron_15_7572_firmware *
dell latitude_7220ex_rugged_extreme_tablet_firmware *
dell vostro_3690_firmware *
dell latitude_5510_firmware *
dell vostro_3471_firmware *
dell latitude_3379_firmware *
dell latitude_9420_firmware *
dell precision_3450_firmware *
dell latitude_7400_2-in-1_firmware *
dell latitude_7280_firmware *
dell latitude_7290_firmware *
dell latitude_5300_firmware *
dell latitude_7320_firmware *
dell precision_5560_firmware *
dell xps_13_9310_2-in-1_firmware *
dell optiplex_7071_firmware *
dell edge_gateway_3000_firmware *
dell latitude_e5270_firmware *
dell latitude_3380_firmware *
dell optiplex_7780_all-in-one_firmware *
dell vostro_5491_firmware *
dell vostro_3468_firmware *
dell vostro_3660_firmware *
dell inspiron_3590_firmware *
dell vostro_15_7570_firmware *
dell latitude_7275_2-in-1_firmware *
dell precision_3431_tower_firmware *
dell vostro_5591_firmware *
dell inspiron_5502_firmware *
dell optiplex_5050_firmware *
dell vostro_3481_firmware *
dell vostro_3490_firmware *
dell inspiron_5583_firmware *
dell inspiron_5406_2-in-1_firmware *
dell latitude_5290_2-in-1_firmware *
dell precision_3440_firmware *
dell chengming_3980_firmware *
dell xps_13_9310_firmware *
dell precision_7710_firmware *
dell latitude_5580_firmware *
dell latitude_3120_firmware *
dell latitude_7410_firmware *
dell g7_7588_firmware *
dell inspiron_5598_firmware *
dell latitude_3189_firmware *
dell inspiron_7791_firmware *
dell precision_5750_firmware *
dell vostro_3681_firmware *
dell inspiron_5491_2-in-1_firmware *
dell latitude_5495_firmware *
dell optiplex_3080_firmware *
dell inspiron_13_5378_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell latitude_3590_firmware *
dell optiplex_3040_firmware *
dell inspiron_5402_firmware *
dell precision_7520_firmware *
dell latitude_3400_firmware *
dell inspiron_5410_2-in-1_firmware *
dell latitude_3180_firmware *
dell inspiron_5584_firmware *
dell optiplex_7760_aio_firmware *
dell latitude_5500_firmware *
dell inspiron_5391_firmware *
dell inspiron_5501_firmware *
dell g7_17_7700_firmware *
dell inspiron_5580_firmware *
dell wyse_5070_firmware *
dell inspiron_5594_firmware *
dell chengming_3990_firmware *
dell inspiron_7786_firmware *
dell inspiron_5301_firmware *
dell vostro_3578_firmware *
dell vostro_3584_firmware *
dell inspiron_3881_firmware *
dell vostro_5090_firmware *
dell latitude_7220_rugged_extreme_tablet_firmware *
dell g3_15_3590_firmware *
dell optiplex_7090_ultra_firmware *
dell inspiron_5570_firmware *
dell precision_3550_firmware *
dell vostro_5410_firmware *
dell inspiron_7300_2-in-1_firmware *
dell optiplex_3280_all-in-one_firmware *
dell optiplex_5480_all-in-one_firmware *
dell inspiron_7570_firmware *
dell precision_3930_rack_firmware *
dell xps_15_7590_firmware *
dell inspiron_3490_firmware *
dell g5_5000_firmware *
dell precision_7540_firmware *
dell latitude_5289_firmware *
dell chengming_3988_firmware *
dell latitude_5280_firmware *
dell inspiron_5410_firmware *
dell vostro_3510_firmware *
dell xps_13_9305_firmware *
dell optiplex_7770_all-in-one_firmware *
dell inspiron_5408_firmware *
dell inspiron_7590_firmware *
dell latitude_7490_firmware *
dell inspiron_3493_firmware *
dell inspiron_7386_firmware *
dell latitude_7520_firmware *
dell latitude_3480_firmware *
dell latitude_3310_2-in-1_firmware *
dell vostro_3590_firmware *
dell vostro_5481_firmware *
dell latitude_3570_firmware *
dell latitude_7214_firmware *
dell optiplex_5250_firmware *
dell latitude_5410_firmware *
dell vostro_5391_firmware *
dell inspiron_7373_firmware *
dell optiplex_3050_aio_firmware *
dell inspiron_5401_firmware *
dell optiplex_7470_all-in-one_firmware *
dell inspiron_5370_firmware *
dell edge_gateway_5000_firmware *
dell vostro_15_7580_firmware *
dell latitude_5411_firmware *
dell g5_5090_firmware *
dell g7_7500_firmware *
dell optiplex_3060_firmware *
dell inspiron_3581_firmware *
dell optiplex_xe3_firmware *
dell inspiron_7573_firmware *
dell inspiron_5590_firmware *
dell precision_5540_firmware *
dell embedded_box_pc_5000_firmware *
dell latitude_7285_firmware *
dell precision_7730_firmware *
dell inspiron_7501_firmware *
dell vostro_7510_firmware *
dell latitude_5490_firmware *
dell inspiron_7390_firmware *
dell latitude_5520_firmware *
dell precision_3561_firmware *
dell inspiron_5508_firmware *
dell g5_5500_firmware *
dell vostro_3881_firmware *
dell inspiron_5509_firmware *
dell latitude_5521_firmware *
dell vostro_5401_firmware *
dell vostro_3500_firmware *
dell vostro_3501_firmware *
dell optiplex_5080_firmware *
dell inspiron_7580_firmware *
dell latitude_5420_firmware *
dell inspiron_7490_firmware *
dell inspiron_5400_2-in-1_firmware *
dell latitude_5175_firmware *
dell inspiron_3891_firmware *
dell latitude_7200_2-in-1_firmware *
dell inspiron_3910_firmware *
dell xps_13_9360_firmware *
dell latitude_3470_firmware *
dell inspiron_3576_firmware *
dell precision_3620_tower_firmware *
dell latitude_5288_firmware *
dell latitude_3300_firmware *
dell vostro_3667_firmware *
dell inspiron_5494_firmware *
dell optiplex_5070_firmware *
dell inspiron_3480_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_7212_rugged_extreme_tablet_firmware *
dell latitude_5501_firmware *
dell vostro_3910_firmware *
dell latitude_7390_firmware *
dell latitude_5179_firmware *
dell inspiron_5490_aio_firmware *
dell optiplex_3046_firmware *
dell optiplex_5040_firmware *
dell inspiron_7300_firmware *
dell optiplex_7070_ultra_firmware *
dell optiplex_7080_firmware *
dell inspiron_7400_firmware *
dell latitude_3420_firmware *
dell inspiron_5770_firmware *
dell inspiron_3793_firmware *
dell optiplex_7090_firmware *
dell inspiron_7790_firmware *
dell precision_7750_firmware *
dell latitude_3190_firmware *
dell chengming_3991_firmware *
dell latitude_5424_rugged_firmware *
dell precision_5550_firmware *
dell inspiron_7706_2-in-1_firmware *
dell latitude_5300_2-in-1_firmware *
dell vostro_5880_firmware *
dell inspiron_5401_aio_firmware *
dell inspiron_7700_aio_firmware *
dell latitude_5400_firmware *
dell latitude_5310_firmware *
dell g7_17_7790_firmware *
dell optiplex_7060_firmware *
dell vostro_5471_firmware *
dell vostro_5468_firmware *
dell xps_13_9370_firmware *
dell inspiron_7472_firmware *
dell vostro_3268_firmware *
dell vostro_3583_firmware *
dell precision_7550_firmware *
dell precision_3540_firmware *
dell vostro_5568_firmware *
dell vostro_3480_firmware *
dell optiplex_5270_all-in-one_firmware *
dell optiplex_3240_all-in-one_firmware *
dell inspiron_5491_aio_firmware *
dell precision_7920_tower_firmware *
dell inspiron_3670_firmware *
dell latitude_5285_2-in-1_firmware *
dell optiplex_7440_aio_firmware *
dell inspiron_3471_firmware *
dell vostro_5301_firmware *
dell inspiron_5482_firmware *
dell latitude_3190_2-in-1_firmware *
dell precision_3541_firmware *
dell latitude_5414_rugged_firmware *
dell g3_3579_firmware *
dell latitude_5480_firmware *
dell inspiron_15_5579_firmware *
dell g5_15_5587_firmware *
dell inspiron_7586_firmware *
dell precision_7720_firmware *
dell latitude_3500_firmware *
dell vostro_3267_firmware *
dell inspiron_5390_firmware *
dell inspiron_13_5379_firmware *
dell latitude_5421_firmware *
dell inspiron_3780_firmware *
dell vostro_3671_firmware *
dell vostro_5890_firmware *
dell precision_3640_tower_firmware *
dell xps_15_9575_2-in-1_firmware *
dell latitude_7310_firmware *
dell vostro_5590_firmware *
dell vostro_5310_firmware *
dell optiplex_3070_firmware *
dell precision_7530_firmware *
dell precision_5520_firmware *
dell latitude_7400_firmware *
dell wyse_5470_firmware *
dell vostro_5402_firmware *
dell vostro_3581_firmware *
dell inspiron_5481_firmware *
dell latitude_5591_firmware *
dell vostro_7500_firmware *
dell vostro_7590_firmware *
dell inspiron_3580_firmware *
dell inspiron_5490_firmware *
dell latitude_5420_rugged_firmware *
dell latitude_5488_firmware *
dell inspiron_17_7773_firmware *
dell embedded_box_pc_3000_firmware *
dell vostro_3401_firmware *
dell latitude_5511_firmware *
dell precision_3530_firmware *
dell inspiron_3501_firmware *
dell g15_5510_firmware *
dell latitude_5590_firmware *
dell optiplex_5090_firmware *
dell vostro_3478_firmware *
dell optiplex_7050_firmware *
dell inspiron_7391_firmware *
dell wyse_7040_thin_client_firmware *
dell vostro_3668_firmware *
dell inspiron_3511_firmware *
dell optiplex_7450_firmware *
dell xps_8940_firmware *
dell inspiron_7500_firmware *
dell vostro_5370_firmware *
dell vostro_3669_firmware *
dell precision_5510_firmware *
dell inspiron_3481_firmware *
dell latitude_e5470_firmware *
dell inspiron_5498_firmware *
dell vostro_5490_firmware *
dell optiplex_5055_firmware *
dell latitude_3310_firmware *
dell latitude_3301_firmware *
CVE-2022-26862 HIGH

Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 6.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L 0.8 5.5

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
dell inspiron_27_7775_firmware *
dell inspiron_3515_firmware *
dell vostro_3525_firmware *
dell inspiron_3180_firmware *
dell vostro_3515_firmware *
dell inspiron_5575_firmware *
dell inspiron_5515_firmware *
dell inspiron_7425_firmware *
dell inspiron_7375_firmware *
dell inspiron_7405_firmware *
dell g15_5515_firmware *
dell inspiron_5505_firmware *
dell vostro_5415_firmware *
dell inspiron_3585_firmware *
dell inspiron_5405_firmware *
dell alienware_m15_r5_firmware *
dell inspiron_5485_firmware *
dell inspiron_3525_firmware *
dell vostro_5625_firmware *
dell inspiron_14_5425_firmware *
dell inspiron_3475_firmware *
dell inspiron_5415_all-in-one_firmware *
dell inspiron_3275_firmware *
dell inspiron_3785_firmware *
dell inspiron_3595_firmware *
dell inspiron_7415_firmware *
dell inspiron_3195_firmware *
dell vostro_5515_firmware *
dell inspiron_3505_firmware *
dell inspiron_5415_firmware *
dell inspiron_5585_firmware *
dell g5_se_5505_firmware *
dell inspiron_3185_firmware *
dell vostro_3405_firmware *
CVE-2022-26863 HIGH

Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L 0.8 5.5
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
dell inspiron_27_7775_firmware *
dell inspiron_3515_firmware *
dell vostro_3525_firmware *
dell inspiron_3180_firmware *
dell vostro_3515_firmware *
dell inspiron_5575_firmware *
dell inspiron_5515_firmware *
dell inspiron_7425_firmware *
dell inspiron_7375_firmware *
dell inspiron_7405_firmware *
dell g15_5515_firmware *
dell inspiron_5505_firmware *
dell vostro_5415_firmware *
dell inspiron_3585_firmware *
dell inspiron_5405_firmware *
dell alienware_m15_r5_firmware *
dell inspiron_5485_firmware *
dell inspiron_3525_firmware *
dell vostro_5625_firmware *
dell inspiron_14_5425_firmware *
dell inspiron_3475_firmware *
dell inspiron_5415_all-in-one_firmware *
dell inspiron_3275_firmware *
dell inspiron_3785_firmware *
dell inspiron_3595_firmware *
dell inspiron_7415_firmware *
dell inspiron_3195_firmware *
dell vostro_5515_firmware *
dell inspiron_3505_firmware *
dell inspiron_5415_firmware *
dell inspiron_5585_firmware *
dell g5_se_5505_firmware *
dell inspiron_3185_firmware *
dell vostro_3405_firmware *
CVE-2022-26864 HIGH

Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L 0.8 5.5
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
dell inspiron_27_7775_firmware *
dell inspiron_3515_firmware *
dell vostro_3525_firmware *
dell inspiron_3180_firmware *
dell vostro_3515_firmware *
dell inspiron_5575_firmware *
dell inspiron_5515_firmware *
dell inspiron_7425_firmware *
dell inspiron_7375_firmware *
dell inspiron_7405_firmware *
dell g15_5515_firmware *
dell inspiron_5505_firmware *
dell vostro_5415_firmware *
dell inspiron_3585_firmware *
dell inspiron_5405_firmware *
dell alienware_m15_r5_firmware *
dell inspiron_5485_firmware *
dell inspiron_3525_firmware *
dell vostro_5625_firmware *
dell inspiron_14_5425_firmware *
dell inspiron_3475_firmware *
dell inspiron_5415_all-in-one_firmware *
dell inspiron_3275_firmware *
dell inspiron_3785_firmware *
dell inspiron_3595_firmware *
dell inspiron_7415_firmware *
dell inspiron_3195_firmware *
dell vostro_5515_firmware *
dell inspiron_3505_firmware *
dell inspiron_5415_firmware *
dell inspiron_5585_firmware *
dell g5_se_5505_firmware *
dell inspiron_3185_firmware *
dell vostro_3405_firmware *
CVE-2022-26865 HIGH

Dell Support Assist OS Recovery versions before 5.5.2 contain an Authentication Bypass vulnerability. An unauthenticated attacker with physical access to the system may exploit this vulnerability by bypassing OS Recovery authentication in order to run arbitrary code on the system as Administrator.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-288,CWE-287,

Products Affected

Vendor Product Version
dell supportassist_os_recovery 5.5.1
CVE-2022-26866 LOW

Dell PowerStore Versions before v2.1.1.0. contains a Stored Cross-Site Scripting vulnerability. A high privileged network attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N 2.3 2.7
security_alert@emc.com 5.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
dell powerstoreos *
CVE-2022-26867 MEDIUM

PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The data is taken as is, without any validation or sanitization. It allows a malicious, authenticated user to inject payloads that might get interpreted as formulas by the corresponding spreadsheet application that is being used to open the CSV/XLSX file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 2.1 5.9
security_alert@emc.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L 1.7 3.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1236,CWE-1236,

Products Affected

Vendor Product Version
dell powerstoreos *
CVE-2022-26868 HIGH

Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnerable to a command injection flaw. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system takeover by an attacker.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
dell powerstoreos *
CVE-2022-26869 HIGH

Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open port vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security_alert@emc.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-200,CWE-668,

Products Affected

Vendor Product Version
dell powerstoreos *
CVE-2022-26870

Dell PowerStore versions 2.1.0.x contain an Authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability under specific configuration. An attacker would gain unauthorized access upon successful exploit.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.0 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H 2.2 4.7
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
dell powerstoreos 2.1.0.1
dell powerstoreos 2.1.0.0
CVE-2022-29082 MEDIUM

Dell EMC NetWorker versions 19.1.x, 19.1.0.x, 19.1.1.x, 19.2.x, 19.2.0.x, 19.2.1.x 19.3.x, 19.3.0.x, 19.4.x, 19.4.0.x, 19.5.x,19.5.0.x, 19.6 and 19.6.0.1 and 19.6.0.2 contain an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port 5671 which could allow remote attackers to spoof certificates.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.6 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N 2.1 2.5
security_alert@emc.com 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N 1.2 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-297,CWE-295,

Products Affected

Vendor Product Version
dell emc_networker 19.6.1
dell emc_networker *
CVE-2022-29083

Prior Dell BIOS versions contain an Improper Authentication vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability by bypassing drive security mechanisms in order to gain access to the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

Products Affected

Vendor Product Version
dell inspiron_5310_firmware *
dell optiplex_3090_firmware *
dell optiplex_7760_firmware *
dell latitude_7210_firmware *
dell inspiron_5510_firmware *
dell precision_7540_firmware *
dell vostro_5510_firmware *
dell optiplex_7770_firmware *
dell latitude_5310_firmware *
dell inspiron_5410_firmware *
dell optiplex_7060_firmware *
dell inspiron_3593_firmware *
dell inspiron_5593_firmware *
dell vostro_3583_firmware *
dell latitude_5510_firmware *
dell precision_7550_firmware *
dell inspiron_3493_firmware *
dell vostro_3480_firmware *
dell vostro_3590_firmware *
dell precision_3630_tower_firmware *
dell inspiron_3670_firmware *
dell optiplex_5270_firmware *
dell latitude_5410_firmware *
dell optiplex_7071_firmware *
dell latitude_9510_firmware *
dell optiplex_5060_firmware *
dell inspiron_7610_firmware *
dell g3_3579_firmware *
dell vostro_5491_firmware *
dell precision_3430_tower_firmware *
dell latitude_9410_firmware *
dell precision_3240_compact_firmware *
dell vostro_15_7580_firmware *
dell vostro_3070_firmware *
dell precision_3431_tower_firmware *
dell latitude_5411_firmware *
dell latitude_5491_firmware *
dell g5_5090_firmware *
dell vostro_5591_firmware *
dell optiplex_3060_firmware *
dell vostro_3490_firmware *
dell optiplex_xe3_firmware *
dell inspiron_3780_firmware *
dell inspiron_7510_firmware *
dell precision_3440_firmware *
dell chengming_3980_firmware *
dell vostro_3580_firmware *
dell precision_3640_tower_firmware *
dell precision_7730_firmware *
dell latitude_7310_firmware *
dell vostro_7510_firmware *
dell latitude_3120_firmware *
dell latitude_7410_firmware *
dell inspiron_3880_firmware *
dell g7_7588_firmware *
dell vostro_3881_firmware *
dell vostro_5310_firmware *
dell optiplex_3070_firmware *
dell precision_7530_firmware *
dell vostro_3681_firmware *
dell wyse_5470_firmware *
dell vostro_3501_firmware *
dell optiplex_5080_firmware *
dell inspiron_7490_firmware *
dell optiplex_3080_firmware *
dell precision_3551_firmware *
dell latitude_5591_firmware *
dell inspiron_3580_firmware *
dell optiplex_7460_firmware *
dell g3_3779_firmware *
dell optiplex_7070_firmware *
dell precision_7740_firmware *
dell g5_5587_firmware *
dell inspiron_5494_firmware *
dell vostro_3401_firmware *
dell latitude_5511_firmware *
dell optiplex_5070_firmware *
dell precision_3530_firmware *
dell vostro_3470_firmware *
dell inspiron_5493_firmware *
dell inspiron_3501_firmware *
dell precision_3650_tower_firmware *
dell inspiron_3480_firmware *
dell wyse_5070_firmware *
dell inspiron_5594_firmware *
dell chengming_3990_firmware *
dell wyse_5470_all-in-one_firmware *
dell latitude_3320_firmware *
dell inspiron_3790_firmware *
dell inspiron_3881_firmware *
dell vostro_5090_firmware *
dell vostro_3670_firmware *
dell optiplex_7070_ultra_firmware *
dell optiplex_7080_firmware *
dell xps_8940_firmware *
dell vostro_3888_firmware *
dell precision_3550_firmware *
dell vostro_5410_firmware *
dell inspiron_3793_firmware *
dell precision_7750_firmware *
dell precision_3930_rack_firmware *
dell optiplex_5260_firmware *
dell latitude_3190_firmware *
dell chengming_3991_firmware *
dell vostro_5880_firmware *
dell g5_5000_firmware *
dell optiplex_7470_firmware *
dell inspiron_3470_firmware *
CVE-2022-29084 HIGH

Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict excessive authentication attempts in Unisphere GUI. A remote unauthenticated attacker may potentially exploit this vulnerability to brute-force passwords and gain access to the system as the victim. Account takeover is possible if weak passwords are used by users.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security_alert@emc.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-307,CWE-307,

Products Affected

Vendor Product Version
dell unity_xt_operating_environment *
dell unityvsa_operating_environment *
dell unity_operating_environment *
CVE-2022-29085 MEDIUM

Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-256,CWE-522,

Products Affected

Vendor Product Version
dell unity_xt_operating_environment *
dell unityvsa_operating_environment *
dell unity_operating_environment *
CVE-2022-29089

Dell Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an information disclosure vulnerability. A remote, unauthenticated attacker could potentially exploit this vulnerability by reverse engineering to retrieve sensitive information and access the REST API with admin privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.4 MEDIUM CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H 1.6 4.7
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

Products Affected

Vendor Product Version
dell smartfabric_os10 *
CVE-2022-29090

Dell Wyse Management Suite 3.6.1 and below contains a Sensitive Data Exposure vulnerability. A low privileged malicious user could potentially exploit this vulnerability in order to obtain credentials. The attacker may be able to use the exposed credentials to access the target device and perform unauthorized actions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.5 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N 3.1 4.7
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
dell wyse_management_suite *
CVE-2022-29091 MEDIUM

Dell Unity, Dell UnityVSA, and Dell UnityXT versions prior to 5.2.0.0.5.173 contain a Reflected Cross-Site Scripting Vulnerability in Unisphere GUI. An Unauthenticated Remote Attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7
security_alert@emc.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
dell unity_xt_operating_environment *
dell unityvsa_operating_environment *
dell unity_operating_environment *
CVE-2022-29092 HIGH

Dell SupportAssist Client Consumer versions (3.11.0 and versions prior) and Dell SupportAssist Client Commercial versions (3.2.0 and versions prior) contain a privilege escalation vulnerability. A non-admin user can exploit the vulnerability and gain admin access to the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-427,CWE-427,

Products Affected

Vendor Product Version
dell supportassist_for_home_pcs *
dell supportassist_for_business_pcs *
CVE-2022-29093 LOW

Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion vulnerability. Authenticated non-admin user could exploit the issue and delete arbitrary files on the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2
security_alert@emc.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
dell supportassist_for_home_pcs *
dell supportassist_for_business_pcs *
CVE-2022-29094 LOW

Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion/overwrite vulnerability. Authenticated non-admin user could exploit the issue and delete or overwrite arbitrary files on the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2
security_alert@emc.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
dell supportassist_for_home_pcs *
dell supportassist_for_business_pcs *
CVE-2022-29095 HIGH

Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client Commercial versions (3.1.1 and prior) contain a cross-site scripting vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability under specific conditions leading to execution of malicious code on a vulnerable system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.6 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 2.8 6.0
security_alert@emc.com 8.3 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H 1.6 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-16,CWE-79,

Products Affected

Vendor Product Version
dell supportassist_for_home_pcs *
dell supportassist_for_business_pcs *
CVE-2022-29096 LOW

Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross-Site Scripting Vulnerability in saveGroupConfigurations page. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7
security_alert@emc.com 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
dell wyse_management_suite *
CVE-2022-29097 MEDIUM

Dell WMS 3.6.1 and below contains a Path Traversal vulnerability in Device API. A remote attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6
security_alert@emc.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-23,CWE-22,

Products Affected

Vendor Product Version
dell wyse_management_suite *
CVE-2022-29098 MEDIUM

Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak password requirement vulnerability. An administrator may create an account with no password. A remote attacker may potentially exploit this leading to a user account compromise.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-521,CWE-521,

Products Affected

Vendor Product Version
dell powerscale_onefs 9.2.0
dell powerscale_onefs 9.1.0
dell powerscale_onefs 9.0.0
dell powerscale_onefs 9.3.0
dell powerscale_onefs 9.2.1
dell powerscale_onefs 9.1.1
CVE-2022-31220

Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause unexpected failures.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 3.0 LOW CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L 0.5 2.5
nvd@nist.gov 5.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 0.8 4.2

Products Affected

Vendor Product Version
dell inspiron_16_plus_7620_firmware *
dell optiplex_5000_firmware *
dell inspiron_7620_firmware *
dell optiplex_7400_firmware *
dell precision_5770_firmware *
dell vostro_3910_firmware *
dell inspiron_5320_firmware *
dell vostro_3710_firmware *
dell precision_3460_small_form_factor_firmware *
dell precision_3660_tower_firmware *
dell vostro_5320_firmware *
dell vostro_7620_firmware *
dell inspiron_5620_firmware *
dell optiplex_5400_firmware *
dell chengming_3900_firmware *
dell inspiron_14_plus_7420_firmware *
dell xps_17_9720_firmware *
dell inspiron_3910_firmware *
dell optiplex_3000_thin_client_firmware *
dell vostro_5620_firmware *
dell optiplex_7000_oem_firmware *
dell inspiron_5420_firmware *
dell optiplex_7000_firmware *
dell inspiron_7420_firmware *
dell optiplex_3000_firmware *
CVE-2022-31221

Dell BIOS versions contain an Information Exposure vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order access sensitive state information on the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 2.3 LOW CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N 0.8 1.4
nvd@nist.gov 2.3 LOW CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N 0.8 1.4

Products Affected

Vendor Product Version
dell inspiron_16_plus_7620_firmware *
dell optiplex_5000_firmware *
dell inspiron_7620_firmware *
dell optiplex_7400_firmware *
dell precision_5770_firmware *
dell vostro_3910_firmware *
dell inspiron_5320_firmware *
dell vostro_3710_firmware *
dell precision_3460_small_form_factor_firmware *
dell precision_3660_tower_firmware *
dell vostro_5320_firmware *
dell vostro_7620_firmware *
dell inspiron_5620_firmware *
dell optiplex_5400_firmware *
dell chengming_3900_firmware *
dell inspiron_14_plus_7420_firmware *
dell xps_17_9720_firmware *
dell inspiron_3910_firmware *
dell optiplex_3000_thin_client_firmware *
dell vostro_5620_firmware *
dell optiplex_7000_oem_firmware *
dell inspiron_5420_firmware *
dell optiplex_7000_firmware *
dell inspiron_7420_firmware *
dell optiplex_3000_firmware *
CVE-2022-31222

Dell BIOS versions contain a Missing Release of Resource after Effective Lifetime vulnerability. A local authenticated administrator user could potentially exploit this vulnerability by consuming excess memory in order to cause the application to crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 2.3 LOW CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L 0.8 1.4
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.8 3.6

Products Affected

Vendor Product Version
dell inspiron_16_plus_7620_firmware *
dell optiplex_5000_firmware *
dell inspiron_7620_firmware *
dell optiplex_7400_firmware *
dell precision_5770_firmware *
dell vostro_3910_firmware *
dell inspiron_5320_firmware *
dell vostro_3710_firmware *
dell precision_3460_small_form_factor_firmware *
dell precision_3660_tower_firmware *
dell vostro_5320_firmware *
dell vostro_7620_firmware *
dell inspiron_5620_firmware *
dell optiplex_5400_firmware *
dell chengming_3900_firmware *
dell inspiron_14_plus_7420_firmware *
dell xps_17_9720_firmware *
dell inspiron_3910_firmware *
dell optiplex_3000_thin_client_firmware *
dell vostro_5620_firmware *
dell optiplex_7000_oem_firmware *
dell inspiron_5420_firmware *
dell optiplex_7000_firmware *
dell inspiron_7420_firmware *
dell optiplex_3000_firmware *
CVE-2022-31223

Dell BIOS versions contain an Improper Neutralization of Null Byte vulnerability. A local authenticated administrator user could potentially exploit this vulnerability by sending unexpected null bytes in order to read memory on the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 2.3 LOW CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N 0.8 1.4
nvd@nist.gov 2.3 LOW CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N 0.8 1.4

Products Affected

Vendor Product Version
dell inspiron_16_plus_7620_firmware *
dell optiplex_5000_firmware *
dell inspiron_7620_firmware *
dell optiplex_7400_firmware *
dell precision_5770_firmware *
dell vostro_3910_firmware *
dell inspiron_5320_firmware *
dell vostro_3710_firmware *
dell precision_3460_small_form_factor_firmware *
dell precision_3660_tower_firmware *
dell vostro_5320_firmware *
dell vostro_7620_firmware *
dell inspiron_5620_firmware *
dell optiplex_5400_firmware *
dell chengming_3900_firmware *
dell inspiron_14_plus_7420_firmware *
dell xps_17_9720_firmware *
dell inspiron_3910_firmware *
dell optiplex_3000_thin_client_firmware *
dell vostro_5620_firmware *
dell optiplex_7000_oem_firmware *
dell inspiron_5420_firmware *
dell optiplex_7000_firmware *
dell inspiron_7420_firmware *
dell optiplex_3000_firmware *
CVE-2022-31224

Dell BIOS versions contain an Improper Protection Against Voltage and Clock Glitches vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by triggering a fault condition in order to change the behavior of the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 2.0 LOW CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 0.5 1.4
nvd@nist.gov 2.4 LOW CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 0.9 1.4

Products Affected

Vendor Product Version
dell inspiron_16_plus_7620_firmware *
dell optiplex_5000_firmware *
dell inspiron_7620_firmware *
dell optiplex_7400_firmware *
dell precision_5770_firmware *
dell vostro_3910_firmware *
dell inspiron_5320_firmware *
dell vostro_3710_firmware *
dell precision_3460_small_form_factor_firmware *
dell precision_3660_tower_firmware *
dell vostro_5320_firmware *
dell vostro_7620_firmware *
dell inspiron_5620_firmware *
dell optiplex_5400_firmware *
dell chengming_3900_firmware *
dell inspiron_14_plus_7420_firmware *
dell xps_17_9720_firmware *
dell inspiron_3910_firmware *
dell optiplex_3000_thin_client_firmware *
dell vostro_5620_firmware *
dell optiplex_7000_oem_firmware *
dell inspiron_5420_firmware *
dell optiplex_7000_firmware *
dell inspiron_7420_firmware *
dell optiplex_3000_firmware *
CVE-2022-31225

Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause unexpected failures.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 3.0 LOW CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L 0.5 2.5
nvd@nist.gov 5.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H 0.8 4.2

Products Affected

Vendor Product Version
dell inspiron_16_plus_7620_firmware *
dell optiplex_5000_firmware *
dell inspiron_7620_firmware *
dell optiplex_7400_firmware *
dell precision_5770_firmware *
dell vostro_3910_firmware *
dell inspiron_5320_firmware *
dell vostro_3710_firmware *
dell precision_3460_small_form_factor_firmware *
dell precision_3660_tower_firmware *
dell vostro_5320_firmware *
dell vostro_7620_firmware *
dell inspiron_5620_firmware *
dell optiplex_5400_firmware *
dell chengming_3900_firmware *
dell inspiron_14_plus_7420_firmware *
dell xps_17_9720_firmware *
dell inspiron_3910_firmware *
dell optiplex_3000_thin_client_firmware *
dell vostro_5620_firmware *
dell optiplex_7000_oem_firmware *
dell inspiron_5420_firmware *
dell optiplex_7000_firmware *
dell inspiron_7420_firmware *
dell optiplex_3000_firmware *
CVE-2022-31226

Dell BIOS versions contain a Stack-based Buffer Overflow vulnerability. A local authenticated malicious user could potentially exploit this vulnerability by sending excess data to a function in order to gain arbitrary code execution on the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell inspiron_16_plus_7620_firmware *
dell optiplex_5000_firmware *
dell inspiron_7620_firmware *
dell optiplex_7400_firmware *
dell precision_5770_firmware *
dell vostro_3910_firmware *
dell inspiron_5320_firmware *
dell vostro_3710_firmware *
dell precision_3460_small_form_factor_firmware *
dell precision_3660_tower_firmware *
dell vostro_5320_firmware *
dell vostro_7620_firmware *
dell inspiron_5620_firmware *
dell optiplex_5400_firmware *
dell chengming_3900_firmware *
dell inspiron_14_plus_7420_firmware *
dell xps_17_9720_firmware *
dell inspiron_3910_firmware *
dell optiplex_3000_thin_client_firmware *
dell vostro_5620_firmware *
dell optiplex_7000_oem_firmware *
dell inspiron_5420_firmware *
dell optiplex_7000_firmware *
dell inspiron_7420_firmware *
dell optiplex_3000_firmware *
CVE-2022-31228

Dell EMC XtremIO versions prior to X2 6.4.0-22 contain a bruteforce vulnerability. A remote unauthenticated attacker can potentially exploit this vulnerability and gain access to an admin account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security_alert@emc.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
dell xtremio_management_server *
CVE-2022-31229 MEDIUM

Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. An administrator could potentially exploit this vulnerability, leading to disclosure of sensitive information. This sensitive information can be used to access sensitive resources.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6
security_alert@emc.com 9.6 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N 3.1 5.8

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-209,CWE-209,

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2022-31230 HIGH

Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky cryptographic algorithm. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security_alert@emc.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-327,CWE-327,

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2022-31232

SmartFabric storage software version 1.0.0 contains a Command-Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access and perform actions on the affected system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 3.9 4.7
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
dell smartfabric_storage_software 1.0.0
CVE-2022-31233

Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N 2.1 4.2
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
dell solutions_enabler_virtual_appliance *
dell unisphere_for_powermax_virtual_appliance *
dell unisphere_360 *
dell solutions_enabler *
dell vasa *
dell powermax_os 5978
dell unisphere_for_powermax *
dell evasa_provider_virtual_appliance *
CVE-2022-31234

Dell EMC PowerStore, contain(s) an Improper Restriction of Excessive Authentication Attempts Vulnerability in PowerStore Manager GUI. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to password brute-forcing. Account takeover is possible if weak passwords are used by users.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security_alert@emc.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
dell emc_powerstore_1200t_firmware *
dell emc_powerstore_3200t_firmware *
dell emc_powerstore_9200t_firmware *
dell emc_powerstore_500t_firmware *
dell emc_powerstore_5200t_firmware *
CVE-2022-31237

Dell PowerScale OneFS, versions 9.2.0 up to and including 9.2.1.12 and 9.3.0.5 contain an improper preservation of permissions vulnerability in SyncIQ. A low privileged local attacker may potentially exploit this vulnerability, leading to limited information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 1.8 1.4
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 1.8 1.4

Products Affected

Vendor Product Version
dell emc_powerscale_onefs *
CVE-2022-31238

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain a process invoked with sensitive information vulnerability. A CLI user may potentially exploit this vulnerability, leading to information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
security_alert@emc.com 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 1.0 3.6

Products Affected

Vendor Product Version
dell emc_powerscale_onefs *
CVE-2022-31239

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, and 9.3.0.6, contain sensitive data in log files vulnerability. A privileged local user may potentially exploit this vulnerability, leading to disclosure of this sensitive data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6

Products Affected

Vendor Product Version
dell emc_powerscale_onefs *
CVE-2022-32480

Dell PowerScale OneFS, versions 9.0.0, up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an insecure default initialization of a resource vulnerability. A remote authenticated attacker may potentially exploit this vulnerability, leading to information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
dell emc_powerscale_onefs *
CVE-2022-32481 HIGH

Dell PowerProtect Cyber Recovery, versions prior to 19.11, contain a privilege escalation vulnerability on virtual appliance deployments. A lower-privileged authenticated user can chain docker commands to escalate privileges to root leading to complete system takeover.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
dell powerprotect_cyber_recovery *
CVE-2022-32482

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

Products Affected

Vendor Product Version
dell inspiron_5310_firmware *
dell inspiron_5591_2-in-1_firmware *
dell inspiron_5510_firmware *
dell vostro_5510_firmware *
dell inspiron_14_5410_2-in-1_firmware *
dell inspiron_7000_firmware *
dell inspiron_3593_firmware *
dell vostro_3510_firmware *
dell xps_13_9305_firmware *
dell inspiron_5593_firmware *
dell optiplex_3000_thin_firmware *
dell vostro_3710_firmware *
dell inspiron_5408_firmware *
dell vostro_3690_firmware *
dell latitude_3410_firmware *
dell precision_3470_firmware *
dell inspiron_5620_firmware *
dell chengming_3900_firmware *
dell xps_17_9720_firmware *
dell inspiron_3493_firmware *
dell latitude_3520_firmware *
dell latitude_7520_firmware *
dell xps_15_9520_firmware *
dell inspiron_5409_firmware *
dell vostro_3590_firmware *
dell latitude_9420_firmware *
dell precision_3450_firmware *
dell g7_15_7500_firmware *
dell latitude_5430_firmware *
dell inspiron_7710_firmware *
dell precision_7670_firmware *
dell inspiron_5420_firmware *
dell latitude_7320_firmware *
dell optiplex_3000_firmware *
dell inspiron_7591_firmware *
dell precision_5560_firmware *
dell optiplex_7490_all-in-one_firmware *
dell inspiron_16_plus_7620_firmware *
dell xps_13_9310_2-in-1_firmware *
dell precision_3460_firmware *
dell vostro_5301_firmware *
dell vostro_5391_firmware *
dell optiplex_7400_firmware *
dell precision_5770_firmware *
dell inspiron_7610_firmware *
dell inspiron_5410_all-in-one_firmware *
dell latitude_3430_firmware *
dell precision_3650_firmware *
dell precision_5570_firmware *
dell inspiron_5401_firmware *
dell vostro_5491_firmware *
dell inspiron_3590_firmware *
dell vostro_3420_firmware *
dell optiplex_5400_firmware *
dell latitude_3500_firmware *
dell inspiron_5300_firmware *
dell alienware_m15_r6_firmware *
dell latitude_5530_firmware *
dell latitude_7530_firmware *
dell precision_3571_firmware *
dell vostro_5502_firmware *
dell inspiron_5390_firmware *
dell vostro_5591_firmware *
dell precision_5760_firmware *
dell inspiron_5502_firmware *
dell vostro_3490_firmware *
dell latitude_5421_firmware *
dell inspiron_5583_firmware *
dell inspiron_5406_2-in-1_firmware *
dell inspiron_7510_firmware *
dell vostro_5501_firmware *
dell precision_3570_firmware *
dell vostro_5890_firmware *
dell xps_13_7390_2-in-1_firmware *
dell g3_3500_firmware *
dell inspiron_5590_firmware *
dell inspiron_7420_firmware *
dell inspiron_7500_2-in-1_black_firmware *
dell xps_13_9310_firmware *
dell xps_13_9320_firmware *
dell inspiron_7501_firmware *
dell inspiron_7620_firmware *
dell optiplex_5490_all-in-one_firmware *
dell vostro_7510_firmware *
dell vostro_5590_firmware *
dell vostro_5390_firmware *
dell precision_3561_firmware *
dell inspiron_5508_firmware *
dell latitude_5431_firmware *
dell inspiron_5598_firmware *
dell vostro_5310_firmware *
dell inspiron_5509_firmware *
dell vostro_3400_firmware *
dell inspiron_7500_2-in-1_silver_firmware *
dell latitude_9430_firmware *
dell latitude_5521_firmware *
dell inspiron_7791_firmware *
dell vostro_5401_firmware *
dell precision_5750_firmware *
dell inspiron_5491_2-in-1_firmware *
dell vostro_3500_firmware *
dell vostro_3501_firmware *
dell vostro_5402_firmware *
dell inspiron_15_3511_firmware *
dell latitude_5420_firmware *
dell latitude_7420_firmware *
dell latitude_rugged_7330_firmware *
dell inspiron_7490_firmware *
dell latitude_9330_firmware *
dell xps_17_9710_firmware *
dell inspiron_5400_2-in-1_firmware *
dell latitude_7430_firmware *
dell optiplex_3090_ultra_firmware *
dell inspiron_3891_firmware *
dell vostro_7500_firmware *
dell inspiron_3910_firmware *
dell g16_7620_firmware *
dell inspiron_5402_firmware *
dell xps_15_9510_firmware *
dell latitude_3400_firmware *
dell inspiron_5490_firmware *
dell latitude_5531_firmware *
dell inspiron_5584_firmware *
dell g5_15_5500_firmware *
dell precision_7770_firmware *
dell vostro_5620_firmware *
dell vostro_3890_firmware *
dell latitude_3330_firmware *
dell inspiron_5494_firmware *
dell latitude_5330_firmware *
dell vostro_3401_firmware *
dell xps_15_9500_firmware *
dell precision_7560_firmware *
dell inspiron_5391_firmware *
dell precision_7760_firmware *
dell inspiron_5501_firmware *
dell optiplex_5000_firmware *
dell inspiron_5493_firmware *
dell inspiron_3501_firmware *
dell g15_5510_firmware *
dell g7_17_7700_firmware *
dell inspiron_3520_firmware *
dell latitude_9520_firmware *
dell optiplex_5090_firmware *
dell latitude_rugged_5430_firmware *
dell inspiron_5594_firmware *
dell inspiron_7506_2-in-1_firmware *
dell inspiron_5301_firmware *
dell vostro_3910_firmware *
dell inspiron_5320_firmware *
dell latitude_3320_firmware *
dell xps_13_7390_firmware *
dell inspiron_7391_firmware *
dell precision_3660_firmware *
dell vostro_5300_firmware *
dell inspiron_3790_firmware *
dell vostro_3520_firmware *
dell inspiron_3511_firmware *
dell inspiron_7300_firmware *
dell inspiron_7400_firmware *
dell inspiron_7500_firmware *
dell optiplex_7090_ultra_firmware *
dell inspiron_14_plus_7420_firmware *
dell latitude_3420_firmware *
dell latitude_5320_firmware *
dell vostro_5410_firmware *
dell inspiron_5498_firmware *
dell inspiron_7300_2-in-1_firmware *
dell inspiron_3793_firmware *
dell optiplex_7090_firmware *
dell precision_5470_firmware *
dell xps_17_9700_firmware *
dell latitude_3530_firmware *
dell vostro_5490_firmware *
dell latitude_7330_firmware *
dell g15_5520_firmware *
dell xps_13_9300_firmware *
dell precision_5550_firmware *
dell precision_3560_firmware *
dell inspiron_7706_2-in-1_firmware *
dell inspiron_3490_firmware *
dell latitude_7320_detachable_firmware *
dell latitude_3510_firmware *
dell g15_5511_firmware *
dell inspiron_7306_2-in-1_firmware *
dell optiplex_7000_firmware *
dell xps_13_9315_firmware *
dell latitude_3301_firmware *
dell alienware_m15_r7_firmware *
CVE-2022-32483

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N 0.8 3.6
security_alert@emc.com 5.6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L 0.8 4.7

Products Affected

Vendor Product Version
dell inspiron_5591_2-in-1_firmware *
dell optiplex_3090_firmware *
dell precision_7540_firmware *
dell latitude_5289_firmware *
dell chengming_3988_firmware *
dell optiplex_7480_all-in-one_firmware *
dell latitude_7370_firmware *
dell latitude_5280_firmware *
dell latitude_7214_rugged_extreme_firmware *
dell inspiron_3593_firmware *
dell inspiron_5593_firmware *
dell latitude_e7470_firmware *
dell inspiron_3477_firmware *
dell inspiron_3502_firmware *
dell latitude_7414_rugged_extreme_firmware *
dell inspiron_7590_firmware *
dell latitude_7390_2-in-1_firmware *
dell inspiron_5400_firmware *
dell latitude_7490_firmware *
dell optiplex_7040_firmware *
dell latitude_7210_2-in-1_firmware *
dell inspiron_3493_firmware *
dell inspiron_7777_firmware *
dell precision_3520_firmware *
dell inspiron_7386_firmware *
dell latitude_3480_firmware *
dell latitude_3580_firmware *
dell latitude_3310_2-in-1_firmware *
dell vostro_3590_firmware *
dell inspiron_7380_firmware *
dell latitude_3390_firmware *
dell latitude_7480_firmware *
dell inspiron_7370_firmware *
dell alienware_x14_firmware *
dell latitude_3490_firmware *
dell precision_3630_tower_firmware *
dell alienware_m17_r1_firmware *
dell precision_7820_tower_firmware *
dell inspiron_7591_firmware *
dell latitude_5410_firmware *
dell vostro_5391_firmware *
dell optiplex_7460_all_in_one_firmware *
dell latitude_9510_firmware *
dell inspiron_7373_firmware *
dell optiplex_3050_aio_firmware *
dell optiplex_5060_firmware *
dell inspiron_5401_firmware *
dell optiplex_7470_all-in-one_firmware *
dell precision_3430_tower_firmware *
dell alienware_m15_r2_firmware *
dell alienware_x15_r1_firmware *
dell xps_8930_firmware *
dell optiplex_5260_all-in-one_firmware *
dell edge_gateway_5000_firmware *
dell latitude_9410_firmware *
dell precision_3240_compact_firmware *
dell precision_5530_firmware *
dell vostro_3070_firmware *
dell optiplex_3050_firmware *
dell latitude_5411_firmware *
dell precision_3510_firmware *
dell latitude_5491_firmware *
dell g5_5090_firmware *
dell inspiron_3277_firmware *
dell inspiron_3781_firmware *
dell precision_5820_tower_firmware *
dell optiplex_3060_firmware *
dell vostro_5581_firmware *
dell inspiron_3581_firmware *
dell optiplex_xe3_firmware *
dell latitude_7389_firmware *
dell inspiron_7573_firmware *
dell inspiron_5590_firmware *
dell vostro_3580_firmware *
dell precision_5540_firmware *
dell embedded_box_pc_5000_firmware *
dell precision_7730_firmware *
dell vostro_5390_firmware *
dell latitude_5490_firmware *
dell precision_5720_aio_firmware *
dell inspiron_7390_firmware *
dell inspiron_3880_firmware *
dell inspiron_3482_firmware *
dell vostro_3881_firmware *
dell latitude_7380_firmware *
dell vostro_3501_firmware *
dell optiplex_5080_firmware *
dell inspiron_7580_firmware *
dell alienware_m17_r2_firmware *
dell alienware_aurora_r11_firmware *
dell inspiron_15_2-in-1_5582_firmware *
dell inspiron_7490_firmware *
dell precision_3551_firmware *
dell latitude_7200_2-in-1_firmware *
dell alienware_x15_r2_firmware *
dell g3_3779_firmware *
dell alienware_m17_r4_firmware *
dell precision_3620_tower_firmware *
dell optiplex_7070_firmware *
dell latitude_3300_firmware *
dell precision_7740_firmware *
dell vostro_3667_firmware *
dell inspiron_5494_firmware *
dell optiplex_5070_firmware *
dell vostro_3470_firmware *
dell inspiron_5493_firmware *
dell inspiron_3480_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_7212_rugged_extreme_tablet_firmware *
dell latitude_5501_firmware *
dell wyse_5470_all-in-one_firmware *
dell precision_5530_2-in-1_firmware *
dell latitude_7300_firmware *
dell xps_13_9380_firmware *
dell precision_3420_tower_firmware *
dell latitude_7390_firmware *
dell inspiron_15_3567_firmware *
dell inspiron_3790_firmware *
dell vostro_3670_firmware *
dell optiplex_3046_firmware *
dell inspiron_3671_firmware *
dell inspiron_14_3467_firmware *
dell optiplex_7070_ultra_firmware *
dell optiplex_7080_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell g7_17_7590_firmware *
dell inspiron_5770_firmware *
dell latitude_e5570_firmware *
dell xps_7590_firmware *
dell inspiron_3793_firmware *
dell alienware_aurora_r8_firmware *
dell inspiron_7790_firmware *
dell inspiron_5480_firmware *
dell precision_7750_firmware *
dell alienware_area_51m_r2_firmware *
dell latitude_3190_firmware *
dell latitude_5290_firmware *
dell chengming_3991_firmware *
dell xps_13_9300_firmware *
dell alienware_x17_r1_firmware *
dell latitude_5300_2-in-1_firmware *
dell vostro_5880_firmware *
dell latitude_e7270_firmware *
dell inspiron_3470_firmware *
dell inspiron_7700_aio_firmware *
dell inspiron_3582_firmware *
dell latitude_5400_firmware *
dell latitude_5310_firmware *
dell inspiron_7000_firmware *
dell g7_17_7790_firmware *
dell optiplex_7060_firmware *
dell xps_13_9370_firmware *
dell latitude_7220ex_rugged_extreme_tablet_firmware *
dell vostro_3268_firmware *
dell vostro_3583_firmware *
dell latitude_5510_firmware *
dell precision_7550_firmware *
dell precision_3540_firmware *
dell vostro_3471_firmware *
dell latitude_3379_firmware *
dell xps_13_9365_2-in-1_firmware *
dell vostro_3480_firmware *
dell xps_8950_firmware *
dell inspiron_5491_aio_firmware *
dell latitude_7400_2-in-1_firmware *
dell inspiron_3782_firmware *
dell latitude_7290_firmware *
dell latitude_5300_firmware *
dell optiplex_3280_aio_firmware *
dell precision_7920_tower_firmware *
dell inspiron_3670_firmware *
dell latitude_5285_2-in-1_firmware *
dell inspiron_3471_firmware *
dell optiplex_7071_firmware *
dell edge_gateway_3000_firmware *
dell inspiron_5482_firmware *
dell latitude_e5270_firmware *
dell latitude_3190_2-in-1_firmware *
dell precision_3541_firmware *
dell latitude_5414_rugged_firmware *
dell g3_3579_firmware *
dell latitude_5480_firmware *
dell inspiron_7586_firmware *
dell inspiron_3590_firmware *
dell precision_7720_firmware *
dell latitude_7275_2-in-1_firmware *
dell vostro_3582_firmware *
dell precision_3431_tower_firmware *
dell vostro_3267_firmware *
dell inspiron_5390_firmware *
dell vostro_5591_firmware *
dell optiplex_5050_firmware *
dell vostro_3481_firmware *
dell vostro_3490_firmware *
dell inspiron_5583_firmware *
dell alienware_m15_r4_firmware *
dell inspiron_3780_firmware *
dell latitude_5290_2-in-1_firmware *
dell vostro_3671_firmware *
dell xps_13_7390_2-in-1_firmware *
dell precision_3440_firmware *
dell precision_7510_firmware *
dell chengming_3980_firmware *
dell inspiron_3280_firmware *
dell precision_3640_tower_firmware *
dell xps_15_9575_2-in-1_firmware *
dell g3_15_5590_firmware *
dell latitude_7310_firmware *
dell vostro_5590_firmware *
dell precision_7710_firmware *
dell alienware_aurora_r9_firmware *
dell latitude_5580_firmware *
dell latitude_3120_firmware *
dell latitude_7410_firmware *
dell alienware_area_51m_r1_firmware *
dell inspiron_5598_firmware *
dell alienware_aurora_r10_firmware *
dell optiplex_3070_firmware *
dell latitude_3189_firmware *
dell inspiron_7791_firmware *
dell precision_7530_firmware *
dell vostro_3681_firmware *
dell latitude_7400_firmware *
dell inspiron_5491_2-in-1_firmware *
dell wyse_5470_firmware *
dell vostro_3581_firmware *
dell latitude_5495_firmware *
dell inspiron_5481_firmware *
dell optiplex_3080_firmware *
dell alienware_m17_r3_firmware *
dell latitude_5591_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell vostro_7590_firmware *
dell inspiron_3580_firmware *
dell latitude_3590_firmware *
dell optiplex_3040_firmware *
dell precision_7520_firmware *
dell inspiron_5680_firmware *
dell inspiron_5490_firmware *
dell latitude_3180_firmware *
dell inspiron_5584_firmware *
dell latitude_5420_rugged_firmware *
dell latitude_5500_firmware *
dell latitude_5488_firmware *
dell embedded_box_pc_3000_firmware *
dell vostro_3401_firmware *
dell latitude_5511_firmware *
dell inspiron_5391_firmware *
dell inspiron_3501_firmware *
dell inspiron_5580_firmware *
dell alienware_aurora_r13_firmware *
dell latitude_5590_firmware *
dell wyse_5070_firmware *
dell inspiron_5594_firmware *
dell optiplex_7050_firmware *
dell chengming_3990_firmware *
dell inspiron_7786_firmware *
dell xps_13_7390_firmware *
dell inspiron_7391_firmware *
dell wyse_7040_thin_client_firmware *
dell vostro_3668_firmware *
dell alienware_x17_r2_firmware *
dell vostro_3584_firmware *
dell inspiron_3881_firmware *
dell vostro_5090_firmware *
dell optiplex_7450_firmware *
dell alienware_aurora_r12_firmware *
dell xps_8940_firmware *
dell latitude_7220_rugged_extreme_tablet_firmware *
dell g3_15_3590_firmware *
dell alienware_m15_r3_firmware *
dell inspiron_5570_firmware *
dell vostro_3669_firmware *
dell precision_3550_firmware *
dell precision_5510_firmware *
dell inspiron_3481_firmware *
dell latitude_e5470_firmware *
dell inspiron_5498_firmware *
dell optiplex_5480_all-in-one_firmware *
dell inspiron_7570_firmware *
dell inspiron_5477_firmware *
dell optiplex_5055_firmware *
dell precision_3930_rack_firmware *
dell alienware_m15_r1_firmware *
dell xps_15_7590_firmware *
dell inspiron_3490_firmware *
dell latitude_3310_firmware *
dell latitude_3301_firmware *
dell g5_5000_firmware *
CVE-2022-32484

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L 0.8 4.7
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N 0.8 3.6

Products Affected

Vendor Product Version
dell inspiron_5591_2-in-1_firmware *
dell optiplex_3090_firmware *
dell precision_7540_firmware *
dell latitude_5289_firmware *
dell chengming_3988_firmware *
dell optiplex_7480_all-in-one_firmware *
dell latitude_7370_firmware *
dell latitude_5280_firmware *
dell latitude_7214_rugged_extreme_firmware *
dell inspiron_3593_firmware *
dell inspiron_5593_firmware *
dell latitude_e7470_firmware *
dell inspiron_3477_firmware *
dell inspiron_3502_firmware *
dell latitude_7414_rugged_extreme_firmware *
dell inspiron_7590_firmware *
dell latitude_7390_2-in-1_firmware *
dell inspiron_5400_firmware *
dell latitude_7490_firmware *
dell optiplex_7040_firmware *
dell latitude_7210_2-in-1_firmware *
dell inspiron_3493_firmware *
dell inspiron_7777_firmware *
dell precision_3520_firmware *
dell inspiron_7386_firmware *
dell latitude_3480_firmware *
dell latitude_3580_firmware *
dell latitude_3310_2-in-1_firmware *
dell vostro_3590_firmware *
dell inspiron_7380_firmware *
dell latitude_3390_firmware *
dell latitude_7480_firmware *
dell inspiron_7370_firmware *
dell alienware_x14_firmware *
dell latitude_3490_firmware *
dell precision_3630_tower_firmware *
dell alienware_m17_r1_firmware *
dell precision_7820_tower_firmware *
dell inspiron_7591_firmware *
dell latitude_5410_firmware *
dell vostro_5391_firmware *
dell optiplex_7460_all_in_one_firmware *
dell latitude_9510_firmware *
dell inspiron_7373_firmware *
dell optiplex_3050_aio_firmware *
dell optiplex_5060_firmware *
dell inspiron_5401_firmware *
dell optiplex_7470_all-in-one_firmware *
dell precision_3430_tower_firmware *
dell alienware_m15_r2_firmware *
dell alienware_x15_r1_firmware *
dell xps_8930_firmware *
dell optiplex_5260_all-in-one_firmware *
dell edge_gateway_5000_firmware *
dell latitude_9410_firmware *
dell precision_3240_compact_firmware *
dell precision_5530_firmware *
dell vostro_3070_firmware *
dell optiplex_3050_firmware *
dell latitude_5411_firmware *
dell precision_3510_firmware *
dell latitude_5491_firmware *
dell g5_5090_firmware *
dell inspiron_3277_firmware *
dell inspiron_3781_firmware *
dell precision_5820_tower_firmware *
dell optiplex_3060_firmware *
dell vostro_5581_firmware *
dell inspiron_3581_firmware *
dell optiplex_xe3_firmware *
dell latitude_7389_firmware *
dell inspiron_7573_firmware *
dell inspiron_5590_firmware *
dell vostro_3580_firmware *
dell precision_5540_firmware *
dell embedded_box_pc_5000_firmware *
dell precision_7730_firmware *
dell vostro_5390_firmware *
dell latitude_5490_firmware *
dell precision_5720_aio_firmware *
dell inspiron_7390_firmware *
dell inspiron_3880_firmware *
dell inspiron_3482_firmware *
dell vostro_3881_firmware *
dell latitude_7380_firmware *
dell vostro_3501_firmware *
dell optiplex_5080_firmware *
dell inspiron_7580_firmware *
dell alienware_m17_r2_firmware *
dell alienware_aurora_r11_firmware *
dell inspiron_15_2-in-1_5582_firmware *
dell inspiron_7490_firmware *
dell precision_3551_firmware *
dell latitude_7200_2-in-1_firmware *
dell alienware_x15_r2_firmware *
dell g3_3779_firmware *
dell alienware_m17_r4_firmware *
dell precision_3620_tower_firmware *
dell optiplex_7070_firmware *
dell latitude_3300_firmware *
dell precision_7740_firmware *
dell vostro_3667_firmware *
dell inspiron_5494_firmware *
dell optiplex_5070_firmware *
dell vostro_3470_firmware *
dell inspiron_5493_firmware *
dell inspiron_3480_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_7212_rugged_extreme_tablet_firmware *
dell latitude_5501_firmware *
dell wyse_5470_all-in-one_firmware *
dell precision_5530_2-in-1_firmware *
dell latitude_7300_firmware *
dell xps_13_9380_firmware *
dell precision_3420_tower_firmware *
dell latitude_7390_firmware *
dell inspiron_15_3567_firmware *
dell inspiron_3790_firmware *
dell vostro_3670_firmware *
dell optiplex_3046_firmware *
dell inspiron_3671_firmware *
dell inspiron_14_3467_firmware *
dell optiplex_7070_ultra_firmware *
dell optiplex_7080_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell g7_17_7590_firmware *
dell inspiron_5770_firmware *
dell latitude_e5570_firmware *
dell xps_7590_firmware *
dell inspiron_3793_firmware *
dell alienware_aurora_r8_firmware *
dell inspiron_7790_firmware *
dell inspiron_5480_firmware *
dell precision_7750_firmware *
dell alienware_area_51m_r2_firmware *
dell latitude_3190_firmware *
dell latitude_5290_firmware *
dell chengming_3991_firmware *
dell xps_13_9300_firmware *
dell alienware_x17_r1_firmware *
dell latitude_5300_2-in-1_firmware *
dell vostro_5880_firmware *
dell latitude_e7270_firmware *
dell inspiron_3470_firmware *
dell inspiron_7700_aio_firmware *
dell inspiron_3582_firmware *
dell latitude_5400_firmware *
dell latitude_5310_firmware *
dell inspiron_7000_firmware *
dell g7_17_7790_firmware *
dell optiplex_7060_firmware *
dell xps_13_9370_firmware *
dell latitude_7220ex_rugged_extreme_tablet_firmware *
dell vostro_3268_firmware *
dell vostro_3583_firmware *
dell latitude_5510_firmware *
dell precision_7550_firmware *
dell precision_3540_firmware *
dell vostro_3471_firmware *
dell latitude_3379_firmware *
dell xps_13_9365_2-in-1_firmware *
dell vostro_3480_firmware *
dell xps_8950_firmware *
dell inspiron_5491_aio_firmware *
dell latitude_7400_2-in-1_firmware *
dell inspiron_3782_firmware *
dell latitude_7290_firmware *
dell latitude_5300_firmware *
dell optiplex_3280_aio_firmware *
dell precision_7920_tower_firmware *
dell inspiron_3670_firmware *
dell latitude_5285_2-in-1_firmware *
dell inspiron_3471_firmware *
dell optiplex_7071_firmware *
dell edge_gateway_3000_firmware *
dell inspiron_5482_firmware *
dell latitude_e5270_firmware *
dell latitude_3190_2-in-1_firmware *
dell precision_3541_firmware *
dell latitude_5414_rugged_firmware *
dell g3_3579_firmware *
dell latitude_5480_firmware *
dell inspiron_7586_firmware *
dell inspiron_3590_firmware *
dell precision_7720_firmware *
dell latitude_7275_2-in-1_firmware *
dell vostro_3582_firmware *
dell precision_3431_tower_firmware *
dell vostro_3267_firmware *
dell inspiron_5390_firmware *
dell vostro_5591_firmware *
dell optiplex_5050_firmware *
dell vostro_3481_firmware *
dell vostro_3490_firmware *
dell inspiron_5583_firmware *
dell alienware_m15_r4_firmware *
dell inspiron_3780_firmware *
dell latitude_5290_2-in-1_firmware *
dell vostro_3671_firmware *
dell xps_13_7390_2-in-1_firmware *
dell precision_3440_firmware *
dell precision_7510_firmware *
dell chengming_3980_firmware *
dell inspiron_3280_firmware *
dell precision_3640_tower_firmware *
dell xps_15_9575_2-in-1_firmware *
dell g3_15_5590_firmware *
dell latitude_7310_firmware *
dell vostro_5590_firmware *
dell precision_7710_firmware *
dell alienware_aurora_r9_firmware *
dell latitude_5580_firmware *
dell latitude_3120_firmware *
dell latitude_7410_firmware *
dell alienware_area_51m_r1_firmware *
dell inspiron_5598_firmware *
dell alienware_aurora_r10_firmware *
dell optiplex_3070_firmware *
dell latitude_3189_firmware *
dell inspiron_7791_firmware *
dell precision_7530_firmware *
dell vostro_3681_firmware *
dell latitude_7400_firmware *
dell inspiron_5491_2-in-1_firmware *
dell wyse_5470_firmware *
dell vostro_3581_firmware *
dell latitude_5495_firmware *
dell inspiron_5481_firmware *
dell optiplex_3080_firmware *
dell alienware_m17_r3_firmware *
dell latitude_5591_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell vostro_7590_firmware *
dell inspiron_3580_firmware *
dell latitude_3590_firmware *
dell optiplex_3040_firmware *
dell precision_7520_firmware *
dell inspiron_5680_firmware *
dell inspiron_5490_firmware *
dell latitude_3180_firmware *
dell inspiron_5584_firmware *
dell latitude_5420_rugged_firmware *
dell latitude_5500_firmware *
dell latitude_5488_firmware *
dell embedded_box_pc_3000_firmware *
dell vostro_3401_firmware *
dell latitude_5511_firmware *
dell inspiron_5391_firmware *
dell inspiron_3501_firmware *
dell inspiron_5580_firmware *
dell alienware_aurora_r13_firmware *
dell latitude_5590_firmware *
dell wyse_5070_firmware *
dell inspiron_5594_firmware *
dell optiplex_7050_firmware *
dell chengming_3990_firmware *
dell inspiron_7786_firmware *
dell xps_13_7390_firmware *
dell inspiron_7391_firmware *
dell wyse_7040_thin_client_firmware *
dell vostro_3668_firmware *
dell alienware_x17_r2_firmware *
dell vostro_3584_firmware *
dell inspiron_3881_firmware *
dell vostro_5090_firmware *
dell optiplex_7450_firmware *
dell alienware_aurora_r12_firmware *
dell xps_8940_firmware *
dell latitude_7220_rugged_extreme_tablet_firmware *
dell g3_15_3590_firmware *
dell alienware_m15_r3_firmware *
dell inspiron_5570_firmware *
dell vostro_3669_firmware *
dell precision_3550_firmware *
dell precision_5510_firmware *
dell inspiron_3481_firmware *
dell latitude_e5470_firmware *
dell inspiron_5498_firmware *
dell optiplex_5480_all-in-one_firmware *
dell inspiron_7570_firmware *
dell inspiron_5477_firmware *
dell optiplex_5055_firmware *
dell precision_3930_rack_firmware *
dell alienware_m15_r1_firmware *
dell xps_15_7590_firmware *
dell inspiron_3490_firmware *
dell latitude_3310_firmware *
dell latitude_3301_firmware *
dell g5_5000_firmware *
CVE-2022-32485

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0

Products Affected

Vendor Product Version
dell inspiron_5591_2-in-1_firmware *
dell optiplex_3090_firmware *
dell precision_7540_firmware *
dell latitude_5289_firmware *
dell chengming_3988_firmware *
dell optiplex_7480_all-in-one_firmware *
dell latitude_7370_firmware *
dell latitude_5280_firmware *
dell latitude_7214_rugged_extreme_firmware *
dell inspiron_3593_firmware *
dell inspiron_5593_firmware *
dell latitude_e7470_firmware *
dell inspiron_3477_firmware *
dell inspiron_3502_firmware *
dell latitude_7414_rugged_extreme_firmware *
dell inspiron_7590_firmware *
dell latitude_7390_2-in-1_firmware *
dell inspiron_5400_firmware *
dell latitude_7490_firmware *
dell optiplex_7040_firmware *
dell latitude_7210_2-in-1_firmware *
dell inspiron_3493_firmware *
dell inspiron_7777_firmware *
dell precision_3520_firmware *
dell inspiron_7386_firmware *
dell latitude_3480_firmware *
dell latitude_3580_firmware *
dell latitude_3310_2-in-1_firmware *
dell vostro_3590_firmware *
dell inspiron_7380_firmware *
dell latitude_3390_firmware *
dell latitude_7480_firmware *
dell inspiron_7370_firmware *
dell alienware_x14_firmware *
dell latitude_3490_firmware *
dell precision_3630_tower_firmware *
dell alienware_m17_r1_firmware *
dell precision_7820_tower_firmware *
dell inspiron_7591_firmware *
dell latitude_5410_firmware *
dell vostro_5391_firmware *
dell optiplex_7460_all_in_one_firmware *
dell latitude_9510_firmware *
dell inspiron_7373_firmware *
dell optiplex_3050_aio_firmware *
dell optiplex_5060_firmware *
dell inspiron_5401_firmware *
dell optiplex_7470_all-in-one_firmware *
dell precision_3430_tower_firmware *
dell alienware_m15_r2_firmware *
dell alienware_x15_r1_firmware *
dell xps_8930_firmware *
dell optiplex_5260_all-in-one_firmware *
dell edge_gateway_5000_firmware *
dell latitude_9410_firmware *
dell precision_3240_compact_firmware *
dell precision_5530_firmware *
dell vostro_3070_firmware *
dell optiplex_3050_firmware *
dell latitude_5411_firmware *
dell precision_3510_firmware *
dell latitude_5491_firmware *
dell g5_5090_firmware *
dell inspiron_3277_firmware *
dell inspiron_3781_firmware *
dell precision_5820_tower_firmware *
dell optiplex_3060_firmware *
dell vostro_5581_firmware *
dell inspiron_3581_firmware *
dell optiplex_xe3_firmware *
dell latitude_7389_firmware *
dell inspiron_7573_firmware *
dell inspiron_5590_firmware *
dell vostro_3580_firmware *
dell precision_5540_firmware *
dell embedded_box_pc_5000_firmware *
dell precision_7730_firmware *
dell vostro_5390_firmware *
dell latitude_5490_firmware *
dell precision_5720_aio_firmware *
dell inspiron_7390_firmware *
dell inspiron_3880_firmware *
dell inspiron_3482_firmware *
dell vostro_3881_firmware *
dell latitude_7380_firmware *
dell vostro_3501_firmware *
dell optiplex_5080_firmware *
dell inspiron_7580_firmware *
dell alienware_m17_r2_firmware *
dell alienware_aurora_r11_firmware *
dell inspiron_15_2-in-1_5582_firmware *
dell inspiron_7490_firmware *
dell precision_3551_firmware *
dell latitude_7200_2-in-1_firmware *
dell alienware_x15_r2_firmware *
dell g3_3779_firmware *
dell alienware_m17_r4_firmware *
dell precision_3620_tower_firmware *
dell optiplex_7070_firmware *
dell latitude_3300_firmware *
dell precision_7740_firmware *
dell vostro_3667_firmware *
dell inspiron_5494_firmware *
dell optiplex_5070_firmware *
dell vostro_3470_firmware *
dell inspiron_5493_firmware *
dell inspiron_3480_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_7212_rugged_extreme_tablet_firmware *
dell latitude_5501_firmware *
dell wyse_5470_all-in-one_firmware *
dell precision_5530_2-in-1_firmware *
dell latitude_7300_firmware *
dell xps_13_9380_firmware *
dell precision_3420_tower_firmware *
dell latitude_7390_firmware *
dell inspiron_15_3567_firmware *
dell inspiron_3790_firmware *
dell vostro_3670_firmware *
dell optiplex_3046_firmware *
dell inspiron_3671_firmware *
dell inspiron_14_3467_firmware *
dell optiplex_7070_ultra_firmware *
dell optiplex_7080_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell g7_17_7590_firmware *
dell inspiron_5770_firmware *
dell latitude_e5570_firmware *
dell xps_7590_firmware *
dell inspiron_3793_firmware *
dell alienware_aurora_r8_firmware *
dell inspiron_7790_firmware *
dell inspiron_5480_firmware *
dell precision_7750_firmware *
dell alienware_area_51m_r2_firmware *
dell latitude_3190_firmware *
dell latitude_5290_firmware *
dell chengming_3991_firmware *
dell xps_13_9300_firmware *
dell alienware_x17_r1_firmware *
dell latitude_5300_2-in-1_firmware *
dell vostro_5880_firmware *
dell latitude_e7270_firmware *
dell inspiron_3470_firmware *
dell inspiron_7700_aio_firmware *
dell inspiron_3582_firmware *
dell latitude_5400_firmware *
dell latitude_5310_firmware *
dell inspiron_7000_firmware *
dell g7_17_7790_firmware *
dell optiplex_7060_firmware *
dell xps_13_9370_firmware *
dell latitude_7220ex_rugged_extreme_tablet_firmware *
dell vostro_3268_firmware *
dell vostro_3583_firmware *
dell latitude_5510_firmware *
dell precision_7550_firmware *
dell precision_3540_firmware *
dell vostro_3471_firmware *
dell latitude_3379_firmware *
dell xps_13_9365_2-in-1_firmware *
dell vostro_3480_firmware *
dell xps_8950_firmware *
dell inspiron_5491_aio_firmware *
dell latitude_7400_2-in-1_firmware *
dell inspiron_3782_firmware *
dell latitude_7290_firmware *
dell latitude_5300_firmware *
dell optiplex_3280_aio_firmware *
dell precision_7920_tower_firmware *
dell inspiron_3670_firmware *
dell latitude_5285_2-in-1_firmware *
dell inspiron_3471_firmware *
dell optiplex_7071_firmware *
dell edge_gateway_3000_firmware *
dell inspiron_5482_firmware *
dell latitude_e5270_firmware *
dell latitude_3190_2-in-1_firmware *
dell precision_3541_firmware *
dell latitude_5414_rugged_firmware *
dell g3_3579_firmware *
dell latitude_5480_firmware *
dell inspiron_7586_firmware *
dell inspiron_3590_firmware *
dell precision_7720_firmware *
dell latitude_7275_2-in-1_firmware *
dell vostro_3582_firmware *
dell precision_3431_tower_firmware *
dell vostro_3267_firmware *
dell inspiron_5390_firmware *
dell vostro_5591_firmware *
dell optiplex_5050_firmware *
dell vostro_3481_firmware *
dell vostro_3490_firmware *
dell inspiron_5583_firmware *
dell alienware_m15_r4_firmware *
dell inspiron_3780_firmware *
dell latitude_5290_2-in-1_firmware *
dell vostro_3671_firmware *
dell xps_13_7390_2-in-1_firmware *
dell precision_3440_firmware *
dell precision_7510_firmware *
dell chengming_3980_firmware *
dell inspiron_3280_firmware *
dell precision_3640_tower_firmware *
dell xps_15_9575_2-in-1_firmware *
dell g3_15_5590_firmware *
dell latitude_7310_firmware *
dell vostro_5590_firmware *
dell precision_7710_firmware *
dell alienware_aurora_r9_firmware *
dell latitude_5580_firmware *
dell latitude_3120_firmware *
dell latitude_7410_firmware *
dell alienware_area_51m_r1_firmware *
dell inspiron_5598_firmware *
dell alienware_aurora_r10_firmware *
dell optiplex_3070_firmware *
dell latitude_3189_firmware *
dell inspiron_7791_firmware *
dell precision_7530_firmware *
dell vostro_3681_firmware *
dell latitude_7400_firmware *
dell inspiron_5491_2-in-1_firmware *
dell wyse_5470_firmware *
dell vostro_3581_firmware *
dell latitude_5495_firmware *
dell inspiron_5481_firmware *
dell optiplex_3080_firmware *
dell alienware_m17_r3_firmware *
dell latitude_5591_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell vostro_7590_firmware *
dell inspiron_3580_firmware *
dell latitude_3590_firmware *
dell optiplex_3040_firmware *
dell precision_7520_firmware *
dell inspiron_5680_firmware *
dell inspiron_5490_firmware *
dell latitude_3180_firmware *
dell inspiron_5584_firmware *
dell latitude_5420_rugged_firmware *
dell latitude_5500_firmware *
dell latitude_5488_firmware *
dell embedded_box_pc_3000_firmware *
dell vostro_3401_firmware *
dell latitude_5511_firmware *
dell inspiron_5391_firmware *
dell inspiron_3501_firmware *
dell inspiron_5580_firmware *
dell alienware_aurora_r13_firmware *
dell latitude_5590_firmware *
dell wyse_5070_firmware *
dell inspiron_5594_firmware *
dell optiplex_7050_firmware *
dell chengming_3990_firmware *
dell inspiron_7786_firmware *
dell xps_13_7390_firmware *
dell inspiron_7391_firmware *
dell wyse_7040_thin_client_firmware *
dell vostro_3668_firmware *
dell alienware_x17_r2_firmware *
dell vostro_3584_firmware *
dell inspiron_3881_firmware *
dell vostro_5090_firmware *
dell optiplex_7450_firmware *
dell alienware_aurora_r12_firmware *
dell xps_8940_firmware *
dell latitude_7220_rugged_extreme_tablet_firmware *
dell g3_15_3590_firmware *
dell alienware_m15_r3_firmware *
dell inspiron_5570_firmware *
dell vostro_3669_firmware *
dell precision_3550_firmware *
dell precision_5510_firmware *
dell inspiron_3481_firmware *
dell latitude_e5470_firmware *
dell inspiron_5498_firmware *
dell optiplex_5480_all-in-one_firmware *
dell inspiron_7570_firmware *
dell inspiron_5477_firmware *
dell optiplex_5055_firmware *
dell precision_3930_rack_firmware *
dell alienware_m15_r1_firmware *
dell xps_15_7590_firmware *
dell inspiron_3490_firmware *
dell latitude_3310_firmware *
dell latitude_3301_firmware *
dell g5_5000_firmware *
CVE-2022-32486

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0

Products Affected

Vendor Product Version
dell bios *
CVE-2022-32487

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell inspiron_5591_2-in-1_firmware *
dell optiplex_3090_firmware *
dell precision_7540_firmware *
dell latitude_5289_firmware *
dell chengming_3988_firmware *
dell optiplex_7480_all-in-one_firmware *
dell latitude_7370_firmware *
dell latitude_5280_firmware *
dell latitude_7214_rugged_extreme_firmware *
dell inspiron_3593_firmware *
dell inspiron_5593_firmware *
dell latitude_e7470_firmware *
dell inspiron_3477_firmware *
dell inspiron_3502_firmware *
dell latitude_7414_rugged_extreme_firmware *
dell inspiron_7590_firmware *
dell latitude_7390_2-in-1_firmware *
dell inspiron_5400_firmware *
dell latitude_7490_firmware *
dell optiplex_7040_firmware *
dell latitude_7210_2-in-1_firmware *
dell inspiron_3493_firmware *
dell inspiron_7777_firmware *
dell precision_3520_firmware *
dell inspiron_7386_firmware *
dell latitude_3480_firmware *
dell latitude_3580_firmware *
dell latitude_3310_2-in-1_firmware *
dell vostro_3590_firmware *
dell inspiron_7380_firmware *
dell latitude_3390_firmware *
dell latitude_7480_firmware *
dell inspiron_7370_firmware *
dell alienware_x14_firmware *
dell latitude_3490_firmware *
dell precision_3630_tower_firmware *
dell alienware_m17_r1_firmware *
dell precision_7820_tower_firmware *
dell inspiron_7591_firmware *
dell latitude_5410_firmware *
dell vostro_5391_firmware *
dell optiplex_7460_all_in_one_firmware *
dell latitude_9510_firmware *
dell inspiron_7373_firmware *
dell optiplex_3050_aio_firmware *
dell optiplex_5060_firmware *
dell inspiron_5401_firmware *
dell optiplex_7470_all-in-one_firmware *
dell precision_3430_tower_firmware *
dell alienware_m15_r2_firmware *
dell alienware_x15_r1_firmware *
dell xps_8930_firmware *
dell optiplex_5260_all-in-one_firmware *
dell edge_gateway_5000_firmware *
dell latitude_9410_firmware *
dell precision_3240_compact_firmware *
dell precision_5530_firmware *
dell vostro_3070_firmware *
dell optiplex_3050_firmware *
dell latitude_5411_firmware *
dell precision_3510_firmware *
dell latitude_5491_firmware *
dell g5_5090_firmware *
dell inspiron_3277_firmware *
dell inspiron_3781_firmware *
dell precision_5820_tower_firmware *
dell optiplex_3060_firmware *
dell vostro_5581_firmware *
dell inspiron_3581_firmware *
dell optiplex_xe3_firmware *
dell latitude_7389_firmware *
dell inspiron_7573_firmware *
dell inspiron_5590_firmware *
dell vostro_3580_firmware *
dell precision_5540_firmware *
dell embedded_box_pc_5000_firmware *
dell precision_7730_firmware *
dell vostro_5390_firmware *
dell latitude_5490_firmware *
dell precision_5720_aio_firmware *
dell inspiron_7390_firmware *
dell inspiron_3880_firmware *
dell inspiron_3482_firmware *
dell vostro_3881_firmware *
dell latitude_7380_firmware *
dell vostro_3501_firmware *
dell optiplex_5080_firmware *
dell inspiron_7580_firmware *
dell alienware_m17_r2_firmware *
dell alienware_aurora_r11_firmware *
dell inspiron_15_2-in-1_5582_firmware *
dell inspiron_7490_firmware *
dell precision_3551_firmware *
dell latitude_7200_2-in-1_firmware *
dell alienware_x15_r2_firmware *
dell g3_3779_firmware *
dell alienware_m17_r4_firmware *
dell precision_3620_tower_firmware *
dell optiplex_7070_firmware *
dell latitude_3300_firmware *
dell precision_7740_firmware *
dell vostro_3667_firmware *
dell inspiron_5494_firmware *
dell optiplex_5070_firmware *
dell vostro_3470_firmware *
dell inspiron_5493_firmware *
dell inspiron_3480_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_7212_rugged_extreme_tablet_firmware *
dell latitude_5501_firmware *
dell wyse_5470_all-in-one_firmware *
dell precision_5530_2-in-1_firmware *
dell latitude_7300_firmware *
dell xps_13_9380_firmware *
dell precision_3420_tower_firmware *
dell latitude_7390_firmware *
dell inspiron_15_3567_firmware *
dell inspiron_3790_firmware *
dell vostro_3670_firmware *
dell optiplex_3046_firmware *
dell inspiron_3671_firmware *
dell inspiron_14_3467_firmware *
dell optiplex_7070_ultra_firmware *
dell optiplex_7080_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell g7_17_7590_firmware *
dell inspiron_5770_firmware *
dell latitude_e5570_firmware *
dell xps_7590_firmware *
dell inspiron_3793_firmware *
dell alienware_aurora_r8_firmware *
dell inspiron_7790_firmware *
dell inspiron_5480_firmware *
dell precision_7750_firmware *
dell alienware_area_51m_r2_firmware *
dell latitude_3190_firmware *
dell latitude_5290_firmware *
dell chengming_3991_firmware *
dell xps_13_9300_firmware *
dell alienware_x17_r1_firmware *
dell latitude_5300_2-in-1_firmware *
dell vostro_5880_firmware *
dell latitude_e7270_firmware *
dell inspiron_3470_firmware *
dell inspiron_7700_aio_firmware *
dell inspiron_3582_firmware *
dell latitude_5400_firmware *
dell latitude_5310_firmware *
dell inspiron_7000_firmware *
dell g7_17_7790_firmware *
dell optiplex_7060_firmware *
dell xps_13_9370_firmware *
dell latitude_7220ex_rugged_extreme_tablet_firmware *
dell vostro_3268_firmware *
dell vostro_3583_firmware *
dell latitude_5510_firmware *
dell precision_7550_firmware *
dell precision_3540_firmware *
dell vostro_3471_firmware *
dell latitude_3379_firmware *
dell xps_13_9365_2-in-1_firmware *
dell vostro_3480_firmware *
dell xps_8950_firmware *
dell inspiron_5491_aio_firmware *
dell latitude_7400_2-in-1_firmware *
dell inspiron_3782_firmware *
dell latitude_7290_firmware *
dell latitude_5300_firmware *
dell optiplex_3280_aio_firmware *
dell precision_7920_tower_firmware *
dell inspiron_3670_firmware *
dell latitude_5285_2-in-1_firmware *
dell inspiron_3471_firmware *
dell optiplex_7071_firmware *
dell edge_gateway_3000_firmware *
dell inspiron_5482_firmware *
dell latitude_e5270_firmware *
dell latitude_3190_2-in-1_firmware *
dell precision_3541_firmware *
dell latitude_5414_rugged_firmware *
dell g3_3579_firmware *
dell latitude_5480_firmware *
dell inspiron_7586_firmware *
dell inspiron_3590_firmware *
dell precision_7720_firmware *
dell latitude_7275_2-in-1_firmware *
dell vostro_3582_firmware *
dell precision_3431_tower_firmware *
dell vostro_3267_firmware *
dell inspiron_5390_firmware *
dell vostro_5591_firmware *
dell optiplex_5050_firmware *
dell vostro_3481_firmware *
dell vostro_3490_firmware *
dell inspiron_5583_firmware *
dell alienware_m15_r4_firmware *
dell inspiron_3780_firmware *
dell latitude_5290_2-in-1_firmware *
dell vostro_3671_firmware *
dell xps_13_7390_2-in-1_firmware *
dell precision_3440_firmware *
dell precision_7510_firmware *
dell chengming_3980_firmware *
dell inspiron_3280_firmware *
dell precision_3640_tower_firmware *
dell xps_15_9575_2-in-1_firmware *
dell g3_15_5590_firmware *
dell latitude_7310_firmware *
dell vostro_5590_firmware *
dell precision_7710_firmware *
dell alienware_aurora_r9_firmware *
dell latitude_5580_firmware *
dell latitude_3120_firmware *
dell latitude_7410_firmware *
dell alienware_area_51m_r1_firmware *
dell inspiron_5598_firmware *
dell alienware_aurora_r10_firmware *
dell optiplex_3070_firmware *
dell latitude_3189_firmware *
dell inspiron_7791_firmware *
dell precision_7530_firmware *
dell vostro_3681_firmware *
dell latitude_7400_firmware *
dell inspiron_5491_2-in-1_firmware *
dell wyse_5470_firmware *
dell vostro_3581_firmware *
dell latitude_5495_firmware *
dell inspiron_5481_firmware *
dell optiplex_3080_firmware *
dell alienware_m17_r3_firmware *
dell latitude_5591_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell vostro_7590_firmware *
dell inspiron_3580_firmware *
dell latitude_3590_firmware *
dell optiplex_3040_firmware *
dell precision_7520_firmware *
dell inspiron_5680_firmware *
dell inspiron_5490_firmware *
dell latitude_3180_firmware *
dell inspiron_5584_firmware *
dell latitude_5420_rugged_firmware *
dell latitude_5500_firmware *
dell latitude_5488_firmware *
dell embedded_box_pc_3000_firmware *
dell vostro_3401_firmware *
dell latitude_5511_firmware *
dell inspiron_5391_firmware *
dell inspiron_3501_firmware *
dell inspiron_5580_firmware *
dell alienware_aurora_r13_firmware *
dell latitude_5590_firmware *
dell wyse_5070_firmware *
dell inspiron_5594_firmware *
dell optiplex_7050_firmware *
dell chengming_3990_firmware *
dell inspiron_7786_firmware *
dell xps_13_7390_firmware *
dell inspiron_7391_firmware *
dell wyse_7040_thin_client_firmware *
dell vostro_3668_firmware *
dell alienware_x17_r2_firmware *
dell vostro_3584_firmware *
dell inspiron_3881_firmware *
dell vostro_5090_firmware *
dell optiplex_7450_firmware *
dell alienware_aurora_r12_firmware *
dell xps_8940_firmware *
dell latitude_7220_rugged_extreme_tablet_firmware *
dell g3_15_3590_firmware *
dell alienware_m15_r3_firmware *
dell inspiron_5570_firmware *
dell vostro_3669_firmware *
dell precision_3550_firmware *
dell precision_5510_firmware *
dell inspiron_3481_firmware *
dell latitude_e5470_firmware *
dell inspiron_5498_firmware *
dell optiplex_5480_all-in-one_firmware *
dell inspiron_7570_firmware *
dell inspiron_5477_firmware *
dell optiplex_5055_firmware *
dell precision_3930_rack_firmware *
dell alienware_m15_r1_firmware *
dell xps_15_7590_firmware *
dell inspiron_3490_firmware *
dell latitude_3310_firmware *
dell latitude_3301_firmware *
dell g5_5000_firmware *
CVE-2022-32488

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0

Products Affected

Vendor Product Version
dell inspiron_5591_2-in-1_firmware *
dell optiplex_3090_firmware *
dell precision_7540_firmware *
dell latitude_5289_firmware *
dell chengming_3988_firmware *
dell optiplex_7480_all-in-one_firmware *
dell latitude_7370_firmware *
dell latitude_5280_firmware *
dell latitude_7214_rugged_extreme_firmware *
dell inspiron_3593_firmware *
dell inspiron_5593_firmware *
dell latitude_e7470_firmware *
dell inspiron_3477_firmware *
dell inspiron_3502_firmware *
dell latitude_7414_rugged_extreme_firmware *
dell inspiron_7590_firmware *
dell latitude_7390_2-in-1_firmware *
dell inspiron_5400_firmware *
dell latitude_7490_firmware *
dell optiplex_7040_firmware *
dell latitude_7210_2-in-1_firmware *
dell inspiron_3493_firmware *
dell inspiron_7777_firmware *
dell precision_3520_firmware *
dell inspiron_7386_firmware *
dell latitude_3480_firmware *
dell latitude_3580_firmware *
dell latitude_3310_2-in-1_firmware *
dell vostro_3590_firmware *
dell inspiron_7380_firmware *
dell latitude_3390_firmware *
dell latitude_7480_firmware *
dell inspiron_7370_firmware *
dell alienware_x14_firmware *
dell latitude_3490_firmware *
dell precision_3630_tower_firmware *
dell alienware_m17_r1_firmware *
dell precision_7820_tower_firmware *
dell inspiron_7591_firmware *
dell latitude_5410_firmware *
dell vostro_5391_firmware *
dell optiplex_7460_all_in_one_firmware *
dell latitude_9510_firmware *
dell inspiron_7373_firmware *
dell optiplex_3050_aio_firmware *
dell optiplex_5060_firmware *
dell inspiron_5401_firmware *
dell optiplex_7470_all-in-one_firmware *
dell precision_3430_tower_firmware *
dell alienware_m15_r2_firmware *
dell alienware_x15_r1_firmware *
dell xps_8930_firmware *
dell optiplex_5260_all-in-one_firmware *
dell edge_gateway_5000_firmware *
dell latitude_9410_firmware *
dell precision_3240_compact_firmware *
dell precision_5530_firmware *
dell vostro_3070_firmware *
dell optiplex_3050_firmware *
dell latitude_5411_firmware *
dell precision_3510_firmware *
dell latitude_5491_firmware *
dell g5_5090_firmware *
dell inspiron_3277_firmware *
dell inspiron_3781_firmware *
dell precision_5820_tower_firmware *
dell optiplex_3060_firmware *
dell vostro_5581_firmware *
dell inspiron_3581_firmware *
dell optiplex_xe3_firmware *
dell latitude_7389_firmware *
dell inspiron_7573_firmware *
dell inspiron_5590_firmware *
dell vostro_3580_firmware *
dell precision_5540_firmware *
dell embedded_box_pc_5000_firmware *
dell precision_7730_firmware *
dell vostro_5390_firmware *
dell latitude_5490_firmware *
dell precision_5720_aio_firmware *
dell inspiron_7390_firmware *
dell inspiron_3880_firmware *
dell inspiron_3482_firmware *
dell vostro_3881_firmware *
dell latitude_7380_firmware *
dell vostro_3501_firmware *
dell optiplex_5080_firmware *
dell inspiron_7580_firmware *
dell alienware_m17_r2_firmware *
dell alienware_aurora_r11_firmware *
dell inspiron_15_2-in-1_5582_firmware *
dell inspiron_7490_firmware *
dell precision_3551_firmware *
dell latitude_7200_2-in-1_firmware *
dell alienware_x15_r2_firmware *
dell g3_3779_firmware *
dell alienware_m17_r4_firmware *
dell precision_3620_tower_firmware *
dell optiplex_7070_firmware *
dell latitude_3300_firmware *
dell precision_7740_firmware *
dell vostro_3667_firmware *
dell inspiron_5494_firmware *
dell optiplex_5070_firmware *
dell vostro_3470_firmware *
dell inspiron_5493_firmware *
dell inspiron_3480_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_7212_rugged_extreme_tablet_firmware *
dell latitude_5501_firmware *
dell wyse_5470_all-in-one_firmware *
dell precision_5530_2-in-1_firmware *
dell latitude_7300_firmware *
dell xps_13_9380_firmware *
dell precision_3420_tower_firmware *
dell latitude_7390_firmware *
dell inspiron_15_3567_firmware *
dell inspiron_3790_firmware *
dell vostro_3670_firmware *
dell optiplex_3046_firmware *
dell inspiron_3671_firmware *
dell inspiron_14_3467_firmware *
dell optiplex_7070_ultra_firmware *
dell optiplex_7080_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell g7_17_7590_firmware *
dell inspiron_5770_firmware *
dell latitude_e5570_firmware *
dell xps_7590_firmware *
dell inspiron_3793_firmware *
dell alienware_aurora_r8_firmware *
dell inspiron_7790_firmware *
dell inspiron_5480_firmware *
dell precision_7750_firmware *
dell alienware_area_51m_r2_firmware *
dell latitude_3190_firmware *
dell latitude_5290_firmware *
dell chengming_3991_firmware *
dell xps_13_9300_firmware *
dell alienware_x17_r1_firmware *
dell latitude_5300_2-in-1_firmware *
dell vostro_5880_firmware *
dell latitude_e7270_firmware *
dell inspiron_3470_firmware *
dell inspiron_7700_aio_firmware *
dell inspiron_3582_firmware *
dell latitude_5400_firmware *
dell latitude_5310_firmware *
dell inspiron_7000_firmware *
dell g7_17_7790_firmware *
dell optiplex_7060_firmware *
dell xps_13_9370_firmware *
dell latitude_7220ex_rugged_extreme_tablet_firmware *
dell vostro_3268_firmware *
dell vostro_3583_firmware *
dell latitude_5510_firmware *
dell precision_7550_firmware *
dell precision_3540_firmware *
dell vostro_3471_firmware *
dell latitude_3379_firmware *
dell xps_13_9365_2-in-1_firmware *
dell vostro_3480_firmware *
dell xps_8950_firmware *
dell inspiron_5491_aio_firmware *
dell latitude_7400_2-in-1_firmware *
dell inspiron_3782_firmware *
dell latitude_7290_firmware *
dell latitude_5300_firmware *
dell optiplex_3280_aio_firmware *
dell precision_7920_tower_firmware *
dell inspiron_3670_firmware *
dell latitude_5285_2-in-1_firmware *
dell inspiron_3471_firmware *
dell optiplex_7071_firmware *
dell edge_gateway_3000_firmware *
dell inspiron_5482_firmware *
dell latitude_e5270_firmware *
dell latitude_3190_2-in-1_firmware *
dell precision_3541_firmware *
dell latitude_5414_rugged_firmware *
dell g3_3579_firmware *
dell latitude_5480_firmware *
dell inspiron_7586_firmware *
dell inspiron_3590_firmware *
dell precision_7720_firmware *
dell latitude_7275_2-in-1_firmware *
dell vostro_3582_firmware *
dell precision_3431_tower_firmware *
dell vostro_3267_firmware *
dell inspiron_5390_firmware *
dell vostro_5591_firmware *
dell optiplex_5050_firmware *
dell vostro_3481_firmware *
dell vostro_3490_firmware *
dell inspiron_5583_firmware *
dell alienware_m15_r4_firmware *
dell inspiron_3780_firmware *
dell latitude_5290_2-in-1_firmware *
dell vostro_3671_firmware *
dell xps_13_7390_2-in-1_firmware *
dell precision_3440_firmware *
dell precision_7510_firmware *
dell chengming_3980_firmware *
dell inspiron_3280_firmware *
dell precision_3640_tower_firmware *
dell xps_15_9575_2-in-1_firmware *
dell g3_15_5590_firmware *
dell latitude_7310_firmware *
dell vostro_5590_firmware *
dell precision_7710_firmware *
dell alienware_aurora_r9_firmware *
dell latitude_5580_firmware *
dell latitude_3120_firmware *
dell latitude_7410_firmware *
dell alienware_area_51m_r1_firmware *
dell inspiron_5598_firmware *
dell alienware_aurora_r10_firmware *
dell optiplex_3070_firmware *
dell latitude_3189_firmware *
dell inspiron_7791_firmware *
dell precision_7530_firmware *
dell vostro_3681_firmware *
dell latitude_7400_firmware *
dell inspiron_5491_2-in-1_firmware *
dell wyse_5470_firmware *
dell vostro_3581_firmware *
dell latitude_5495_firmware *
dell inspiron_5481_firmware *
dell optiplex_3080_firmware *
dell alienware_m17_r3_firmware *
dell latitude_5591_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell vostro_7590_firmware *
dell inspiron_3580_firmware *
dell latitude_3590_firmware *
dell optiplex_3040_firmware *
dell precision_7520_firmware *
dell inspiron_5680_firmware *
dell inspiron_5490_firmware *
dell latitude_3180_firmware *
dell inspiron_5584_firmware *
dell latitude_5420_rugged_firmware *
dell latitude_5500_firmware *
dell latitude_5488_firmware *
dell embedded_box_pc_3000_firmware *
dell vostro_3401_firmware *
dell latitude_5511_firmware *
dell inspiron_5391_firmware *
dell inspiron_3501_firmware *
dell inspiron_5580_firmware *
dell alienware_aurora_r13_firmware *
dell latitude_5590_firmware *
dell wyse_5070_firmware *
dell inspiron_5594_firmware *
dell optiplex_7050_firmware *
dell chengming_3990_firmware *
dell inspiron_7786_firmware *
dell xps_13_7390_firmware *
dell inspiron_7391_firmware *
dell wyse_7040_thin_client_firmware *
dell vostro_3668_firmware *
dell alienware_x17_r2_firmware *
dell vostro_3584_firmware *
dell inspiron_3881_firmware *
dell vostro_5090_firmware *
dell optiplex_7450_firmware *
dell alienware_aurora_r12_firmware *
dell xps_8940_firmware *
dell latitude_7220_rugged_extreme_tablet_firmware *
dell g3_15_3590_firmware *
dell alienware_m15_r3_firmware *
dell inspiron_5570_firmware *
dell vostro_3669_firmware *
dell precision_3550_firmware *
dell precision_5510_firmware *
dell inspiron_3481_firmware *
dell latitude_e5470_firmware *
dell inspiron_5498_firmware *
dell optiplex_5480_all-in-one_firmware *
dell inspiron_7570_firmware *
dell inspiron_5477_firmware *
dell optiplex_5055_firmware *
dell precision_3930_rack_firmware *
dell alienware_m15_r1_firmware *
dell xps_15_7590_firmware *
dell inspiron_3490_firmware *
dell latitude_3310_firmware *
dell latitude_3301_firmware *
dell g5_5000_firmware *
CVE-2022-32489

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell inspiron_5591_2-in-1_firmware *
dell optiplex_3090_firmware *
dell precision_7540_firmware *
dell latitude_5289_firmware *
dell chengming_3988_firmware *
dell optiplex_7480_all-in-one_firmware *
dell latitude_7370_firmware *
dell latitude_5280_firmware *
dell latitude_7214_rugged_extreme_firmware *
dell inspiron_3593_firmware *
dell inspiron_5593_firmware *
dell latitude_e7470_firmware *
dell inspiron_3477_firmware *
dell inspiron_3502_firmware *
dell latitude_7414_rugged_extreme_firmware *
dell inspiron_7590_firmware *
dell latitude_7390_2-in-1_firmware *
dell inspiron_5400_firmware *
dell latitude_7490_firmware *
dell optiplex_7040_firmware *
dell latitude_7210_2-in-1_firmware *
dell inspiron_3493_firmware *
dell inspiron_7777_firmware *
dell precision_3520_firmware *
dell inspiron_7386_firmware *
dell latitude_3480_firmware *
dell latitude_3580_firmware *
dell latitude_3310_2-in-1_firmware *
dell vostro_3590_firmware *
dell inspiron_7380_firmware *
dell latitude_3390_firmware *
dell latitude_7480_firmware *
dell inspiron_7370_firmware *
dell alienware_x14_firmware *
dell latitude_3490_firmware *
dell precision_3630_tower_firmware *
dell alienware_m17_r1_firmware *
dell precision_7820_tower_firmware *
dell inspiron_7591_firmware *
dell latitude_5410_firmware *
dell vostro_5391_firmware *
dell optiplex_7460_all_in_one_firmware *
dell latitude_9510_firmware *
dell inspiron_7373_firmware *
dell optiplex_3050_aio_firmware *
dell optiplex_5060_firmware *
dell inspiron_5401_firmware *
dell optiplex_7470_all-in-one_firmware *
dell precision_3430_tower_firmware *
dell alienware_m15_r2_firmware *
dell alienware_x15_r1_firmware *
dell xps_8930_firmware *
dell optiplex_5260_all-in-one_firmware *
dell edge_gateway_5000_firmware *
dell latitude_9410_firmware *
dell precision_3240_compact_firmware *
dell precision_5530_firmware *
dell vostro_3070_firmware *
dell optiplex_3050_firmware *
dell latitude_5411_firmware *
dell precision_3510_firmware *
dell latitude_5491_firmware *
dell g5_5090_firmware *
dell inspiron_3277_firmware *
dell inspiron_3781_firmware *
dell precision_5820_tower_firmware *
dell optiplex_3060_firmware *
dell vostro_5581_firmware *
dell inspiron_3581_firmware *
dell optiplex_xe3_firmware *
dell latitude_7389_firmware *
dell inspiron_7573_firmware *
dell inspiron_5590_firmware *
dell vostro_3580_firmware *
dell precision_5540_firmware *
dell embedded_box_pc_5000_firmware *
dell precision_7730_firmware *
dell vostro_5390_firmware *
dell latitude_5490_firmware *
dell precision_5720_aio_firmware *
dell inspiron_7390_firmware *
dell inspiron_3880_firmware *
dell inspiron_3482_firmware *
dell vostro_3881_firmware *
dell latitude_7380_firmware *
dell vostro_3501_firmware *
dell optiplex_5080_firmware *
dell inspiron_7580_firmware *
dell alienware_m17_r2_firmware *
dell alienware_aurora_r11_firmware *
dell inspiron_15_2-in-1_5582_firmware *
dell inspiron_7490_firmware *
dell precision_3551_firmware *
dell latitude_7200_2-in-1_firmware *
dell alienware_x15_r2_firmware *
dell g3_3779_firmware *
dell alienware_m17_r4_firmware *
dell precision_3620_tower_firmware *
dell optiplex_7070_firmware *
dell latitude_3300_firmware *
dell precision_7740_firmware *
dell vostro_3667_firmware *
dell inspiron_5494_firmware *
dell optiplex_5070_firmware *
dell vostro_3470_firmware *
dell inspiron_5493_firmware *
dell inspiron_3480_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_7212_rugged_extreme_tablet_firmware *
dell latitude_5501_firmware *
dell wyse_5470_all-in-one_firmware *
dell precision_5530_2-in-1_firmware *
dell latitude_7300_firmware *
dell xps_13_9380_firmware *
dell precision_3420_tower_firmware *
dell latitude_7390_firmware *
dell inspiron_15_3567_firmware *
dell inspiron_3790_firmware *
dell vostro_3670_firmware *
dell optiplex_3046_firmware *
dell inspiron_3671_firmware *
dell inspiron_14_3467_firmware *
dell optiplex_7070_ultra_firmware *
dell optiplex_7080_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell g7_17_7590_firmware *
dell inspiron_5770_firmware *
dell latitude_e5570_firmware *
dell xps_7590_firmware *
dell inspiron_3793_firmware *
dell alienware_aurora_r8_firmware *
dell inspiron_7790_firmware *
dell inspiron_5480_firmware *
dell precision_7750_firmware *
dell alienware_area_51m_r2_firmware *
dell latitude_3190_firmware *
dell latitude_5290_firmware *
dell chengming_3991_firmware *
dell xps_13_9300_firmware *
dell alienware_x17_r1_firmware *
dell latitude_5300_2-in-1_firmware *
dell vostro_5880_firmware *
dell latitude_e7270_firmware *
dell inspiron_3470_firmware *
dell inspiron_7700_aio_firmware *
dell inspiron_3582_firmware *
dell latitude_5400_firmware *
dell latitude_5310_firmware *
dell inspiron_7000_firmware *
dell g7_17_7790_firmware *
dell optiplex_7060_firmware *
dell xps_13_9370_firmware *
dell latitude_7220ex_rugged_extreme_tablet_firmware *
dell vostro_3268_firmware *
dell vostro_3583_firmware *
dell latitude_5510_firmware *
dell precision_7550_firmware *
dell precision_3540_firmware *
dell vostro_3471_firmware *
dell latitude_3379_firmware *
dell xps_13_9365_2-in-1_firmware *
dell vostro_3480_firmware *
dell xps_8950_firmware *
dell inspiron_5491_aio_firmware *
dell latitude_7400_2-in-1_firmware *
dell inspiron_3782_firmware *
dell latitude_7290_firmware *
dell latitude_5300_firmware *
dell optiplex_3280_aio_firmware *
dell precision_7920_tower_firmware *
dell inspiron_3670_firmware *
dell latitude_5285_2-in-1_firmware *
dell inspiron_3471_firmware *
dell optiplex_7071_firmware *
dell edge_gateway_3000_firmware *
dell inspiron_5482_firmware *
dell latitude_e5270_firmware *
dell latitude_3190_2-in-1_firmware *
dell precision_3541_firmware *
dell latitude_5414_rugged_firmware *
dell g3_3579_firmware *
dell latitude_5480_firmware *
dell inspiron_7586_firmware *
dell inspiron_3590_firmware *
dell precision_7720_firmware *
dell latitude_7275_2-in-1_firmware *
dell vostro_3582_firmware *
dell precision_3431_tower_firmware *
dell vostro_3267_firmware *
dell inspiron_5390_firmware *
dell vostro_5591_firmware *
dell optiplex_5050_firmware *
dell vostro_3481_firmware *
dell vostro_3490_firmware *
dell inspiron_5583_firmware *
dell alienware_m15_r4_firmware *
dell inspiron_3780_firmware *
dell latitude_5290_2-in-1_firmware *
dell vostro_3671_firmware *
dell xps_13_7390_2-in-1_firmware *
dell precision_3440_firmware *
dell precision_7510_firmware *
dell chengming_3980_firmware *
dell inspiron_3280_firmware *
dell precision_3640_tower_firmware *
dell xps_15_9575_2-in-1_firmware *
dell g3_15_5590_firmware *
dell latitude_7310_firmware *
dell vostro_5590_firmware *
dell precision_7710_firmware *
dell alienware_aurora_r9_firmware *
dell latitude_5580_firmware *
dell latitude_3120_firmware *
dell latitude_7410_firmware *
dell alienware_area_51m_r1_firmware *
dell inspiron_5598_firmware *
dell alienware_aurora_r10_firmware *
dell optiplex_3070_firmware *
dell latitude_3189_firmware *
dell inspiron_7791_firmware *
dell precision_7530_firmware *
dell vostro_3681_firmware *
dell latitude_7400_firmware *
dell inspiron_5491_2-in-1_firmware *
dell wyse_5470_firmware *
dell vostro_3581_firmware *
dell latitude_5495_firmware *
dell inspiron_5481_firmware *
dell optiplex_3080_firmware *
dell alienware_m17_r3_firmware *
dell latitude_5591_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell vostro_7590_firmware *
dell inspiron_3580_firmware *
dell latitude_3590_firmware *
dell optiplex_3040_firmware *
dell precision_7520_firmware *
dell inspiron_5680_firmware *
dell inspiron_5490_firmware *
dell latitude_3180_firmware *
dell inspiron_5584_firmware *
dell latitude_5420_rugged_firmware *
dell latitude_5500_firmware *
dell latitude_5488_firmware *
dell embedded_box_pc_3000_firmware *
dell vostro_3401_firmware *
dell latitude_5511_firmware *
dell inspiron_5391_firmware *
dell inspiron_3501_firmware *
dell inspiron_5580_firmware *
dell alienware_aurora_r13_firmware *
dell latitude_5590_firmware *
dell wyse_5070_firmware *
dell inspiron_5594_firmware *
dell optiplex_7050_firmware *
dell chengming_3990_firmware *
dell inspiron_7786_firmware *
dell xps_13_7390_firmware *
dell inspiron_7391_firmware *
dell wyse_7040_thin_client_firmware *
dell vostro_3668_firmware *
dell alienware_x17_r2_firmware *
dell vostro_3584_firmware *
dell inspiron_3881_firmware *
dell vostro_5090_firmware *
dell optiplex_7450_firmware *
dell alienware_aurora_r12_firmware *
dell xps_8940_firmware *
dell latitude_7220_rugged_extreme_tablet_firmware *
dell g3_15_3590_firmware *
dell alienware_m15_r3_firmware *
dell inspiron_5570_firmware *
dell vostro_3669_firmware *
dell precision_3550_firmware *
dell precision_5510_firmware *
dell inspiron_3481_firmware *
dell latitude_e5470_firmware *
dell inspiron_5498_firmware *
dell optiplex_5480_all-in-one_firmware *
dell inspiron_7570_firmware *
dell inspiron_5477_firmware *
dell optiplex_5055_firmware *
dell precision_3930_rack_firmware *
dell alienware_m15_r1_firmware *
dell xps_15_7590_firmware *
dell inspiron_3490_firmware *
dell latitude_3310_firmware *
dell latitude_3301_firmware *
dell g5_5000_firmware *
CVE-2022-32490

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Products Affected

Vendor Product Version
dell edge_gateway_3000_firmware *
dell embedded_box_pc_3000_firmware *
dell edge_gateway_5000_firmware *
CVE-2022-32491

Dell Client BIOS contains a Buffer Overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause an arbitrary write during SMM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 4.1 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N 0.5 3.6

Products Affected

Vendor Product Version
dell inspiron_5591_2-in-1_firmware *
dell optiplex_3090_firmware *
dell precision_7540_firmware *
dell latitude_5289_firmware *
dell chengming_3988_firmware *
dell optiplex_7480_all-in-one_firmware *
dell latitude_7370_firmware *
dell latitude_5280_firmware *
dell latitude_7214_rugged_extreme_firmware *
dell inspiron_3593_firmware *
dell inspiron_5593_firmware *
dell latitude_e7470_firmware *
dell inspiron_3477_firmware *
dell inspiron_3502_firmware *
dell latitude_7414_rugged_extreme_firmware *
dell inspiron_7590_firmware *
dell latitude_7390_2-in-1_firmware *
dell inspiron_5400_firmware *
dell latitude_7490_firmware *
dell optiplex_7040_firmware *
dell latitude_7210_2-in-1_firmware *
dell inspiron_3493_firmware *
dell inspiron_7777_firmware *
dell precision_3520_firmware *
dell inspiron_7386_firmware *
dell latitude_3480_firmware *
dell latitude_3580_firmware *
dell latitude_3310_2-in-1_firmware *
dell vostro_3590_firmware *
dell inspiron_7380_firmware *
dell latitude_3390_firmware *
dell latitude_7480_firmware *
dell inspiron_7370_firmware *
dell alienware_x14_firmware *
dell latitude_3490_firmware *
dell precision_3630_tower_firmware *
dell alienware_m17_r1_firmware *
dell precision_7820_tower_firmware *
dell inspiron_7591_firmware *
dell latitude_5410_firmware *
dell vostro_5391_firmware *
dell optiplex_7460_all_in_one_firmware *
dell latitude_9510_firmware *
dell inspiron_7373_firmware *
dell optiplex_3050_aio_firmware *
dell optiplex_5060_firmware *
dell inspiron_5401_firmware *
dell optiplex_7470_all-in-one_firmware *
dell precision_3430_tower_firmware *
dell alienware_m15_r2_firmware *
dell alienware_x15_r1_firmware *
dell xps_8930_firmware *
dell optiplex_5260_all-in-one_firmware *
dell edge_gateway_5000_firmware *
dell latitude_9410_firmware *
dell precision_3240_compact_firmware *
dell precision_5530_firmware *
dell vostro_3070_firmware *
dell optiplex_3050_firmware *
dell latitude_5411_firmware *
dell precision_3510_firmware *
dell latitude_5491_firmware *
dell g5_5090_firmware *
dell inspiron_3277_firmware *
dell inspiron_3781_firmware *
dell precision_5820_tower_firmware *
dell optiplex_3060_firmware *
dell vostro_5581_firmware *
dell inspiron_3581_firmware *
dell optiplex_xe3_firmware *
dell latitude_7389_firmware *
dell inspiron_7573_firmware *
dell inspiron_5590_firmware *
dell vostro_3580_firmware *
dell precision_5540_firmware *
dell embedded_box_pc_5000_firmware *
dell precision_7730_firmware *
dell vostro_5390_firmware *
dell latitude_5490_firmware *
dell precision_5720_aio_firmware *
dell inspiron_7390_firmware *
dell inspiron_3880_firmware *
dell inspiron_3482_firmware *
dell vostro_3881_firmware *
dell latitude_7380_firmware *
dell vostro_3501_firmware *
dell optiplex_5080_firmware *
dell inspiron_7580_firmware *
dell alienware_m17_r2_firmware *
dell alienware_aurora_r11_firmware *
dell inspiron_15_2-in-1_5582_firmware *
dell inspiron_7490_firmware *
dell precision_3551_firmware *
dell latitude_7200_2-in-1_firmware *
dell alienware_x15_r2_firmware *
dell g3_3779_firmware *
dell alienware_m17_r4_firmware *
dell precision_3620_tower_firmware *
dell optiplex_7070_firmware *
dell latitude_3300_firmware *
dell precision_7740_firmware *
dell vostro_3667_firmware *
dell inspiron_5494_firmware *
dell optiplex_5070_firmware *
dell vostro_3470_firmware *
dell inspiron_5493_firmware *
dell inspiron_3480_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_7212_rugged_extreme_tablet_firmware *
dell latitude_5501_firmware *
dell wyse_5470_all-in-one_firmware *
dell precision_5530_2-in-1_firmware *
dell latitude_7300_firmware *
dell xps_13_9380_firmware *
dell precision_3420_tower_firmware *
dell latitude_7390_firmware *
dell inspiron_15_3567_firmware *
dell inspiron_3790_firmware *
dell vostro_3670_firmware *
dell optiplex_3046_firmware *
dell inspiron_3671_firmware *
dell inspiron_14_3467_firmware *
dell optiplex_7070_ultra_firmware *
dell optiplex_7080_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell g7_17_7590_firmware *
dell inspiron_5770_firmware *
dell latitude_e5570_firmware *
dell xps_7590_firmware *
dell inspiron_3793_firmware *
dell alienware_aurora_r8_firmware *
dell inspiron_7790_firmware *
dell inspiron_5480_firmware *
dell precision_7750_firmware *
dell alienware_area_51m_r2_firmware *
dell latitude_3190_firmware *
dell latitude_5290_firmware *
dell chengming_3991_firmware *
dell xps_13_9300_firmware *
dell alienware_x17_r1_firmware *
dell latitude_5300_2-in-1_firmware *
dell vostro_5880_firmware *
dell latitude_e7270_firmware *
dell inspiron_3470_firmware *
dell inspiron_7700_aio_firmware *
dell inspiron_3582_firmware *
dell latitude_5400_firmware *
dell latitude_5310_firmware *
dell inspiron_7000_firmware *
dell g7_17_7790_firmware *
dell optiplex_7060_firmware *
dell xps_13_9370_firmware *
dell latitude_7220ex_rugged_extreme_tablet_firmware *
dell vostro_3268_firmware *
dell vostro_3583_firmware *
dell latitude_5510_firmware *
dell precision_7550_firmware *
dell precision_3540_firmware *
dell vostro_3471_firmware *
dell latitude_3379_firmware *
dell xps_13_9365_2-in-1_firmware *
dell vostro_3480_firmware *
dell xps_8950_firmware *
dell inspiron_5491_aio_firmware *
dell latitude_7400_2-in-1_firmware *
dell inspiron_3782_firmware *
dell latitude_7290_firmware *
dell latitude_5300_firmware *
dell optiplex_3280_aio_firmware *
dell precision_7920_tower_firmware *
dell inspiron_3670_firmware *
dell latitude_5285_2-in-1_firmware *
dell inspiron_3471_firmware *
dell optiplex_7071_firmware *
dell edge_gateway_3000_firmware *
dell inspiron_5482_firmware *
dell latitude_e5270_firmware *
dell latitude_3190_2-in-1_firmware *
dell precision_3541_firmware *
dell latitude_5414_rugged_firmware *
dell g3_3579_firmware *
dell latitude_5480_firmware *
dell inspiron_7586_firmware *
dell inspiron_3590_firmware *
dell precision_7720_firmware *
dell latitude_7275_2-in-1_firmware *
dell vostro_3582_firmware *
dell precision_3431_tower_firmware *
dell vostro_3267_firmware *
dell inspiron_5390_firmware *
dell vostro_5591_firmware *
dell optiplex_5050_firmware *
dell vostro_3481_firmware *
dell vostro_3490_firmware *
dell inspiron_5583_firmware *
dell alienware_m15_r4_firmware *
dell inspiron_3780_firmware *
dell latitude_5290_2-in-1_firmware *
dell vostro_3671_firmware *
dell xps_13_7390_2-in-1_firmware *
dell precision_3440_firmware *
dell precision_7510_firmware *
dell chengming_3980_firmware *
dell inspiron_3280_firmware *
dell precision_3640_tower_firmware *
dell xps_15_9575_2-in-1_firmware *
dell g3_15_5590_firmware *
dell latitude_7310_firmware *
dell vostro_5590_firmware *
dell precision_7710_firmware *
dell alienware_aurora_r9_firmware *
dell latitude_5580_firmware *
dell latitude_3120_firmware *
dell latitude_7410_firmware *
dell alienware_area_51m_r1_firmware *
dell inspiron_5598_firmware *
dell alienware_aurora_r10_firmware *
dell optiplex_3070_firmware *
dell latitude_3189_firmware *
dell inspiron_7791_firmware *
dell precision_7530_firmware *
dell vostro_3681_firmware *
dell latitude_7400_firmware *
dell inspiron_5491_2-in-1_firmware *
dell wyse_5470_firmware *
dell vostro_3581_firmware *
dell latitude_5495_firmware *
dell inspiron_5481_firmware *
dell optiplex_3080_firmware *
dell alienware_m17_r3_firmware *
dell latitude_5591_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell vostro_7590_firmware *
dell inspiron_3580_firmware *
dell latitude_3590_firmware *
dell optiplex_3040_firmware *
dell precision_7520_firmware *
dell inspiron_5680_firmware *
dell inspiron_5490_firmware *
dell latitude_3180_firmware *
dell inspiron_5584_firmware *
dell latitude_5420_rugged_firmware *
dell latitude_5500_firmware *
dell latitude_5488_firmware *
dell embedded_box_pc_3000_firmware *
dell vostro_3401_firmware *
dell latitude_5511_firmware *
dell inspiron_5391_firmware *
dell inspiron_3501_firmware *
dell inspiron_5580_firmware *
dell alienware_aurora_r13_firmware *
dell latitude_5590_firmware *
dell wyse_5070_firmware *
dell inspiron_5594_firmware *
dell optiplex_7050_firmware *
dell chengming_3990_firmware *
dell inspiron_7786_firmware *
dell xps_13_7390_firmware *
dell inspiron_7391_firmware *
dell wyse_7040_thin_client_firmware *
dell vostro_3668_firmware *
dell alienware_x17_r2_firmware *
dell vostro_3584_firmware *
dell inspiron_3881_firmware *
dell vostro_5090_firmware *
dell optiplex_7450_firmware *
dell alienware_aurora_r12_firmware *
dell xps_8940_firmware *
dell latitude_7220_rugged_extreme_tablet_firmware *
dell g3_15_3590_firmware *
dell alienware_m15_r3_firmware *
dell inspiron_5570_firmware *
dell vostro_3669_firmware *
dell precision_3550_firmware *
dell precision_5510_firmware *
dell inspiron_3481_firmware *
dell latitude_e5470_firmware *
dell inspiron_5498_firmware *
dell optiplex_5480_all-in-one_firmware *
dell inspiron_7570_firmware *
dell inspiron_5477_firmware *
dell optiplex_5055_firmware *
dell precision_3930_rack_firmware *
dell alienware_m15_r1_firmware *
dell xps_15_7590_firmware *
dell inspiron_3490_firmware *
dell latitude_3310_firmware *
dell latitude_3301_firmware *
dell g5_5000_firmware *
CVE-2022-32492

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0

Products Affected

Vendor Product Version
dell bios *
CVE-2022-32493

Dell BIOS contains an Stack-Based Buffer Overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 0.8 5.2
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell inspiron_5591_2-in-1_firmware *
dell optiplex_3090_firmware *
dell precision_7540_firmware *
dell latitude_5289_firmware *
dell chengming_3988_firmware *
dell optiplex_7480_all-in-one_firmware *
dell latitude_7370_firmware *
dell latitude_5280_firmware *
dell latitude_7214_rugged_extreme_firmware *
dell inspiron_3593_firmware *
dell inspiron_5593_firmware *
dell latitude_e7470_firmware *
dell inspiron_3477_firmware *
dell inspiron_3502_firmware *
dell latitude_7414_rugged_extreme_firmware *
dell inspiron_7590_firmware *
dell latitude_7390_2-in-1_firmware *
dell inspiron_5400_firmware *
dell latitude_7490_firmware *
dell optiplex_7040_firmware *
dell latitude_7210_2-in-1_firmware *
dell inspiron_3493_firmware *
dell inspiron_7777_firmware *
dell precision_3520_firmware *
dell inspiron_7386_firmware *
dell latitude_3480_firmware *
dell latitude_3580_firmware *
dell latitude_3310_2-in-1_firmware *
dell vostro_3590_firmware *
dell inspiron_7380_firmware *
dell latitude_3390_firmware *
dell latitude_7480_firmware *
dell inspiron_7370_firmware *
dell alienware_x14_firmware *
dell latitude_3490_firmware *
dell precision_3630_tower_firmware *
dell alienware_m17_r1_firmware *
dell precision_7820_tower_firmware *
dell inspiron_7591_firmware *
dell latitude_5410_firmware *
dell vostro_5391_firmware *
dell optiplex_7460_all_in_one_firmware *
dell latitude_9510_firmware *
dell inspiron_7373_firmware *
dell optiplex_3050_aio_firmware *
dell optiplex_5060_firmware *
dell inspiron_5401_firmware *
dell optiplex_7470_all-in-one_firmware *
dell precision_3430_tower_firmware *
dell alienware_m15_r2_firmware *
dell alienware_x15_r1_firmware *
dell xps_8930_firmware *
dell optiplex_5260_all-in-one_firmware *
dell edge_gateway_5000_firmware *
dell latitude_9410_firmware *
dell precision_3240_compact_firmware *
dell precision_5530_firmware *
dell vostro_3070_firmware *
dell optiplex_3050_firmware *
dell latitude_5411_firmware *
dell precision_3510_firmware *
dell latitude_5491_firmware *
dell g5_5090_firmware *
dell inspiron_3277_firmware *
dell inspiron_3781_firmware *
dell precision_5820_tower_firmware *
dell optiplex_3060_firmware *
dell vostro_5581_firmware *
dell inspiron_3581_firmware *
dell optiplex_xe3_firmware *
dell latitude_7389_firmware *
dell inspiron_7573_firmware *
dell inspiron_5590_firmware *
dell vostro_3580_firmware *
dell precision_5540_firmware *
dell embedded_box_pc_5000_firmware *
dell precision_7730_firmware *
dell vostro_5390_firmware *
dell latitude_5490_firmware *
dell precision_5720_aio_firmware *
dell inspiron_7390_firmware *
dell inspiron_3880_firmware *
dell inspiron_3482_firmware *
dell vostro_3881_firmware *
dell latitude_7380_firmware *
dell vostro_3501_firmware *
dell optiplex_5080_firmware *
dell inspiron_7580_firmware *
dell alienware_m17_r2_firmware *
dell alienware_aurora_r11_firmware *
dell inspiron_15_2-in-1_5582_firmware *
dell inspiron_7490_firmware *
dell precision_3551_firmware *
dell latitude_7200_2-in-1_firmware *
dell alienware_x15_r2_firmware *
dell g3_3779_firmware *
dell alienware_m17_r4_firmware *
dell precision_3620_tower_firmware *
dell optiplex_7070_firmware *
dell latitude_3300_firmware *
dell precision_7740_firmware *
dell vostro_3667_firmware *
dell inspiron_5494_firmware *
dell optiplex_5070_firmware *
dell vostro_3470_firmware *
dell inspiron_5493_firmware *
dell inspiron_3480_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_7212_rugged_extreme_tablet_firmware *
dell latitude_5501_firmware *
dell wyse_5470_all-in-one_firmware *
dell precision_5530_2-in-1_firmware *
dell latitude_7300_firmware *
dell xps_13_9380_firmware *
dell precision_3420_tower_firmware *
dell latitude_7390_firmware *
dell inspiron_15_3567_firmware *
dell inspiron_3790_firmware *
dell vostro_3670_firmware *
dell optiplex_3046_firmware *
dell inspiron_3671_firmware *
dell inspiron_14_3467_firmware *
dell optiplex_7070_ultra_firmware *
dell optiplex_7080_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell g7_17_7590_firmware *
dell inspiron_5770_firmware *
dell latitude_e5570_firmware *
dell xps_7590_firmware *
dell inspiron_3793_firmware *
dell alienware_aurora_r8_firmware *
dell inspiron_7790_firmware *
dell inspiron_5480_firmware *
dell precision_7750_firmware *
dell alienware_area_51m_r2_firmware *
dell latitude_3190_firmware *
dell latitude_5290_firmware *
dell chengming_3991_firmware *
dell xps_13_9300_firmware *
dell alienware_x17_r1_firmware *
dell latitude_5300_2-in-1_firmware *
dell vostro_5880_firmware *
dell latitude_e7270_firmware *
dell inspiron_3470_firmware *
dell inspiron_7700_aio_firmware *
dell inspiron_3582_firmware *
dell latitude_5400_firmware *
dell latitude_5310_firmware *
dell inspiron_7000_firmware *
dell g7_17_7790_firmware *
dell optiplex_7060_firmware *
dell xps_13_9370_firmware *
dell latitude_7220ex_rugged_extreme_tablet_firmware *
dell vostro_3268_firmware *
dell vostro_3583_firmware *
dell latitude_5510_firmware *
dell precision_7550_firmware *
dell precision_3540_firmware *
dell vostro_3471_firmware *
dell latitude_3379_firmware *
dell xps_13_9365_2-in-1_firmware *
dell vostro_3480_firmware *
dell xps_8950_firmware *
dell inspiron_5491_aio_firmware *
dell latitude_7400_2-in-1_firmware *
dell inspiron_3782_firmware *
dell latitude_7290_firmware *
dell latitude_5300_firmware *
dell optiplex_3280_aio_firmware *
dell precision_7920_tower_firmware *
dell inspiron_3670_firmware *
dell latitude_5285_2-in-1_firmware *
dell inspiron_3471_firmware *
dell optiplex_7071_firmware *
dell edge_gateway_3000_firmware *
dell inspiron_5482_firmware *
dell latitude_e5270_firmware *
dell latitude_3190_2-in-1_firmware *
dell precision_3541_firmware *
dell latitude_5414_rugged_firmware *
dell g3_3579_firmware *
dell latitude_5480_firmware *
dell inspiron_7586_firmware *
dell inspiron_3590_firmware *
dell precision_7720_firmware *
dell latitude_7275_2-in-1_firmware *
dell vostro_3582_firmware *
dell precision_3431_tower_firmware *
dell vostro_3267_firmware *
dell inspiron_5390_firmware *
dell vostro_5591_firmware *
dell optiplex_5050_firmware *
dell vostro_3481_firmware *
dell vostro_3490_firmware *
dell inspiron_5583_firmware *
dell alienware_m15_r4_firmware *
dell inspiron_3780_firmware *
dell latitude_5290_2-in-1_firmware *
dell vostro_3671_firmware *
dell xps_13_7390_2-in-1_firmware *
dell precision_3440_firmware *
dell precision_7510_firmware *
dell chengming_3980_firmware *
dell inspiron_3280_firmware *
dell precision_3640_tower_firmware *
dell xps_15_9575_2-in-1_firmware *
dell g3_15_5590_firmware *
dell latitude_7310_firmware *
dell vostro_5590_firmware *
dell precision_7710_firmware *
dell alienware_aurora_r9_firmware *
dell latitude_5580_firmware *
dell latitude_3120_firmware *
dell latitude_7410_firmware *
dell alienware_area_51m_r1_firmware *
dell inspiron_5598_firmware *
dell alienware_aurora_r10_firmware *
dell optiplex_3070_firmware *
dell latitude_3189_firmware *
dell inspiron_7791_firmware *
dell precision_7530_firmware *
dell vostro_3681_firmware *
dell latitude_7400_firmware *
dell inspiron_5491_2-in-1_firmware *
dell wyse_5470_firmware *
dell vostro_3581_firmware *
dell latitude_5495_firmware *
dell inspiron_5481_firmware *
dell optiplex_3080_firmware *
dell alienware_m17_r3_firmware *
dell latitude_5591_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell vostro_7590_firmware *
dell inspiron_3580_firmware *
dell latitude_3590_firmware *
dell optiplex_3040_firmware *
dell precision_7520_firmware *
dell inspiron_5680_firmware *
dell inspiron_5490_firmware *
dell latitude_3180_firmware *
dell inspiron_5584_firmware *
dell latitude_5420_rugged_firmware *
dell latitude_5500_firmware *
dell latitude_5488_firmware *
dell embedded_box_pc_3000_firmware *
dell vostro_3401_firmware *
dell latitude_5511_firmware *
dell inspiron_5391_firmware *
dell inspiron_3501_firmware *
dell inspiron_5580_firmware *
dell alienware_aurora_r13_firmware *
dell latitude_5590_firmware *
dell wyse_5070_firmware *
dell inspiron_5594_firmware *
dell optiplex_7050_firmware *
dell chengming_3990_firmware *
dell inspiron_7786_firmware *
dell xps_13_7390_firmware *
dell inspiron_7391_firmware *
dell wyse_7040_thin_client_firmware *
dell vostro_3668_firmware *
dell alienware_x17_r2_firmware *
dell vostro_3584_firmware *
dell inspiron_3881_firmware *
dell vostro_5090_firmware *
dell optiplex_7450_firmware *
dell alienware_aurora_r12_firmware *
dell xps_8940_firmware *
dell latitude_7220_rugged_extreme_tablet_firmware *
dell g3_15_3590_firmware *
dell alienware_m15_r3_firmware *
dell inspiron_5570_firmware *
dell vostro_3669_firmware *
dell precision_3550_firmware *
dell precision_5510_firmware *
dell inspiron_3481_firmware *
dell latitude_e5470_firmware *
dell inspiron_5498_firmware *
dell optiplex_5480_all-in-one_firmware *
dell inspiron_7570_firmware *
dell inspiron_5477_firmware *
dell optiplex_5055_firmware *
dell precision_3930_rack_firmware *
dell alienware_m15_r1_firmware *
dell xps_15_7590_firmware *
dell inspiron_3490_firmware *
dell latitude_3310_firmware *
dell latitude_3301_firmware *
dell g5_5000_firmware *
CVE-2022-32498

Dell EMC PowerStore, Versions prior to v3.0.0.0 contain a DLL Hijacking vulnerability in PSTCLI. A local attacker can potentially exploit this vulnerability to execute arbitrary code, escalate privileges, and bypass software allow list solutions, leading to system takeover or IP exposure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L 0.8 4.7
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell powerstore_command_line_interface *
CVE-2022-33918

Dell GeoDrive, Versions 2.1 - 2.2, contains an information disclosure vulnerability. An authenticated non-admin user could potentially exploit this vulnerability and gain access to sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
security_alert@emc.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
dell geodrive *
CVE-2022-33919

Dell GeoDrive, versions 2.1 - 2.2, contains an information disclosure vulnerability in GUI. An authenticated non-admin user could potentially exploit this vulnerability and view sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell geodrive *
CVE-2022-33920

Dell GeoDrive, versions prior to 2.2, contains an Unquoted File Path vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell geodrive *
CVE-2022-33921

Dell GeoDrive, versions prior to 2.2, contains Multiple DLL Hijacking Vulnerabilities. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

Products Affected

Vendor Product Version
dell geodrive *
CVE-2022-33922

Dell GeoDrive, versions prior to 2.2, contains Insecure File and Folder Permissions vulnerabilities. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context. Dell recommends customers to upgrade at the earliest opportunity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell geodrive *
CVE-2022-33923

Dell PowerStore, versions prior to 3.0.0.0, contains an OS Command Injection vulnerability in PowerStore T environment. A locally authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS command on the PowerStore underlying OS. Exploiting may lead to a system take over by an attacker.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell emc_powerstore_1200t_firmware *
dell emc_powerstore_3200t_firmware *
dell emc_powerstore_9200t_firmware *
dell emc_powerstore_500t_firmware *
dell emc_powerstore_5200t_firmware *
CVE-2022-33924

Dell Wyse Management Suite 3.6.1 and below contains an Improper Access control vulnerability with which an attacker with no access to create rules could potentially exploit this vulnerability and create rules.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

Products Affected

Vendor Product Version
dell wyse_management_suite *
CVE-2022-33925

Dell Wyse Management Suite 3.6.1 and below contains an Improper Access control vulnerability in UI. An remote authenticated attacker could potentially exploit this vulnerability by bypassing access controls in order to download reports containing sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
security_alert@emc.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
dell wyse_management_suite *
CVE-2022-33926

Dell Wyse Management Suite 3.6.1 and below contains an improper access control vulnerability. A remote malicious user could exploit this vulnerability in order to retain access to a file repository after it has been revoked.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
security_alert@emc.com 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N 2.8 4.2

Products Affected

Vendor Product Version
dell wyse_management_suite *
CVE-2022-33927

Dell Wyse Management Suite 3.6.1 and below contains a Session Fixation vulnerability. A unauthenticated attacker could exploit this by taking advantage of a user with multiple active sessions in order to hijack a user's session.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5
security_alert@emc.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N 2.8 2.5

Products Affected

Vendor Product Version
dell wyse_management_suite *
CVE-2022-33928

Dell Wyse Management Suite 3.6.1 and below contains an Plain-text Password Storage Vulnerability in UI. An attacker with low privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N 3.1 2.7
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
dell wyse_management_suite *
CVE-2022-33929

Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross-Site Scripting Vulnerability in EndUserSummary page. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7
security_alert@emc.com 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
dell wyse_management_suite *
CVE-2022-33930

Dell Wyse Management Suite 3.6.1 and below contains Information Disclosure in Devices error pages. An attacker could potentially exploit this vulnerability, leading to the disclosure of certain sensitive information. The attacker may be able to use the exposed information to access and further vulnerability research.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
security_alert@emc.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
dell wyse_management_suite *
CVE-2022-33931

Dell Wyse Management Suite 3.6.1 and below contains an Improper Access control vulnerability in UI. An attacker with no access to Alert Classification page could potentially exploit this vulnerability, leading to the change the alert categories.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N 1.8 4.0
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

Products Affected

Vendor Product Version
dell wyse_management_suite *
CVE-2022-33932

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an unprotected primary channel vulnerability. An unauthenticated network malicious attacker may potentially exploit this vulnerability, leading to a denial of filesystem services.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
security_alert@emc.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
dell emc_powerscale_onefs *
CVE-2022-33934

Dell PowerScale OneFS, versions 8.2.x through 9.4.x contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges may potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected fields.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.7 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H 1.1 6.0
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

Products Affected

Vendor Product Version
dell emc_powerscale_onefs *
CVE-2022-33935

Dell EMC Data Protection Advisor versions 19.6 and earlier, contains a Stored Cross Site Scripting, an attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
dell emc_data_protection_advisor *
CVE-2022-33936 HIGH

Cloud Mobility for Dell EMC Storage, 1.3.0.XXX contains a RCE vulnerability. A non-privileged user could potentially exploit this vulnerability, leading to achieving a root shell. This is a critical issue; so Dell recommends customers to upgrade at the earliest opportunity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security_alert@emc.com 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.1 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
dell cloud_mobility_for_dell_emc_storage 1.3.0
CVE-2022-33937

Dell GeoDrive, Versions 1.0 - 2.2, contain a Path Traversal Vulnerability in the reporting function. A local, low privileged attacker could potentially exploit this vulnerability, to gain unauthorized delete access to the files stored on the server filesystem, with the privileges of the GeoDrive service: NT AUTHORITY\SYSTEM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

Products Affected

Vendor Product Version
dell geodrive *
CVE-2022-34364

Dell BSAFE SSL-J, versions before 6.5 and version 7.0 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user. .

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6
security_alert@emc.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
dell bsafe_ssl-j *
dell bsafe_ssl-j 7.0
CVE-2022-34365

WMS 3.7 contains a Path Traversal Vulnerability in Device API. An attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
security_alert@emc.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
dell wyse_management_suite *
CVE-2022-34366

Dell SupportAssist for Home PCs (version 3.11.2 and prior) contain Overly Permissive Cross-domain Whitelist vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
security_alert@emc.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
dell supportassist_for_home_pcs *
CVE-2022-34367

Dell EMC Data Protection Central versions 19.1, 19.2, 19.3, 19.4, 19.5, 19.6, contain(s) a Cross-Site Request Forgery Vulnerability. A(n) remote unauthenticated attacker could potentially exploit this vulnerability, leading to processing of unintended server operations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9
security_alert@emc.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L 2.8 2.5

Products Affected

Vendor Product Version
dell emc_data_protection_central *
CVE-2022-34368

Dell EMC NetWorker 19.2.1.x 19.3.x, 19.4.x, 19.5.x, 19.6.x and 19.7.0.0 contain an Improper Handling of Insufficient Permissions or Privileges vulnerability. Authenticated non admin user could exploit this vulnerability and gain access to restricted resources.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
security_alert@emc.com 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L 0.6 5.5

Products Affected

Vendor Product Version
dell emc_networker *
dell emc_networker 19.7.0.0
CVE-2022-34369

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 , contain an insertion of sensitive information in log files vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to exposure of this sensitive data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
security_alert@emc.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
dell emc_powerscale_onefs *
CVE-2022-34371

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3, contain an unprotected transport of credentials vulnerability. A malicious unprivileged network attacker could potentially exploit this vulnerability, leading to full system compromise.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security_alert@emc.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
dell emc_powerscale_onefs *
CVE-2022-34372

Dell PowerProtect Cyber Recovery versions before 19.11.0.2 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially access and interact with the docker registry API leading to an authentication bypass. The attacker may potentially alter the docker images leading to a loss of integrity and confidentiality

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

Products Affected

Vendor Product Version
dell powerprotect_cyber_recovery *
CVE-2022-34373

Dell Command | Integration Suite for System Center, versions prior to 6.2.0, contains arbitrary file write vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability in order to perform an arbitrary write as system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

Products Affected

Vendor Product Version
dell command_|_integration_suite_for_system_center *
CVE-2022-34374

Dell Container Storage Modules 1.2 contains an OS command injection in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to to execute arbitrary OS commands on the affected system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
security_alert@emc.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
dell container_storage_modules *
CVE-2022-34375

Dell Container Storage Modules 1.2 contains a path traversal vulnerability in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to unintentional access to path outside of restricted directory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
security_alert@emc.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
dell container_storage_modules *
CVE-2022-34376

Dell PowerEdge BIOS and Dell Precision BIOS contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause a denial of service during SMM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 3.9 LOW CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L 0.8 2.7
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
dell r640_firmware *
dell r740_firmware *
dell r940_firmware *
dell xe7440_firmware *
dell nx3330_firmware *
dell xe2420_firmware *
dell c6525_firmware *
dell nx430_firmware *
dell c6520_firmware *
dell fc640_firmware *
dell r650xs_firmware *
dell dss8440_firmware *
dell r7415_firmware *
dell nx3230_firmware *
dell t630_firmware *
dell xr12_firmware *
dell r7525_firmware *
dell nx3340_firmware *
dell xe7420_firmware *
dell m830p_firmware *
dell r530_firmware *
dell r750xa_firmware *
dell t430_firmware *
dell t640_firmware *
dell r440_firmware *
dell c6320_firmware *
dell r6515_firmware *
dell mx750c_firmware *
dell r6525_firmware *
dell c4130_firmware *
dell xr11_firmware *
dell r350_firmware *
dell r6415_firmware *
dell r550_firmware *
dell r650_firmware *
dell c6420_firmware *
dell m640p_firmware *
dell mx840c_firmware *
dell t150_firmware *
dell t440_firmware *
dell m640_firmware *
dell m830_firmware *
dell r940xa_firmware *
dell r540_firmware *
dell c4140_firmware *
dell r7425_firmware *
dell t330_firmware *
dell m630_firmware *
dell r740xd2_firmware *
dell r630_firmware *
dell r830_firmware *
dell r450_firmware *
dell xr2_firmware *
dell nx3240_firmware *
dell xe8545_firmware *
dell r740xd_firmware *
dell nx440_firmware *
dell m630p_firmware *
dell fc630_firmware *
dell r730xd_firmware *
dell t550_firmware *
dell r750_firmware *
dell t140_firmware *
dell t340_firmware *
dell r430_firmware *
dell r340_firmware *
dell r250_firmware *
dell fc430_firmware *
dell r7515_firmware *
dell t350_firmware *
dell fc830_firmware *
dell r230_firmware *
dell r930_firmware *
dell r330_firmware *
dell t130_firmware *
dell r840_firmware *
dell mx740c_firmware *
dell r730_firmware *
dell r750xs_firmware *
dell r240_firmware *
CVE-2022-34377

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 1.9 LOW CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L 0.5 1.4
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell r640_firmware *
dell r740_firmware *
dell r940_firmware *
dell xe7440_firmware *
dell nx3330_firmware *
dell xe2420_firmware *
dell c6525_firmware *
dell nx430_firmware *
dell c6520_firmware *
dell fc640_firmware *
dell r650xs_firmware *
dell dss8440_firmware *
dell r7415_firmware *
dell nx3230_firmware *
dell t630_firmware *
dell xr12_firmware *
dell r7525_firmware *
dell nx3340_firmware *
dell xe7420_firmware *
dell m830p_firmware *
dell r530_firmware *
dell r750xa_firmware *
dell t430_firmware *
dell t640_firmware *
dell r440_firmware *
dell c6320_firmware *
dell r6515_firmware *
dell mx750c_firmware *
dell r6525_firmware *
dell c4130_firmware *
dell xr11_firmware *
dell r350_firmware *
dell r6415_firmware *
dell r550_firmware *
dell r650_firmware *
dell c6420_firmware *
dell m640p_firmware *
dell mx840c_firmware *
dell t150_firmware *
dell t440_firmware *
dell m640_firmware *
dell m830_firmware *
dell r940xa_firmware *
dell r540_firmware *
dell c4140_firmware *
dell r7425_firmware *
dell t330_firmware *
dell m630_firmware *
dell r740xd2_firmware *
dell r630_firmware *
dell r830_firmware *
dell r450_firmware *
dell xr2_firmware *
dell nx3240_firmware *
dell xe8545_firmware *
dell r740xd_firmware *
dell nx440_firmware *
dell m630p_firmware *
dell fc630_firmware *
dell r730xd_firmware *
dell t550_firmware *
dell r750_firmware *
dell t140_firmware *
dell t340_firmware *
dell r430_firmware *
dell r340_firmware *
dell r250_firmware *
dell fc430_firmware *
dell r7515_firmware *
dell t350_firmware *
dell fc830_firmware *
dell r230_firmware *
dell r930_firmware *
dell r330_firmware *
dell t130_firmware *
dell r840_firmware *
dell mx740c_firmware *
dell r730_firmware *
dell r750xs_firmware *
dell r240_firmware *
CVE-2022-34378

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3, contain a relative path traversal vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
security_alert@emc.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
dell emc_powerscale_onefs *
CVE-2022-34379

Dell EMC CloudLink 7.1.2 and all prior versions contain an Authentication Bypass Vulnerability. A remote attacker, with the knowledge of the active directory usernames, could potentially exploit this vulnerability to gain unauthorized access to the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 9.4 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H 3.9 5.5
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
dell cloudlink *
CVE-2022-34380

Dell CloudLink 7.1.3 and all earlier versions contain an Authentication Bypass Using an Alternate Path or Channel Vulnerability. A high privileged local attacker may potentially exploit this vulnerability leading to authentication bypass and access the CloudLink system console. This is critical severity vulnerability as it allows attacker to take control of the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 9.3 CRITICAL CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.5 6.0
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0

Products Affected

Vendor Product Version
dell cloudlink *
CVE-2022-34381

Dell BSAFE SSL-J version 7.0 and all versions prior to 6.5, and Dell BSAFE Crypto-J versions prior to 6.2.6.1 contain an unmaintained third-party component vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to the compromise of the impacted system. This is a Critical vulnerability and Dell recommends customers to upgrade at the earliest opportunity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security_alert@emc.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

Products Affected

Vendor Product Version
dell bsafe_ssl-j *
dell bsafe_ssl-j 7.0
dell bsafe_crypto-j *
CVE-2022-34382

Dell Command Update, Dell Update and Alienware Update versions prior to 4.6.0 contains a Local Privilege Escalation Vulnerability in the custom catalog configuration. A local malicious user may potentially exploit this vulnerability in order to elevate their privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell update *
dell command_update *
dell alienware_update *
CVE-2022-34383

Dell Edge Gateway 5200 (EGW) versions before 1.03.10 contain an operating system command injection vulnerability. A local malicious user may potentially exploit this vulnerability by using an SMI to bypass PMC mitigation and gain arbitrary code execution during SMM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0
security_alert@emc.com 8.1 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L 1.5 6.0

Products Affected

Vendor Product Version
dell edge_gateway_5200_firmware *
CVE-2022-34384

Dell SupportAssist Client Consumer (version 3.11.1 and prior), SupportAssist Client Commercial (version 3.2 and prior), Dell Command | Update, Dell Update, and Alienware Update versions before 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user may potentially exploit this vulnerability, leading to privilege escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell update *
dell command_update *
dell supportassist_for_home_pcs *
dell supportassist_for_business_pcs *
dell alienware_update *
CVE-2022-34385

SupportAssist for Home PCs (version 3.11.4 and prior) and  SupportAssist for Business PCs (version 3.2.0 and prior) contain cryptographic weakness vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
dell supportassist_for_home_pcs *
dell supportassist_for_business_pcs *
CVE-2022-34386

Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain cryptographic weakness vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
security_alert@emc.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
dell supportassist_for_home_pcs *
dell supportassist_for_business_pcs *
CVE-2022-34387

Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain a privilege escalation vulnerability. A local authenticated malicious user could potentially exploit this vulnerability to elevate privileges and gain total control of the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9

Products Affected

Vendor Product Version
dell supportassist_for_home_pcs *
dell supportassist_for_business_pcs *
CVE-2022-34388

Dell SupportAssist for Home PCs (version 3.11.4 and prior) and  SupportAssist for Business PCs (version 3.2.0 and prior) contain information disclosure vulnerability. A local malicious user with low privileges could exploit this vulnerability to view and modify sensitive information in the database of the affected application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 1.8 5.2
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 1.8 5.2

Products Affected

Vendor Product Version
dell supportassist_for_home_pcs *
dell supportassist_for_business_pcs *
CVE-2022-34389

Dell SupportAssist contains a rate limit bypass issues in screenmeet API third party component. An unauthenticated attacker could potentially exploit this vulnerability and impersonate a legitimate dell customer to a dell support technician.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
security_alert@emc.com 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 2.2 1.4

Products Affected

Vendor Product Version
dell supportassist_for_home_pcs *
dell supportassist_for_business_pcs *
CVE-2022-34390

Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0

Products Affected

Vendor Product Version
dell alienware_area-51_r5_firmware *
dell alienware_area-51_r4_firmware *
CVE-2022-34391

Dell Client BIOS Versions prior to the remediated version contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell alienware_area-51_r5_firmware *
dell alienware_area-51_r4_firmware *
CVE-2022-34392

SupportAssist for Home PCs (versions 3.11.4 and prior) contain an insufficient session expiration Vulnerability. An authenticated non-admin user can be able to obtain the refresh token and that leads to reuse the access token and fetch sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
dell supportassist_for_home_pcs *
CVE-2022-34393

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Products Affected

Vendor Product Version
dell inspiron_27_7775_firmware *
dell inspiron_7405_2-in-1_firmware *
dell inspiron_3515_firmware *
dell inspiron_3180_firmware *
dell vostro_3515_firmware *
dell inspiron_5515_firmware *
dell inspiron_7375_firmware *
dell inspiron_5505_firmware *
dell vostro_5415_firmware *
dell inspiron_5485_2-in-1_firmware *
dell inspiron_3585_firmware *
dell inspiron_5405_firmware *
dell inspiron_3195_2-in-1_firmware *
dell inspiron_5485_firmware *
dell inspiron_3475_firmware *
dell inspiron_3275_firmware *
dell inspiron_3785_firmware *
dell inspiron_3595_firmware *
dell inspiron_7415_firmware *
dell vostro_5515_firmware *
dell inspiron_3505_firmware *
dell inspiron_5415_firmware *
dell inspiron_5585_firmware *
dell g5_se_5505_firmware *
dell inspiron_3185_firmware *
dell vostro_3405_firmware *
CVE-2022-34394

Dell OS10, version 10.5.3.4, contains an Improper Certificate Validation vulnerability in Support Assist. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to limited switch configuration data. The vulnerability could be leveraged by attackers to conduct man-in-the-middle attacks to gain access to the Support Assist information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 2.2 1.4
security_alert@emc.com 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 2.2 1.4

Products Affected

Vendor Product Version
dell smartfabric_os10 10.5.3.4
CVE-2022-34396

Dell OpenManage Server Administrator (OMSA) version 10.3.0.0 and earlier contains a DLL Injection Vulnerability. A local low privileged authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges. Exploitation may lead to a complete system compromise.

Products Affected

Vendor Product Version
dell openmanage_server_administrator *
CVE-2022-34397

Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 and below contains an authorization bypass vulnerability, allowing users to perform actions in which they are not authorized.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.1 3.6
security_alert@emc.com 6.9 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N 1.7 4.7

Products Affected

Vendor Product Version
dell solutions_enabler_virtual_appliance *
dell unisphere_for_powermax_virtual_appliance *
dell evasa_provider_virtual_appliance *
CVE-2022-34398

Dell BIOS contains a Time-of-check Time-of-use vulnerability. A local authenticated malicious user could\u00a0potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI to gain arbitrary code execution on the system.

Products Affected

Vendor Product Version
dell optiplex_3090_firmware *
dell precision_7540_firmware *
dell latitude_5289_firmware *
dell chengming_3988_firmware *
dell optiplex_7480_all-in-one_firmware *
dell latitude_7370_firmware *
dell latitude_5280_firmware *
dell latitude_7214_rugged_extreme_firmware *
dell optiplex_7770_all-in-one_firmware *
dell latitude_e7470_firmware *
dell dell_g7_17_7790_firmware *
dell inspiron_3502_firmware *
dell latitude_7414_rugged_extreme_firmware *
dell inspiron_7590_firmware *
dell dell_latitude_3480_firmware *
dell embedded_box_pc_3000_firmware 1.16.0
dell latitude_7390_2-in-1_firmware *
dell inspiron_5400_firmware *
dell latitude_7490_firmware *
dell latitude_7210_2-in-1_firmware *
dell inspiron_7777_firmware *
dell precision_3520_firmware *
dell latitude_3310_2-in-1_firmware *
dell inspiron_7700_all-in-one_firmware *
dell latitude_7480_firmware *
dell alienware_x14_firmware *
dell latitude_3490_firmware *
dell optiplex_5250_firmware *
dell precision_3630_tower_firmware *
dell alienware_m17_r1_firmware *
dell precision_7820_tower_firmware *
dell inspiron_7591_firmware *
dell inspiron_3510_firmware *
dell precision_5720_all-in-one_firmware *
dell latitude_5410_firmware *
dell latitude_9510_firmware *
dell optiplex_5060_firmware *
dell optiplex_7470_all-in-one_firmware *
dell optiplex_3050_all-in-one_firmware *
dell precision_3430_tower_firmware *
dell alienware_m15_r2_firmware *
dell alienware_x15_r1_firmware *
dell xps_8930_firmware *
dell optiplex_5260_all-in-one_firmware *
dell edge_gateway_5000_firmware *
dell latitude_9410_firmware *
dell precision_3240_compact_firmware *
dell precision_5530_firmware *
dell vostro_3070_firmware *
dell optiplex_3050_firmware *
dell latitude_5411_firmware *
dell precision_3510_firmware *
dell latitude_5491_firmware *
dell inspiron_3781_firmware *
dell precision_5820_tower_firmware *
dell optiplex_3060_firmware *
dell inspiron_3581_firmware *
dell optiplex_xe3_firmware *
dell latitude_7389_firmware *
dell vostro_3580_firmware *
dell precision_5540_firmware *
dell embedded_box_pc_5000_firmware *
dell precision_7730_firmware *
dell latitude_5490_firmware *
dell inspiron_3880_firmware *
dell inspiron_3482_firmware *
dell vostro_3881_firmware *
dell latitude_7380_firmware *
dell optiplex_5080_firmware *
dell alienware_m17_r2_firmware *
dell alienware_aurora_r11_firmware *
dell aurora_r14_firmware *
dell precision_3551_firmware *
dell latitude_7200_2-in-1_firmware *
dell dell_g3_3779_firmware *
dell alienware_x15_r2_firmware *
dell alienware_m17_r4_firmware *
dell precision_3620_tower_firmware *
dell optiplex_7070_firmware *
dell latitude_5288_firmware *
dell latitude_3300_firmware *
dell precision_7740_firmware *
dell vostro_3667_firmware *
dell optiplex_5070_firmware *
dell vostro_3470_firmware *
dell dell_g5_5090_firmware *
dell inspiron_3480_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_7212_rugged_extreme_tablet_firmware *
dell dell_g7_15_7590_firmware *
dell latitude_5501_firmware *
dell wyse_5470_all-in-one_firmware *
dell precision_5530_2-in-1_firmware *
dell latitude_7300_firmware *
dell xps_13_9380_firmware *
dell precision_3420_tower_firmware *
dell latitude_7390_firmware *
dell vostro_3670_firmware *
dell inspiron_3671_firmware *
dell optiplex_7070_ultra_firmware *
dell optiplex_7080_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell inspiron_5770_firmware *
dell alienware_aurora_r8_firmware *
dell inspiron_7790_firmware *
dell inspiron_5480_firmware *
dell dell_g5_15_5590_firmware *
dell precision_7750_firmware *
dell alienware_area_51m_r2_firmware *
dell latitude_3190_firmware *
dell latitude_5290_firmware *
dell chengming_3991_firmware *
dell alienware_x17_r1_firmware *
dell latitude_5424_rugged_firmware *
dell latitude_5300_2-in-1_firmware *
dell vostro_5880_firmware *
dell latitude_e7270_firmware *
dell inspiron_3470_firmware *
dell inspiron_3582_firmware *
dell latitude_5400_firmware *
dell latitude_5310_firmware *
dell optiplex_7060_firmware *
dell latitude_7220ex_rugged_extreme_tablet_firmware *
dell vostro_3268_firmware *
dell vostro_3583_firmware *
dell latitude_5510_firmware *
dell precision_7550_firmware *
dell precision_3540_firmware *
dell vostro_3471_firmware *
dell vostro_3480_firmware *
dell dell_g3_3579_firmware *
dell xps_8950_firmware *
dell optiplex_5270_all-in-one_firmware *
dell wyse_7040_thin_firmware *
dell latitude_7400_2-in-1_firmware *
dell inspiron_3782_firmware *
dell latitude_7280_firmware *
dell latitude_7290_firmware *
dell latitude_5300_firmware *
dell precision_7920_tower_firmware *
dell inspiron_3670_firmware *
dell latitude_5285_2-in-1_firmware *
dell inspiron_3471_firmware *
dell inspiron_3583_firmware *
dell optiplex_7071_firmware *
dell edge_gateway_3000_firmware *
dell latitude_3190_2-in-1_firmware *
dell precision_3541_firmware *
dell inspiron_5481_2-in-1_firmware *
dell latitude_5414_rugged_firmware *
dell latitude_5480_firmware *
dell optiplex_7780_all-in-one_firmware *
dell precision_7720_firmware *
dell latitude_7275_2-in-1_firmware *
dell vostro_3582_firmware *
dell precision_3431_tower_firmware *
dell vostro_3267_firmware *
dell optiplex_5050_firmware *
dell vostro_3481_firmware *
dell alienware_m15_r4_firmware *
dell inspiron_3780_firmware *
dell latitude_5290_2-in-1_firmware *
dell vostro_3671_firmware *
dell precision_3440_firmware *
dell inspiron_3521_firmware *
dell precision_7510_firmware *
dell chengming_3980_firmware *
dell inspiron_3280_firmware *
dell precision_3640_tower_firmware *
dell xps_15_9575_2-in-1_firmware *
dell latitude_7310_firmware *
dell precision_7710_firmware *
dell alienware_aurora_r9_firmware *
dell latitude_5580_firmware *
dell latitude_3120_firmware *
dell dell_g5_5000_firmware *
dell latitude_7410_firmware *
dell alienware_area_51m_r1_firmware *
dell latitude_13_3380_firmware *
dell alienware_aurora_r10_firmware *
dell optiplex_3070_firmware *
dell latitude_3189_firmware *
dell latitude_7285_2-in-1_firmware *
dell precision_7530_firmware *
dell vostro_3681_firmware *
dell precision_5520_firmware *
dell latitude_7400_firmware *
dell wyse_5470_firmware *
dell dell_g3_15_3590_firmware *
dell inspiron_5401_all-in-one_firmware *
dell vostro_3581_firmware *
dell optiplex_3080_firmware *
dell optiplex_5060_firmware 1.23.0
dell alienware_m17_r3_firmware *
dell latitude_5591_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell vostro_7590_firmware *
dell inspiron_3580_firmware *
dell latitude_3590_firmware *
dell precision_7520_firmware *
dell inspiron_5680_firmware *
dell latitude_3180_firmware *
dell latitude_3390_2-in-1_firmware *
dell latitude_5420_rugged_firmware *
dell latitude_5500_firmware *
dell latitude_5488_firmware *
dell embedded_box_pc_3000_firmware *
dell latitude_5511_firmware *
dell precision_3530_firmware *
dell alienware_aurora_r13_firmware *
dell latitude_5590_firmware *
dell wyse_5070_firmware *
dell optiplex_7050_firmware *
dell chengming_3990_firmware *
dell vostro_3668_firmware *
dell alienware_x17_r2_firmware *
dell vostro_3584_firmware *
dell inspiron_3881_firmware *
dell vostro_5090_firmware *
dell optiplex_7450_firmware *
dell optiplex_7460_all-in-one_firmware *
dell alienware_aurora_r12_firmware *
dell inspiron_3584_firmware *
dell xps_8940_firmware *
dell latitude_7220_rugged_extreme_tablet_firmware *
dell alienware_m15_r3_firmware *
dell inspiron_5490_all-in-one_firmware *
dell inspiron_5570_firmware *
dell vostro_3669_firmware *
dell precision_3550_firmware *
dell inspiron_3481_firmware *
dell optiplex_3280_all-in-one_firmware *
dell optiplex_5480_all-in-one_firmware *
dell inspiron_5477_firmware *
dell precision_3930_rack_firmware *
dell alienware_m15_r1_firmware *
dell xps_15_7590_firmware *
dell optiplex_7760_all-in-one_firmware *
dell latitude_3310_firmware *
dell dell_latitude_3580_firmware *
CVE-2022-34399

Dell Alienware m17 R5 BIOS version prior to 1.2.2 contain a buffer access vulnerability. A malicious user with admin privileges could potentially exploit this vulnerability by sending input larger than expected in order to leak certain sections of SMRAM.

Products Affected

Vendor Product Version
dell inspiron_3515_firmware *
dell alienware_m17_ryzen_edition_r5_firmware *
dell vostro_3525_firmware *
dell inspiron_3585_firmware *
dell vostro_3515_firmware *
dell inspiron_3525_firmware *
dell alienware_m15_a6_firmware *
dell alienware_m15_ryzen_edition_r5_firmware *
dell g15_5525_firmware *
dell inspiron_3785_firmware *
dell inspiron_3595_firmware *
dell inspiron_3505_firmware *
dell vostro_3425_firmware *
dell vostro_3405_firmware *
dell g15_5515_firmware *
CVE-2022-34400

Dell BIOS contains a heap buffer overflow vulnerability. A local attacker with admin privileges could potentially exploit this vulnerability to perform an arbitrary write to SMRAM during SMM.

Products Affected

Vendor Product Version
dell inspiron_5310_firmware *
dell inspiron_7405_2-in-1_firmware *
dell inspiron_5510_firmware *
dell inspiron_3515_firmware *
dell vostro_5510_firmware *
dell optiplex_5490_all-in-one_firmware *
dell inspiron_14_5410_2-in-1_firmware *
dell vostro_7510_firmware *
dell inspiron_5410_firmware *
dell optiplex_7090_tower_firmware *
dell inspiron_5515_firmware *
dell vostro_3510_firmware *
dell latitude_5520_firmware *
dell inspiron_7425_firmware *
dell precision_3561_firmware *
dell vostro_5310_firmware *
dell latitude_5521_firmware *
dell vostro_3690_firmware *
dell vostro_3425_firmware *
dell inspiron_15_3511_firmware *
dell latitude_5420_firmware *
dell inspiron_5505_firmware *
dell vostro_5415_firmware *
dell latitude_7420_firmware *
dell latitude_rugged_7330_firmware *
dell xps_17_9710_firmware *
dell inspiron_3585_firmware *
dell inspiron_5405_firmware *
dell inspiron_5425_firmware *
dell latitude_3520_firmware *
dell latitude_7520_firmware *
dell inspiron_3525_firmware *
dell inspiron_3891_firmware *
dell vostro_5625_firmware *
dell inspiron_3475_firmware *
dell latitude_9420_firmware *
dell alienware_m15_ryzen_edition_r5_firmware *
dell precision_3450_firmware *
dell xps_15_9510_firmware *
dell inspiron_3785_firmware *
dell inspiron_3595_firmware *
dell inspiron_7415_firmware *
dell vostro_5515_firmware *
dell inspiron_3505_firmware *
dell inspiron_5585_firmware *
dell alienware_m17_r5_amd_firmware *
dell g5_se_5505_firmware *
dell vostro_3405_firmware *
dell latitude_7320_firmware *
dell vostro_3890_firmware *
dell precision_7560_firmware *
dell precision_5560_firmware *
dell precision_7760_firmware *
dell vostro_3525_firmware *
dell g15_5510_firmware *
dell vostro_3515_firmware *
dell precision_3650_tower_firmware *
dell latitude_9520_firmware *
dell optiplex_5090_firmware *
dell latitude_rugged_5430_firmware *
dell inspiron_7610_firmware *
dell latitude_3320_firmware *
dell g15_5515_firmware *
dell optiplex_7090_ultra_firmware *
dell optiplex_7090_aio_firmware *
dell inspiron_5485_2-in-1_firmware *
dell latitude_3420_firmware *
dell latitude_5320_firmware *
dell alienware_m15_r6_firmware *
dell vostro_5410_firmware *
dell inspiron_3195_2-in-1_firmware *
dell inspiron_5485_firmware *
dell inspiron_3275_firmware *
dell precision_5760_firmware *
dell g15_5525_firmware *
dell precision_3560_firmware *
dell latitude_5421_firmware *
dell inspiron_5415_firmware *
dell inspiron_7510_firmware *
dell latitude_7320_detachable_firmware *
dell vostro_5890_firmware *
dell g15_5511_firmware *
dell alienware_m15_r7_firmware *
CVE-2022-34401

Dell BIOS contains a stack based buffer overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter in order to gain arbitrary code execution in SMRAM.

Products Affected

Vendor Product Version
dell alienware_m17_r5_firmware *
dell alienware_m15_a6_firmware *
dell alienware_m17_ryzen_r5_firmware *
dell g15_5525_firmware *
CVE-2022-34402

Dell Wyse ThinOS 2205 contains a Regular Expression Denial of Service Vulnerability in UI. An admin privilege attacker could potentially exploit this vulnerability, leading to denial-of-service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6
security_alert@emc.com 6.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H 2.3 4.0

Products Affected

Vendor Product Version
dell wyse_thinos *
CVE-2022-34403

Dell BIOS contains a Stack based buffer overflow vulnerability. A local authenticated attacker could potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter to gain arbitrary code execution in SMRAM.

Products Affected

Vendor Product Version
dell inspiron_5310_firmware *
dell inspiron_7405_2-in-1_firmware *
dell inspiron_5510_firmware *
dell inspiron_3515_firmware *
dell vostro_5510_firmware *
dell optiplex_5490_all-in-one_firmware *
dell inspiron_14_5410_2-in-1_firmware *
dell vostro_7510_firmware *
dell inspiron_5410_firmware *
dell optiplex_7090_tower_firmware *
dell inspiron_5515_firmware *
dell vostro_3510_firmware *
dell latitude_5520_firmware *
dell inspiron_7425_firmware *
dell precision_3561_firmware *
dell vostro_5310_firmware *
dell latitude_5521_firmware *
dell vostro_3690_firmware *
dell vostro_3425_firmware *
dell inspiron_15_3511_firmware *
dell latitude_5420_firmware *
dell inspiron_5505_firmware *
dell vostro_5415_firmware *
dell latitude_7420_firmware *
dell latitude_rugged_7330_firmware *
dell xps_17_9710_firmware *
dell inspiron_3585_firmware *
dell inspiron_5405_firmware *
dell inspiron_5425_firmware *
dell latitude_3520_firmware *
dell latitude_7520_firmware *
dell inspiron_3525_firmware *
dell inspiron_3891_firmware *
dell vostro_5625_firmware *
dell inspiron_3475_firmware *
dell latitude_9420_firmware *
dell alienware_m15_ryzen_edition_r5_firmware *
dell precision_3450_firmware *
dell xps_15_9510_firmware *
dell inspiron_3785_firmware *
dell inspiron_3595_firmware *
dell inspiron_7415_firmware *
dell vostro_5515_firmware *
dell inspiron_3505_firmware *
dell inspiron_5585_firmware *
dell alienware_m17_r5_amd_firmware *
dell g5_se_5505_firmware *
dell vostro_3405_firmware *
dell latitude_7320_firmware *
dell vostro_3890_firmware *
dell precision_7560_firmware *
dell precision_5560_firmware *
dell precision_7760_firmware *
dell vostro_3525_firmware *
dell g15_5510_firmware *
dell vostro_3515_firmware *
dell precision_3650_tower_firmware *
dell latitude_9520_firmware *
dell optiplex_5090_firmware *
dell latitude_rugged_5430_firmware *
dell inspiron_7610_firmware *
dell latitude_3320_firmware *
dell g15_5515_firmware *
dell optiplex_7090_ultra_firmware *
dell optiplex_7090_aio_firmware *
dell inspiron_5485_2-in-1_firmware *
dell latitude_3420_firmware *
dell latitude_5320_firmware *
dell alienware_m15_r6_firmware *
dell vostro_5410_firmware *
dell inspiron_3195_2-in-1_firmware *
dell inspiron_5485_firmware *
dell inspiron_3275_firmware *
dell precision_5760_firmware *
dell g15_5525_firmware *
dell precision_3560_firmware *
dell latitude_5421_firmware *
dell inspiron_5415_firmware *
dell inspiron_7510_firmware *
dell latitude_7320_detachable_firmware *
dell vostro_5890_firmware *
dell g15_5511_firmware *
dell alienware_m15_r7_firmware *
CVE-2022-34404

Dell System Update, version 2.0.0 and earlier, contains an Improper Certificate Validation in data parser module. A local attacker with high privileges could potentially exploit this vulnerability, leading to credential theft and/or denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H 0.8 5.2
security_alert@emc.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

Products Affected

Vendor Product Version
dell system_update *
CVE-2022-34405

An improper access control vulnerability was identified in the Realtek audio driver. A local authenticated malicious user may potentially exploit this vulnerability by waiting for an administrator to launch the application and attach to the process to elevate privileges on the system.

Products Affected

Vendor Product Version
dell realtek_high_definition_audio_driver *
CVE-2022-34406

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0

Products Affected

Vendor Product Version
dell r640_firmware *
dell r740_firmware *
dell r940_firmware *
dell xe7440_firmware *
dell nx3330_firmware *
dell xe2420_firmware *
dell c6525_firmware *
dell nx430_firmware *
dell c6520_firmware *
dell fc640_firmware *
dell r650xs_firmware *
dell dss8440_firmware *
dell r7415_firmware *
dell nx3230_firmware *
dell t630_firmware *
dell xr12_firmware *
dell r7525_firmware *
dell nx3340_firmware *
dell xe7420_firmware *
dell m830p_firmware *
dell r530_firmware *
dell r750xa_firmware *
dell t430_firmware *
dell t640_firmware *
dell r440_firmware *
dell c6320_firmware *
dell r6515_firmware *
dell mx750c_firmware *
dell r6525_firmware *
dell c4130_firmware *
dell xr11_firmware *
dell r350_firmware *
dell r6415_firmware *
dell r550_firmware *
dell r650_firmware *
dell c6420_firmware *
dell m640p_firmware *
dell mx840c_firmware *
dell t150_firmware *
dell t440_firmware *
dell m640_firmware *
dell m830_firmware *
dell r940xa_firmware *
dell r540_firmware *
dell c4140_firmware *
dell r7425_firmware *
dell t330_firmware *
dell m630_firmware *
dell r740xd2_firmware *
dell r630_firmware *
dell r830_firmware *
dell r450_firmware *
dell xr2_firmware *
dell nx3240_firmware *
dell xe8545_firmware *
dell r740xd_firmware *
dell nx440_firmware *
dell m630p_firmware *
dell fc630_firmware *
dell r730xd_firmware *
dell t550_firmware *
dell r750_firmware *
dell t140_firmware *
dell t340_firmware *
dell r430_firmware *
dell r340_firmware *
dell r250_firmware *
dell fc430_firmware *
dell r7515_firmware *
dell t350_firmware *
dell fc830_firmware *
dell r230_firmware *
dell r930_firmware *
dell r330_firmware *
dell t130_firmware *
dell r840_firmware *
dell mx740c_firmware *
dell r730_firmware *
dell r750xs_firmware *
dell r240_firmware *
CVE-2022-34407

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell r640_firmware *
dell r740_firmware *
dell r940_firmware *
dell xe7440_firmware *
dell nx3330_firmware *
dell xe2420_firmware *
dell c6525_firmware *
dell nx430_firmware *
dell c6520_firmware *
dell fc640_firmware *
dell r650xs_firmware *
dell dss8440_firmware *
dell r7415_firmware *
dell nx3230_firmware *
dell t630_firmware *
dell xr12_firmware *
dell r7525_firmware *
dell nx3340_firmware *
dell xe7420_firmware *
dell m830p_firmware *
dell r530_firmware *
dell r750xa_firmware *
dell t430_firmware *
dell t640_firmware *
dell r440_firmware *
dell c6320_firmware *
dell r6515_firmware *
dell mx750c_firmware *
dell r6525_firmware *
dell c4130_firmware *
dell xr11_firmware *
dell r350_firmware *
dell r6415_firmware *
dell r550_firmware *
dell r650_firmware *
dell c6420_firmware *
dell m640p_firmware *
dell mx840c_firmware *
dell t150_firmware *
dell t440_firmware *
dell m640_firmware *
dell m830_firmware *
dell r940xa_firmware *
dell r540_firmware *
dell c4140_firmware *
dell r7425_firmware *
dell t330_firmware *
dell m630_firmware *
dell r740xd2_firmware *
dell r630_firmware *
dell r830_firmware *
dell r450_firmware *
dell xr2_firmware *
dell nx3240_firmware *
dell xe8545_firmware *
dell r740xd_firmware *
dell nx440_firmware *
dell m630p_firmware *
dell fc630_firmware *
dell r730xd_firmware *
dell t550_firmware *
dell r750_firmware *
dell t140_firmware *
dell t340_firmware *
dell r430_firmware *
dell r340_firmware *
dell r250_firmware *
dell fc430_firmware *
dell r7515_firmware *
dell t350_firmware *
dell fc830_firmware *
dell r230_firmware *
dell r930_firmware *
dell r330_firmware *
dell t130_firmware *
dell r840_firmware *
dell mx740c_firmware *
dell r730_firmware *
dell r750xs_firmware *
dell r240_firmware *
CVE-2022-34408

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0

Products Affected

Vendor Product Version
dell r640_firmware *
dell r740_firmware *
dell r940_firmware *
dell xe7440_firmware *
dell nx3330_firmware *
dell xe2420_firmware *
dell c6525_firmware *
dell nx430_firmware *
dell c6520_firmware *
dell fc640_firmware *
dell r650xs_firmware *
dell dss8440_firmware *
dell r7415_firmware *
dell nx3230_firmware *
dell t630_firmware *
dell xr12_firmware *
dell r7525_firmware *
dell nx3340_firmware *
dell xe7420_firmware *
dell m830p_firmware *
dell r530_firmware *
dell r750xa_firmware *
dell t430_firmware *
dell t640_firmware *
dell r440_firmware *
dell c6320_firmware *
dell r6515_firmware *
dell mx750c_firmware *
dell r6525_firmware *
dell c4130_firmware *
dell xr11_firmware *
dell r350_firmware *
dell r6415_firmware *
dell r550_firmware *
dell r650_firmware *
dell c6420_firmware *
dell m640p_firmware *
dell mx840c_firmware *
dell t150_firmware *
dell t440_firmware *
dell m640_firmware *
dell m830_firmware *
dell r940xa_firmware *
dell r540_firmware *
dell c4140_firmware *
dell r7425_firmware *
dell t330_firmware *
dell m630_firmware *
dell r740xd2_firmware *
dell r630_firmware *
dell r830_firmware *
dell r450_firmware *
dell xr2_firmware *
dell nx3240_firmware *
dell xe8545_firmware *
dell r740xd_firmware *
dell nx440_firmware *
dell m630p_firmware *
dell fc630_firmware *
dell r730xd_firmware *
dell t550_firmware *
dell r750_firmware *
dell t140_firmware *
dell t340_firmware *
dell r430_firmware *
dell r340_firmware *
dell r250_firmware *
dell fc430_firmware *
dell r7515_firmware *
dell t350_firmware *
dell fc830_firmware *
dell r230_firmware *
dell r930_firmware *
dell r330_firmware *
dell t130_firmware *
dell r840_firmware *
dell mx740c_firmware *
dell r730_firmware *
dell r750xs_firmware *
dell r240_firmware *
CVE-2022-34409

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell r640_firmware *
dell r740_firmware *
dell r940_firmware *
dell xe7440_firmware *
dell nx3330_firmware *
dell xe2420_firmware *
dell c6525_firmware *
dell nx430_firmware *
dell c6520_firmware *
dell fc640_firmware *
dell r650xs_firmware *
dell dss8440_firmware *
dell r7415_firmware *
dell nx3230_firmware *
dell t630_firmware *
dell xr12_firmware *
dell r7525_firmware *
dell nx3340_firmware *
dell xe7420_firmware *
dell m830p_firmware *
dell r530_firmware *
dell r750xa_firmware *
dell t430_firmware *
dell t640_firmware *
dell r440_firmware *
dell c6320_firmware *
dell r6515_firmware *
dell mx750c_firmware *
dell r6525_firmware *
dell c4130_firmware *
dell xr11_firmware *
dell r350_firmware *
dell r6415_firmware *
dell r550_firmware *
dell r650_firmware *
dell c6420_firmware *
dell m640p_firmware *
dell mx840c_firmware *
dell t150_firmware *
dell t440_firmware *
dell m640_firmware *
dell m830_firmware *
dell r940xa_firmware *
dell r540_firmware *
dell c4140_firmware *
dell r7425_firmware *
dell t330_firmware *
dell m630_firmware *
dell r740xd2_firmware *
dell r630_firmware *
dell r830_firmware *
dell r450_firmware *
dell xr2_firmware *
dell nx3240_firmware *
dell xe8545_firmware *
dell r740xd_firmware *
dell nx440_firmware *
dell m630p_firmware *
dell fc630_firmware *
dell r730xd_firmware *
dell t550_firmware *
dell r750_firmware *
dell t140_firmware *
dell t340_firmware *
dell r430_firmware *
dell r340_firmware *
dell r250_firmware *
dell fc430_firmware *
dell r7515_firmware *
dell t350_firmware *
dell fc830_firmware *
dell r230_firmware *
dell r930_firmware *
dell r330_firmware *
dell t130_firmware *
dell r840_firmware *
dell mx740c_firmware *
dell r730_firmware *
dell r750xs_firmware *
dell r240_firmware *
CVE-2022-34410

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell r640_firmware *
dell r740_firmware *
dell r940_firmware *
dell xe7440_firmware *
dell nx3330_firmware *
dell xe2420_firmware *
dell c6525_firmware *
dell nx430_firmware *
dell c6520_firmware *
dell fc640_firmware *
dell r650xs_firmware *
dell dss8440_firmware *
dell r7415_firmware *
dell nx3230_firmware *
dell t630_firmware *
dell xr12_firmware *
dell r7525_firmware *
dell nx3340_firmware *
dell xe7420_firmware *
dell m830p_firmware *
dell r530_firmware *
dell r750xa_firmware *
dell t430_firmware *
dell t640_firmware *
dell r440_firmware *
dell c6320_firmware *
dell r6515_firmware *
dell mx750c_firmware *
dell r6525_firmware *
dell c4130_firmware *
dell xr11_firmware *
dell r350_firmware *
dell r6415_firmware *
dell r550_firmware *
dell r650_firmware *
dell c6420_firmware *
dell m640p_firmware *
dell mx840c_firmware *
dell t150_firmware *
dell t440_firmware *
dell m640_firmware *
dell m830_firmware *
dell r940xa_firmware *
dell r540_firmware *
dell c4140_firmware *
dell r7425_firmware *
dell t330_firmware *
dell m630_firmware *
dell r740xd2_firmware *
dell r630_firmware *
dell r830_firmware *
dell r450_firmware *
dell xr2_firmware *
dell nx3240_firmware *
dell xe8545_firmware *
dell r740xd_firmware *
dell nx440_firmware *
dell m630p_firmware *
dell fc630_firmware *
dell r730xd_firmware *
dell t550_firmware *
dell r750_firmware *
dell t140_firmware *
dell t340_firmware *
dell r430_firmware *
dell r340_firmware *
dell r250_firmware *
dell fc430_firmware *
dell r7515_firmware *
dell t350_firmware *
dell fc830_firmware *
dell r230_firmware *
dell r930_firmware *
dell r330_firmware *
dell t130_firmware *
dell r840_firmware *
dell mx740c_firmware *
dell r730_firmware *
dell r750xs_firmware *
dell r240_firmware *
CVE-2022-34411

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0

Products Affected

Vendor Product Version
dell r640_firmware *
dell r740_firmware *
dell r940_firmware *
dell xe7440_firmware *
dell nx3330_firmware *
dell xe2420_firmware *
dell c6525_firmware *
dell nx430_firmware *
dell c6520_firmware *
dell fc640_firmware *
dell r650xs_firmware *
dell dss8440_firmware *
dell r7415_firmware *
dell nx3230_firmware *
dell t630_firmware *
dell xr12_firmware *
dell r7525_firmware *
dell nx3340_firmware *
dell xe7420_firmware *
dell m830p_firmware *
dell r530_firmware *
dell r750xa_firmware *
dell t430_firmware *
dell t640_firmware *
dell r440_firmware *
dell c6320_firmware *
dell r6515_firmware *
dell mx750c_firmware *
dell r6525_firmware *
dell c4130_firmware *
dell xr11_firmware *
dell r350_firmware *
dell r6415_firmware *
dell r550_firmware *
dell r650_firmware *
dell c6420_firmware *
dell m640p_firmware *
dell mx840c_firmware *
dell t150_firmware *
dell t440_firmware *
dell m640_firmware *
dell m830_firmware *
dell r940xa_firmware *
dell r540_firmware *
dell c4140_firmware *
dell r7425_firmware *
dell t330_firmware *
dell m630_firmware *
dell r740xd2_firmware *
dell r630_firmware *
dell r830_firmware *
dell r450_firmware *
dell xr2_firmware *
dell nx3240_firmware *
dell xe8545_firmware *
dell r740xd_firmware *
dell nx440_firmware *
dell m630p_firmware *
dell fc630_firmware *
dell r730xd_firmware *
dell t550_firmware *
dell r750_firmware *
dell t140_firmware *
dell t340_firmware *
dell r430_firmware *
dell r340_firmware *
dell r250_firmware *
dell fc430_firmware *
dell r7515_firmware *
dell t350_firmware *
dell fc830_firmware *
dell r230_firmware *
dell r930_firmware *
dell r330_firmware *
dell t130_firmware *
dell r840_firmware *
dell mx740c_firmware *
dell r730_firmware *
dell r750xs_firmware *
dell r240_firmware *
CVE-2022-34412

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell r640_firmware *
dell r740_firmware *
dell r940_firmware *
dell xe7440_firmware *
dell nx3330_firmware *
dell xe2420_firmware *
dell c6525_firmware *
dell nx430_firmware *
dell c6520_firmware *
dell fc640_firmware *
dell r650xs_firmware *
dell dss8440_firmware *
dell r7415_firmware *
dell nx3230_firmware *
dell t630_firmware *
dell xr12_firmware *
dell r7525_firmware *
dell nx3340_firmware *
dell xe7420_firmware *
dell m830p_firmware *
dell r530_firmware *
dell r750xa_firmware *
dell t430_firmware *
dell t640_firmware *
dell r440_firmware *
dell c6320_firmware *
dell r6515_firmware *
dell mx750c_firmware *
dell r6525_firmware *
dell c4130_firmware *
dell xr11_firmware *
dell r350_firmware *
dell r6415_firmware *
dell r550_firmware *
dell r650_firmware *
dell c6420_firmware *
dell m640p_firmware *
dell mx840c_firmware *
dell t150_firmware *
dell t440_firmware *
dell m640_firmware *
dell m830_firmware *
dell r940xa_firmware *
dell r540_firmware *
dell c4140_firmware *
dell r7425_firmware *
dell t330_firmware *
dell m630_firmware *
dell r740xd2_firmware *
dell r630_firmware *
dell r830_firmware *
dell r450_firmware *
dell xr2_firmware *
dell nx3240_firmware *
dell xe8545_firmware *
dell r740xd_firmware *
dell nx440_firmware *
dell m630p_firmware *
dell fc630_firmware *
dell r730xd_firmware *
dell t550_firmware *
dell r750_firmware *
dell t140_firmware *
dell t340_firmware *
dell r430_firmware *
dell r340_firmware *
dell r250_firmware *
dell fc430_firmware *
dell r7515_firmware *
dell t350_firmware *
dell fc830_firmware *
dell r230_firmware *
dell r930_firmware *
dell r330_firmware *
dell t130_firmware *
dell r840_firmware *
dell mx740c_firmware *
dell r730_firmware *
dell r750xs_firmware *
dell r240_firmware *
CVE-2022-34413

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0

Products Affected

Vendor Product Version
dell r640_firmware *
dell r740_firmware *
dell r940_firmware *
dell xe7440_firmware *
dell nx3330_firmware *
dell xe2420_firmware *
dell c6525_firmware *
dell nx430_firmware *
dell c6520_firmware *
dell fc640_firmware *
dell r650xs_firmware *
dell dss8440_firmware *
dell r7415_firmware *
dell nx3230_firmware *
dell t630_firmware *
dell xr12_firmware *
dell r7525_firmware *
dell nx3340_firmware *
dell xe7420_firmware *
dell m830p_firmware *
dell r530_firmware *
dell r750xa_firmware *
dell t430_firmware *
dell t640_firmware *
dell r440_firmware *
dell c6320_firmware *
dell r6515_firmware *
dell mx750c_firmware *
dell r6525_firmware *
dell c4130_firmware *
dell xr11_firmware *
dell r350_firmware *
dell r6415_firmware *
dell r550_firmware *
dell r650_firmware *
dell c6420_firmware *
dell m640p_firmware *
dell mx840c_firmware *
dell t150_firmware *
dell t440_firmware *
dell m640_firmware *
dell m830_firmware *
dell r940xa_firmware *
dell r540_firmware *
dell c4140_firmware *
dell r7425_firmware *
dell t330_firmware *
dell m630_firmware *
dell r740xd2_firmware *
dell r630_firmware *
dell r830_firmware *
dell r450_firmware *
dell xr2_firmware *
dell nx3240_firmware *
dell xe8545_firmware *
dell r740xd_firmware *
dell nx440_firmware *
dell m630p_firmware *
dell fc630_firmware *
dell r730xd_firmware *
dell t550_firmware *
dell r750_firmware *
dell t140_firmware *
dell t340_firmware *
dell r430_firmware *
dell r340_firmware *
dell r250_firmware *
dell fc430_firmware *
dell r7515_firmware *
dell t350_firmware *
dell fc830_firmware *
dell r230_firmware *
dell r930_firmware *
dell r330_firmware *
dell t130_firmware *
dell r840_firmware *
dell mx740c_firmware *
dell r730_firmware *
dell r750xs_firmware *
dell r240_firmware *
CVE-2022-34414

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0

Products Affected

Vendor Product Version
dell r640_firmware *
dell r740_firmware *
dell r940_firmware *
dell xe7440_firmware *
dell nx3330_firmware *
dell xe2420_firmware *
dell c6525_firmware *
dell nx430_firmware *
dell c6520_firmware *
dell fc640_firmware *
dell r650xs_firmware *
dell dss8440_firmware *
dell r7415_firmware *
dell nx3230_firmware *
dell t630_firmware *
dell xr12_firmware *
dell r7525_firmware *
dell nx3340_firmware *
dell xe7420_firmware *
dell m830p_firmware *
dell r530_firmware *
dell r750xa_firmware *
dell t430_firmware *
dell t640_firmware *
dell r440_firmware *
dell c6320_firmware *
dell r6515_firmware *
dell mx750c_firmware *
dell r6525_firmware *
dell c4130_firmware *
dell xr11_firmware *
dell r350_firmware *
dell r6415_firmware *
dell r550_firmware *
dell r650_firmware *
dell c6420_firmware *
dell m640p_firmware *
dell mx840c_firmware *
dell t150_firmware *
dell t440_firmware *
dell m640_firmware *
dell m830_firmware *
dell r940xa_firmware *
dell r540_firmware *
dell c4140_firmware *
dell r7425_firmware *
dell t330_firmware *
dell m630_firmware *
dell r740xd2_firmware *
dell r630_firmware *
dell r830_firmware *
dell r450_firmware *
dell xr2_firmware *
dell nx3240_firmware *
dell xe8545_firmware *
dell r740xd_firmware *
dell nx440_firmware *
dell m630p_firmware *
dell fc630_firmware *
dell r730xd_firmware *
dell t550_firmware *
dell r750_firmware *
dell t140_firmware *
dell t340_firmware *
dell r430_firmware *
dell r340_firmware *
dell r250_firmware *
dell fc430_firmware *
dell r7515_firmware *
dell t350_firmware *
dell fc830_firmware *
dell r230_firmware *
dell r930_firmware *
dell r330_firmware *
dell t130_firmware *
dell r840_firmware *
dell mx740c_firmware *
dell r730_firmware *
dell r750xs_firmware *
dell r240_firmware *
CVE-2022-34415

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell r640_firmware *
dell r740_firmware *
dell r940_firmware *
dell xe7440_firmware *
dell nx3330_firmware *
dell xe2420_firmware *
dell c6525_firmware *
dell nx430_firmware *
dell c6520_firmware *
dell fc640_firmware *
dell r650xs_firmware *
dell dss8440_firmware *
dell r7415_firmware *
dell nx3230_firmware *
dell t630_firmware *
dell xr12_firmware *
dell r7525_firmware *
dell nx3340_firmware *
dell xe7420_firmware *
dell m830p_firmware *
dell r530_firmware *
dell r750xa_firmware *
dell t430_firmware *
dell t640_firmware *
dell r440_firmware *
dell c6320_firmware *
dell r6515_firmware *
dell mx750c_firmware *
dell r6525_firmware *
dell c4130_firmware *
dell xr11_firmware *
dell r350_firmware *
dell r6415_firmware *
dell r550_firmware *
dell r650_firmware *
dell c6420_firmware *
dell m640p_firmware *
dell mx840c_firmware *
dell t150_firmware *
dell t440_firmware *
dell m640_firmware *
dell m830_firmware *
dell r940xa_firmware *
dell r540_firmware *
dell c4140_firmware *
dell r7425_firmware *
dell t330_firmware *
dell m630_firmware *
dell r740xd2_firmware *
dell r630_firmware *
dell r830_firmware *
dell r450_firmware *
dell xr2_firmware *
dell nx3240_firmware *
dell xe8545_firmware *
dell r740xd_firmware *
dell nx440_firmware *
dell m630p_firmware *
dell fc630_firmware *
dell r730xd_firmware *
dell t550_firmware *
dell r750_firmware *
dell t140_firmware *
dell t340_firmware *
dell r430_firmware *
dell r340_firmware *
dell r250_firmware *
dell fc430_firmware *
dell r7515_firmware *
dell t350_firmware *
dell fc830_firmware *
dell r230_firmware *
dell r930_firmware *
dell r330_firmware *
dell t130_firmware *
dell r840_firmware *
dell mx740c_firmware *
dell r730_firmware *
dell r750xs_firmware *
dell r240_firmware *
CVE-2022-34416

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell r640_firmware *
dell r740_firmware *
dell r940_firmware *
dell xe7440_firmware *
dell nx3330_firmware *
dell xe2420_firmware *
dell c6525_firmware *
dell nx430_firmware *
dell c6520_firmware *
dell fc640_firmware *
dell r650xs_firmware *
dell dss8440_firmware *
dell r7415_firmware *
dell nx3230_firmware *
dell t630_firmware *
dell xr12_firmware *
dell r7525_firmware *
dell nx3340_firmware *
dell xe7420_firmware *
dell m830p_firmware *
dell r530_firmware *
dell r750xa_firmware *
dell t430_firmware *
dell t640_firmware *
dell r440_firmware *
dell c6320_firmware *
dell r6515_firmware *
dell mx750c_firmware *
dell r6525_firmware *
dell c4130_firmware *
dell xr11_firmware *
dell r350_firmware *
dell r6415_firmware *
dell r550_firmware *
dell r650_firmware *
dell c6420_firmware *
dell m640p_firmware *
dell mx840c_firmware *
dell t150_firmware *
dell t440_firmware *
dell m640_firmware *
dell m830_firmware *
dell r940xa_firmware *
dell r540_firmware *
dell c4140_firmware *
dell r7425_firmware *
dell t330_firmware *
dell m630_firmware *
dell r740xd2_firmware *
dell r630_firmware *
dell r830_firmware *
dell r450_firmware *
dell xr2_firmware *
dell nx3240_firmware *
dell xe8545_firmware *
dell r740xd_firmware *
dell nx440_firmware *
dell m630p_firmware *
dell fc630_firmware *
dell r730xd_firmware *
dell t550_firmware *
dell r750_firmware *
dell t140_firmware *
dell t340_firmware *
dell r430_firmware *
dell r340_firmware *
dell r250_firmware *
dell fc430_firmware *
dell r7515_firmware *
dell t350_firmware *
dell fc830_firmware *
dell r230_firmware *
dell r930_firmware *
dell r330_firmware *
dell t130_firmware *
dell r840_firmware *
dell mx740c_firmware *
dell r730_firmware *
dell r750xs_firmware *
dell r240_firmware *
CVE-2022-34417

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0

Products Affected

Vendor Product Version
dell r640_firmware *
dell r740_firmware *
dell r940_firmware *
dell xe7440_firmware *
dell nx3330_firmware *
dell xe2420_firmware *
dell c6525_firmware *
dell nx430_firmware *
dell c6520_firmware *
dell fc640_firmware *
dell r650xs_firmware *
dell dss8440_firmware *
dell r7415_firmware *
dell nx3230_firmware *
dell t630_firmware *
dell xr12_firmware *
dell r7525_firmware *
dell nx3340_firmware *
dell xe7420_firmware *
dell m830p_firmware *
dell r530_firmware *
dell r750xa_firmware *
dell t430_firmware *
dell t640_firmware *
dell r440_firmware *
dell c6320_firmware *
dell r6515_firmware *
dell mx750c_firmware *
dell r6525_firmware *
dell c4130_firmware *
dell xr11_firmware *
dell r350_firmware *
dell r6415_firmware *
dell r550_firmware *
dell r650_firmware *
dell c6420_firmware *
dell m640p_firmware *
dell mx840c_firmware *
dell t150_firmware *
dell t440_firmware *
dell m640_firmware *
dell m830_firmware *
dell r940xa_firmware *
dell r540_firmware *
dell c4140_firmware *
dell r7425_firmware *
dell t330_firmware *
dell m630_firmware *
dell r740xd2_firmware *
dell r630_firmware *
dell r830_firmware *
dell r450_firmware *
dell xr2_firmware *
dell nx3240_firmware *
dell xe8545_firmware *
dell r740xd_firmware *
dell nx440_firmware *
dell m630p_firmware *
dell fc630_firmware *
dell r730xd_firmware *
dell t550_firmware *
dell r750_firmware *
dell t140_firmware *
dell t340_firmware *
dell r430_firmware *
dell r340_firmware *
dell r250_firmware *
dell fc430_firmware *
dell r7515_firmware *
dell t350_firmware *
dell fc830_firmware *
dell r230_firmware *
dell r930_firmware *
dell r330_firmware *
dell t130_firmware *
dell r840_firmware *
dell mx740c_firmware *
dell r730_firmware *
dell r750xs_firmware *
dell r240_firmware *
CVE-2022-34418

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell r640_firmware *
dell r740_firmware *
dell r940_firmware *
dell xe7440_firmware *
dell nx3330_firmware *
dell xe2420_firmware *
dell c6525_firmware *
dell nx430_firmware *
dell c6520_firmware *
dell fc640_firmware *
dell r650xs_firmware *
dell dss8440_firmware *
dell r7415_firmware *
dell nx3230_firmware *
dell t630_firmware *
dell xr12_firmware *
dell r7525_firmware *
dell nx3340_firmware *
dell xe7420_firmware *
dell m830p_firmware *
dell r530_firmware *
dell r750xa_firmware *
dell t430_firmware *
dell t640_firmware *
dell r440_firmware *
dell c6320_firmware *
dell r6515_firmware *
dell mx750c_firmware *
dell r6525_firmware *
dell c4130_firmware *
dell xr11_firmware *
dell r350_firmware *
dell r6415_firmware *
dell r550_firmware *
dell r650_firmware *
dell c6420_firmware *
dell m640p_firmware *
dell mx840c_firmware *
dell t150_firmware *
dell t440_firmware *
dell m640_firmware *
dell m830_firmware *
dell r940xa_firmware *
dell r540_firmware *
dell c4140_firmware *
dell r7425_firmware *
dell t330_firmware *
dell m630_firmware *
dell r740xd2_firmware *
dell r630_firmware *
dell r830_firmware *
dell r450_firmware *
dell xr2_firmware *
dell nx3240_firmware *
dell xe8545_firmware *
dell r740xd_firmware *
dell nx440_firmware *
dell m630p_firmware *
dell fc630_firmware *
dell r730xd_firmware *
dell t550_firmware *
dell r750_firmware *
dell t140_firmware *
dell t340_firmware *
dell r430_firmware *
dell r340_firmware *
dell r250_firmware *
dell fc430_firmware *
dell r7515_firmware *
dell t350_firmware *
dell fc830_firmware *
dell r230_firmware *
dell r930_firmware *
dell r330_firmware *
dell t130_firmware *
dell r840_firmware *
dell mx740c_firmware *
dell r730_firmware *
dell r750xs_firmware *
dell r240_firmware *
CVE-2022-34419

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell r640_firmware *
dell r740_firmware *
dell r940_firmware *
dell xe7440_firmware *
dell nx3330_firmware *
dell xe2420_firmware *
dell c6525_firmware *
dell nx430_firmware *
dell c6520_firmware *
dell fc640_firmware *
dell r650xs_firmware *
dell dss8440_firmware *
dell r7415_firmware *
dell nx3230_firmware *
dell t630_firmware *
dell xr12_firmware *
dell r7525_firmware *
dell nx3340_firmware *
dell xe7420_firmware *
dell m830p_firmware *
dell r530_firmware *
dell r750xa_firmware *
dell t430_firmware *
dell t640_firmware *
dell r440_firmware *
dell c6320_firmware *
dell r6515_firmware *
dell mx750c_firmware *
dell r6525_firmware *
dell c4130_firmware *
dell xr11_firmware *
dell r350_firmware *
dell r6415_firmware *
dell r550_firmware *
dell r650_firmware *
dell c6420_firmware *
dell m640p_firmware *
dell mx840c_firmware *
dell t150_firmware *
dell t440_firmware *
dell m640_firmware *
dell m830_firmware *
dell r940xa_firmware *
dell r540_firmware *
dell c4140_firmware *
dell r7425_firmware *
dell t330_firmware *
dell m630_firmware *
dell r740xd2_firmware *
dell r630_firmware *
dell r830_firmware *
dell r450_firmware *
dell xr2_firmware *
dell nx3240_firmware *
dell xe8545_firmware *
dell r740xd_firmware *
dell nx440_firmware *
dell m630p_firmware *
dell fc630_firmware *
dell r730xd_firmware *
dell t550_firmware *
dell r750_firmware *
dell t140_firmware *
dell t340_firmware *
dell r430_firmware *
dell r340_firmware *
dell r250_firmware *
dell fc430_firmware *
dell r7515_firmware *
dell t350_firmware *
dell fc830_firmware *
dell r230_firmware *
dell r930_firmware *
dell r330_firmware *
dell t130_firmware *
dell r840_firmware *
dell mx740c_firmware *
dell r730_firmware *
dell r750xs_firmware *
dell r240_firmware *
CVE-2022-34420

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell r640_firmware *
dell r740_firmware *
dell r940_firmware *
dell xe7440_firmware *
dell nx3330_firmware *
dell xe2420_firmware *
dell c6525_firmware *
dell nx430_firmware *
dell c6520_firmware *
dell fc640_firmware *
dell r650xs_firmware *
dell dss8440_firmware *
dell r7415_firmware *
dell nx3230_firmware *
dell t630_firmware *
dell xr12_firmware *
dell r7525_firmware *
dell nx3340_firmware *
dell xe7420_firmware *
dell m830p_firmware *
dell r530_firmware *
dell r750xa_firmware *
dell t430_firmware *
dell t640_firmware *
dell r440_firmware *
dell c6320_firmware *
dell r6515_firmware *
dell mx750c_firmware *
dell r6525_firmware *
dell c4130_firmware *
dell xr11_firmware *
dell r350_firmware *
dell r6415_firmware *
dell r550_firmware *
dell r650_firmware *
dell c6420_firmware *
dell m640p_firmware *
dell mx840c_firmware *
dell t150_firmware *
dell t440_firmware *
dell m640_firmware *
dell m830_firmware *
dell r940xa_firmware *
dell r540_firmware *
dell c4140_firmware *
dell r7425_firmware *
dell t330_firmware *
dell m630_firmware *
dell r740xd2_firmware *
dell r630_firmware *
dell r830_firmware *
dell r450_firmware *
dell xr2_firmware *
dell nx3240_firmware *
dell xe8545_firmware *
dell r740xd_firmware *
dell nx440_firmware *
dell m630p_firmware *
dell fc630_firmware *
dell r730xd_firmware *
dell t550_firmware *
dell r750_firmware *
dell t140_firmware *
dell t340_firmware *
dell r430_firmware *
dell r340_firmware *
dell r250_firmware *
dell fc430_firmware *
dell r7515_firmware *
dell t350_firmware *
dell fc830_firmware *
dell r230_firmware *
dell r930_firmware *
dell r330_firmware *
dell t130_firmware *
dell r840_firmware *
dell mx740c_firmware *
dell r730_firmware *
dell r750xs_firmware *
dell r240_firmware *
CVE-2022-34421

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell r640_firmware *
dell r740_firmware *
dell r940_firmware *
dell xe7440_firmware *
dell nx3330_firmware *
dell xe2420_firmware *
dell c6525_firmware *
dell nx430_firmware *
dell c6520_firmware *
dell fc640_firmware *
dell r650xs_firmware *
dell dss8440_firmware *
dell r7415_firmware *
dell nx3230_firmware *
dell t630_firmware *
dell xr12_firmware *
dell r7525_firmware *
dell nx3340_firmware *
dell xe7420_firmware *
dell m830p_firmware *
dell r530_firmware *
dell r750xa_firmware *
dell t430_firmware *
dell t640_firmware *
dell r440_firmware *
dell c6320_firmware *
dell r6515_firmware *
dell mx750c_firmware *
dell r6525_firmware *
dell c4130_firmware *
dell xr11_firmware *
dell r350_firmware *
dell r6415_firmware *
dell r550_firmware *
dell r650_firmware *
dell c6420_firmware *
dell m640p_firmware *
dell mx840c_firmware *
dell t150_firmware *
dell t440_firmware *
dell m640_firmware *
dell m830_firmware *
dell r940xa_firmware *
dell r540_firmware *
dell c4140_firmware *
dell r7425_firmware *
dell t330_firmware *
dell m630_firmware *
dell r740xd2_firmware *
dell r630_firmware *
dell r830_firmware *
dell r450_firmware *
dell xr2_firmware *
dell nx3240_firmware *
dell xe8545_firmware *
dell r740xd_firmware *
dell nx440_firmware *
dell m630p_firmware *
dell fc630_firmware *
dell r730xd_firmware *
dell t550_firmware *
dell r750_firmware *
dell t140_firmware *
dell t340_firmware *
dell r430_firmware *
dell r340_firmware *
dell r250_firmware *
dell fc430_firmware *
dell r7515_firmware *
dell t350_firmware *
dell fc830_firmware *
dell r230_firmware *
dell r930_firmware *
dell r330_firmware *
dell t130_firmware *
dell r840_firmware *
dell mx740c_firmware *
dell r730_firmware *
dell r750xs_firmware *
dell r240_firmware *
CVE-2022-34422

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell r640_firmware *
dell r740_firmware *
dell r940_firmware *
dell xe7440_firmware *
dell nx3330_firmware *
dell xe2420_firmware *
dell c6525_firmware *
dell nx430_firmware *
dell c6520_firmware *
dell fc640_firmware *
dell r650xs_firmware *
dell dss8440_firmware *
dell r7415_firmware *
dell nx3230_firmware *
dell t630_firmware *
dell xr12_firmware *
dell r7525_firmware *
dell nx3340_firmware *
dell xe7420_firmware *
dell m830p_firmware *
dell r530_firmware *
dell r750xa_firmware *
dell t430_firmware *
dell t640_firmware *
dell r440_firmware *
dell c6320_firmware *
dell r6515_firmware *
dell mx750c_firmware *
dell r6525_firmware *
dell c4130_firmware *
dell xr11_firmware *
dell r350_firmware *
dell r6415_firmware *
dell r550_firmware *
dell r650_firmware *
dell c6420_firmware *
dell m640p_firmware *
dell mx840c_firmware *
dell t150_firmware *
dell t440_firmware *
dell m640_firmware *
dell m830_firmware *
dell r940xa_firmware *
dell r540_firmware *
dell c4140_firmware *
dell r7425_firmware *
dell t330_firmware *
dell m630_firmware *
dell r740xd2_firmware *
dell r630_firmware *
dell r830_firmware *
dell r450_firmware *
dell xr2_firmware *
dell nx3240_firmware *
dell xe8545_firmware *
dell r740xd_firmware *
dell nx440_firmware *
dell m630p_firmware *
dell fc630_firmware *
dell r730xd_firmware *
dell t550_firmware *
dell r750_firmware *
dell t140_firmware *
dell t340_firmware *
dell r430_firmware *
dell r340_firmware *
dell r250_firmware *
dell fc430_firmware *
dell r7515_firmware *
dell t350_firmware *
dell fc830_firmware *
dell r230_firmware *
dell r930_firmware *
dell r330_firmware *
dell t130_firmware *
dell r840_firmware *
dell mx740c_firmware *
dell r730_firmware *
dell r750xs_firmware *
dell r240_firmware *
CVE-2022-34423

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell r640_firmware *
dell r740_firmware *
dell r940_firmware *
dell xe7440_firmware *
dell nx3330_firmware *
dell xe2420_firmware *
dell c6525_firmware *
dell nx430_firmware *
dell c6520_firmware *
dell fc640_firmware *
dell r650xs_firmware *
dell dss8440_firmware *
dell r7415_firmware *
dell nx3230_firmware *
dell t630_firmware *
dell xr12_firmware *
dell r7525_firmware *
dell nx3340_firmware *
dell xe7420_firmware *
dell m830p_firmware *
dell r530_firmware *
dell r750xa_firmware *
dell t430_firmware *
dell t640_firmware *
dell r440_firmware *
dell c6320_firmware *
dell r6515_firmware *
dell mx750c_firmware *
dell r6525_firmware *
dell c4130_firmware *
dell xr11_firmware *
dell r350_firmware *
dell r6415_firmware *
dell r550_firmware *
dell r650_firmware *
dell c6420_firmware *
dell m640p_firmware *
dell mx840c_firmware *
dell t150_firmware *
dell t440_firmware *
dell m640_firmware *
dell m830_firmware *
dell r940xa_firmware *
dell r540_firmware *
dell c4140_firmware *
dell r7425_firmware *
dell t330_firmware *
dell m630_firmware *
dell r740xd2_firmware *
dell r630_firmware *
dell r830_firmware *
dell r450_firmware *
dell xr2_firmware *
dell nx3240_firmware *
dell xe8545_firmware *
dell r740xd_firmware *
dell nx440_firmware *
dell m630p_firmware *
dell fc630_firmware *
dell r730xd_firmware *
dell t550_firmware *
dell r750_firmware *
dell t140_firmware *
dell t340_firmware *
dell r430_firmware *
dell r340_firmware *
dell r250_firmware *
dell fc430_firmware *
dell r7515_firmware *
dell t350_firmware *
dell fc830_firmware *
dell r230_firmware *
dell r930_firmware *
dell r330_firmware *
dell t130_firmware *
dell r840_firmware *
dell mx740c_firmware *
dell r730_firmware *
dell r750xs_firmware *
dell r240_firmware *
CVE-2022-34424

Networking OS10, versions 10.5.1.x, 10.5.2.x, and 10.5.3.x contain a vulnerability that could allow an attacker to cause a system crash by running particular security scans.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
dell smartfabric_os10 *
CVE-2022-34425

Dell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
dell enterprise_sonic_distribution 4.0.0
dell enterprise_sonic_distribution 4.0.1
CVE-2022-34426

Dell Container Storage Modules 1.2 contains an Improper Limitation of a Pathname to a Restricted Directory in goiscsi and gobrick libraries which could lead to OS command injection. A remote unauthenticated attacker could exploit this vulnerability leading to unintentional access to path outside of restricted directory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
dell container_storage_modules *
CVE-2022-34427

Dell Container Storage Modules 1.2 contains an OS Command Injection in goiscsi and gobrick libraries. A remote unauthenticated attacker could exploit this vulnerability leading to modification of intended OS command execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
dell container_storage_modules *
CVE-2022-34428

Dell Hybrid Client prior to version 1.8 contains a Regular Expression Denial of Service Vulnerability in the UI. An adversary with WMS group admin access could potentially exploit this vulnerability, leading to temporary denial-of-service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 2.7 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L 1.2 1.4
security_alert@emc.com 5.0 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L 3.1 1.4

Products Affected

Vendor Product Version
dell hybrid_client 1.6.1
dell hybrid_client 1.5
dell hybrid_client 1.6.2
dell hybrid_client 1.6
CVE-2022-34429

Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N 2.0 4.0
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

Products Affected

Vendor Product Version
dell hybrid_client 1.6.1
dell hybrid_client 1.5
dell hybrid_client 1.6.2
dell hybrid_client 1.6
CVE-2022-34430

Dell Hybrid Client below 1.8 version contains a Zip Bomb Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H 2.5 4.0
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
dell hybrid_client *
CVE-2022-34431

Dell Hybrid Client below 1.8 version contains a guest user profile corruption vulnerability. A WMS privilege attacker could potentially exploit this vulnerability, leading to DHC system not being accessible.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 1.2 5.2
security_alert@emc.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 1.2 5.2

Products Affected

Vendor Product Version
dell hybrid_client *
CVE-2022-34432

Dell Hybrid Client below 1.8 version contains a gedit vulnerability. A guest attacker could potentially exploit this vulnerability, allowing deletion of user and some system files and folders.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L 3.9 4.2
security_alert@emc.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L 2.5 4.7

Products Affected

Vendor Product Version
dell hybrid_client *
CVE-2022-34434

Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. A threat actor with root level access to either the vApp or containerized versions of Cloud Mobility may potentially exploit this vulnerability, leading to the modification or deletion of tables that are required for many of the core functionalities of Cloud Mobility. Exploitation may lead to the compromise of integrity and availability of the normal functionality of the Cloud Mobility application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell cloud_mobility_for_dell_emc_storage *
CVE-2022-34435

Dell iDRAC9 version 6.00.02.00 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability to bypass the firmware lock-down configuration and perform a firmware update.

Products Affected

Vendor Product Version
dell idrac9_firmware *
CVE-2022-34436

Dell iDRAC8 version 2.83.83.83 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability to bypass the firmware lock-down configuration and perform a firmware update.

Products Affected

Vendor Product Version
dell idrac8_firmware *
CVE-2022-34437

Dell PowerScale OneFS, versions 8.2.2-9.3.0, contain an OS command injection vulnerability. A privileged local malicious user could potentially exploit this vulnerability, leading to a full system compromise. This impacts compliance mode clusters.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell emc_powerscale_onefs *
CVE-2022-34438

Dell PowerScale OneFS, versions 8.2.x-9.4.0.x, contain a privilege context switching error. A local authenticated malicious user with high privileges could potentially exploit this vulnerability, leading to full system compromise. This impacts compliance mode clusters.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell emc_powerscale_onefs *
CVE-2022-34439

Dell PowerScale OneFS, versions 8.2.0.x-9.4.0.x contain allocation of Resources Without Limits or Throttling vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service and performance issue on that node.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
dell emc_powerscale_onefs *
CVE-2022-34440

Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges.

Products Affected

Vendor Product Version
dell policy_manager_for_secure_connect_gateway *
dell emc_secure_connect_gateway_policy_manager *
CVE-2022-34441

Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges.

Products Affected

Vendor Product Version
dell policy_manager_for_secure_connect_gateway *
dell emc_secure_connect_gateway_policy_manager *
CVE-2022-34442

Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability.  An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain LDAP user privileges.

Products Affected

Vendor Product Version
dell policy_manager_for_secure_connect_gateway *
dell emc_secure_connect_gateway_policy_manager *
CVE-2022-34443

Dell Rugged Control Center, versions prior to 4.5, contain an Improper Input Validation in the Service EndPoint. A Local Low Privilege attacker could potentially exploit this vulnerability, leading to an Escalation of privileges.

Products Affected

Vendor Product Version
dell rugged_control_center *
CVE-2022-34444

Dell PowerScale OneFS, versions 9.2.0.x through 9.4.0.x contain an information vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to cause data leak.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
dell powerscale_onefs 9.2.0
dell powerscale_onefs 9.4.0
dell powerscale_onefs 9.3.0
dell powerscale_onefs 9.2.1
CVE-2022-34445

Dell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password. A malicious local privileged attacker may potentially exploit this vulnerability, leading to information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6
security_alert@emc.com 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N 1.5 4.0

Products Affected

Vendor Product Version
dell powerscale_onefs 9.2.0
dell powerscale_onefs 9.1.0
dell powerscale_onefs 9.0.0
dell powerscale_onefs 8.2.1
dell powerscale_onefs 9.3.0
dell powerscale_onefs 8.2.0
dell powerscale_onefs 9.2.1
dell powerscale_onefs 8.2.2
dell powerscale_onefs 9.1.1
CVE-2022-34446

PowerPath Management Appliance with versions 3.3 & 3.2* contains Authorization Bypass vulnerability. An authenticated remote user with limited privileges (e.g., of role Monitoring) can exploit this issue and gain access to sensitive information, and modify the configuration.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.8 5.2

Products Affected

Vendor Product Version
dell powerpath_management_appliance 3.2
dell powerpath_management_appliance 3.3
CVE-2022-34447

PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains OS Command Injection vulnerability. An authenticated remote attacker with administrative privileges could potentially exploit the issue and execute commands on the system as the root user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
security_alert@emc.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
dell powerpath_management_appliance 3.2
dell powerpath_management_appliance 3.1
dell powerpath_management_appliance 3.0
dell powerpath_management_appliance 3.3
CVE-2022-34448

PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Cross-site Request Forgery vulnerability. An unauthenticated non-privileged user could potentially exploit the issue and perform any privileged state-changing actions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
dell powerpath_management_appliance 3.2
dell powerpath_management_appliance 3.1
dell powerpath_management_appliance 3.0
dell powerpath_management_appliance 3.3
CVE-2022-34449

PowerPath Management Appliance with versions 3.3 & 3.2* contains a Hardcoded Cryptographic Keys vulnerability. Authenticated admin users can exploit the issue that leads to view and modifying sensitive information stored in the application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.8 5.2
security_alert@emc.com 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.8 5.2

Products Affected

Vendor Product Version
dell powerpath_management_appliance 3.2
dell powerpath_management_appliance 3.3
CVE-2022-34450

PowerPath Management Appliance with version 3.3 contains Privilege Escalation vulnerability. An authenticated admin user could potentially exploit this issue and gain unrestricted control/code execution on the system as root.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell powerpath_management_appliance 3.3
CVE-2022-34451

PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Stored Cross-site Scripting Vulnerability. An authenticated admin user could potentially exploit this vulnerability, to hijack user sessions or trick a victim application user into unknowingly send arbitrary requests to the server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

Products Affected

Vendor Product Version
dell powerpath_management_appliance 3.2
dell powerpath_management_appliance 3.1
dell powerpath_management_appliance 3.0
dell powerpath_management_appliance 3.3
CVE-2022-34452

PowerPath Management Appliance with versions 3.3, 3.2*, 3.1 & 3.0* contains sensitive information disclosure vulnerability. An Authenticated admin user can able to exploit the issue and view sensitive information stored in the logs.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 2.7 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N 1.2 1.4
security_alert@emc.com 2.7 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N 1.2 1.4

Products Affected

Vendor Product Version
dell powerpath_management_appliance *
CVE-2022-34453

Dell XtremIO X2 XMS versions prior to 6-4-1.11 contain an improper access control vulnerability. A remote read only user could potentially exploit this vulnerability to perform add/delete QoS policies which are disabled by default.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.6 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H 2.8 4.7

Products Affected

Vendor Product Version
dell xtremio_x2_firmware *
CVE-2022-34454

Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a heap-based buffer overflow. A local privileged malicious user could potentially exploit this vulnerability, leading to system takeover. This impacts compliance mode clusters.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell emc_powerscale_onefs *
CVE-2022-34456

Dell EMC Metro node, Version(s) prior to 7.1, contain a Code Injection Vulnerability. An authenticated nonprivileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application.

Products Affected

Vendor Product Version
dell emc_metro_node *
CVE-2022-34457

Dell command configuration, version 4.8 and prior, contains improper folder permission when installed not to default path but to non-secured path which leads to privilege escalation. This is critical severity vulnerability as it allows non-admin to modify the files inside installed directory and able to make application unavailable for all users.

Products Affected

Vendor Product Version
dell command|configure *
CVE-2022-34458

Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in download operation component. A local malicious user could potentially exploit this vulnerability leading to the disclosure of confidential data.

Products Affected

Vendor Product Version
dell update *
dell command_update *
dell alienware_update *
CVE-2022-34459

Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a improper verification of cryptographic signature in get applicable driver component. A local malicious user could potentially exploit this vulnerability leading to malicious payload execution.

Products Affected

Vendor Product Version
dell update *
dell command_update *
dell alienware_update *
CVE-2022-34460

Prior Dell BIOS versions contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Products Affected

Vendor Product Version
dell inspiron_27_7775_firmware *
dell inspiron_7405_2-in-1_firmware *
dell inspiron_3515_firmware *
dell inspiron_3180_firmware *
dell vostro_3515_firmware *
dell inspiron_5515_firmware *
dell inspiron_7375_firmware *
dell inspiron_5505_firmware *
dell vostro_5415_firmware *
dell inspiron_5485_2-in-1_firmware *
dell inspiron_3585_firmware *
dell inspiron_5405_firmware *
dell inspiron_3195_2-in-1_firmware *
dell inspiron_5485_firmware *
dell inspiron_3475_firmware *
dell inspiron_3275_firmware *
dell inspiron_3785_firmware *
dell inspiron_3595_firmware *
dell inspiron_7415_firmware *
dell vostro_5515_firmware *
dell inspiron_3505_firmware *
dell inspiron_5415_firmware *
dell inspiron_5585_firmware *
dell g5_se_5505_firmware *
dell inspiron_3185_firmware *
dell vostro_3405_firmware *
CVE-2022-34462

Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a Hard-coded Password Vulnerability. An attacker, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to login to the system to gain admin privileges.

Products Affected

Vendor Product Version
dell policy_manager_for_secure_connect_gateway *
dell emc_secure_connect_gateway_policy_manager *
CVE-2022-45095

Dell PowerScale OneFS, 8.2.x-9.4.x, contain a command injection vulnerability. An authenticated user having access local shell and having the privilege to gather logs from the cluster could potentially exploit this vulnerability, leading to execute arbitrary commands, denial of service, information disclosure, and data deletion.

Products Affected

Vendor Product Version
dell emc_powerscale_onefs *
CVE-2022-45096

Dell PowerScale OneFS, 8.2.0 through 9.3.0, contain an User Interface Security Issue. An unauthenticated remote user could unintentionally lead an administrator to enable this vulnerability, leading to disclosure of information.

Products Affected

Vendor Product Version
dell emc_powerscale_onefs *
CVE-2022-45097

Dell PowerScale OneFS 9.0.0.x-9.4.0.x contains an Incorrect User Management vulnerability. A low privileged network attacker could potentially exploit this vulnerability, leading to escalation of privileges, and information disclosure.

Products Affected

Vendor Product Version
dell emc_powerscale_onefs *
CVE-2022-45098

Dell PowerScale OneFS, 9.0.0.x-9.4.0.x, contain a cleartext storage of sensitive information vulnerability in S3 component. An authenticated local attacker could potentially exploit this vulnerability, leading to information disclosure.

Products Affected

Vendor Product Version
dell emc_powerscale_onefs *
CVE-2022-45099

Dell PowerScale OneFS, versions 8.2.x-9.4.x, contain a weak encoding for a NDMP password. A malicious and privileged local attacker could potentially exploit this vulnerability, leading to a full system compromise

Products Affected

Vendor Product Version
dell emc_powerscale_onefs *
CVE-2022-45100

Dell PowerScale OneFS, versions 8.2.x-9.3.x, contains an Improper Certificate Validation vulnerability. An remote unauthenticated attacker could potentially exploit this vulnerability, leading to a full compromise of the system.

Products Affected

Vendor Product Version
dell emc_powerscale_onefs *
CVE-2022-45101

Dell PowerScale OneFS 9.0.0.x - 9.4.0.x, contains an Improper Handling of Insufficient Privileges vulnerability in NFS. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and remote execution.

Products Affected

Vendor Product Version
dell emc_powerscale_onefs *
CVE-2022-45102

Dell EMC Data Protection Central, versions 19.1 through 19.7, contains a Host Header Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary \u2018Host\u2019 header values to poison a web cache or trigger redirections.

Products Affected

Vendor Product Version
dell dp5900_firmware *
dell emc_data_protection_central *
dell dp4400_firmware *
CVE-2022-45103

Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain an information disclosure vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to read arbitrary files on the underlying file system.

Products Affected

Vendor Product Version
dell emc_unisphere_for_powermax *
dell emc_solutions_enabler_virtual_appliance *
dell emc_vasa_provider_virtual_appliance *
dell unisphere_360 *
dell emc_unisphere_for_powermax_virtual_appliance *
dell solutions_enabler *
dell vasa_provider *
dell powermax_os 5978
dell powermax_os -
CVE-2022-45104

Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain a command execution vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to execute arbitrary commands on the underlying system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
security_alert@emc.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
dell solutions_enabler_virtual_appliance *
dell unisphere_for_powermax_virtual_appliance *
dell evasa_provider_virtual_appliance *
CVE-2022-46675

Wyse Management Suite Repository 3.8 and below contain an information disclosure vulnerability. A unauthenticated attacker could potentially discover the internal structure of the application and its components and use this information for further vulnerability research.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
dell wyse_management_suite *
CVE-2022-46676

Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A malicious admin user can disable or delete users under administration and unassigned admins for which the group admin is not authorized.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6
security_alert@emc.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

Products Affected

Vendor Product Version
dell wyse_management_suite *
CVE-2022-46677

Wyse Management Suite 3.8 and below contain an improper access control vulnerability with which an custom group admin can create a subgroup under a group for which the admin is not authorized.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H 2.3 4.0
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

Products Affected

Vendor Product Version
dell wyse_management_suite *
CVE-2022-46678

Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user can edit general client policy for which the user is not authorized.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

Products Affected

Vendor Product Version
dell wyse_management_suite *
CVE-2022-46679

Dell PowerScale OneFS 8.2.x, 9.0.0.x - 9.4.0.x, contain an insufficient resource pool vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.

Products Affected

Vendor Product Version
dell emc_powerscale_onefs *
CVE-2022-46752

Dell BIOS contains an Improper Authorization vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability, leading to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.6 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 0.9 3.6
nvd@nist.gov 4.6 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 0.9 3.6

Products Affected

Vendor Product Version
dell inspiron_5310_firmware *
dell xps_13_9320_firmware *
dell inspiron_5510_firmware *
dell vostro_5510_firmware *
dell inspiron_7620_firmware *
dell vostro_7510_firmware *
dell inspiron_5410_firmware *
dell xps_13_9315_2-in-1_firmware *
dell vostro_3510_firmware *
dell latitude_5520_firmware *
dell precision_3561_firmware *
dell latitude_5431_firmware *
dell vostro_5310_firmware *
dell latitude_9430_firmware *
dell latitude_5521_firmware *
dell vostro_5320_firmware *
dell precision_3470_firmware *
dell vostro_7620_firmware *
dell inspiron_5620_firmware *
dell latitude_5420_firmware *
dell xps_17_9720_firmware *
dell latitude_7420_firmware *
dell latitude_rugged_7330_firmware *
dell latitude_9330_firmware *
dell latitude_3140_firmware *
dell xps_17_9710_firmware *
dell latitude_3520_firmware *
dell latitude_7430_firmware *
dell latitude_7520_firmware *
dell xps_15_9520_firmware *
dell latitude_9420_firmware *
dell xps_15_9510_firmware *
dell latitude_5430_firmware *
dell precision_7670_firmware *
dell latitude_5531_firmware *
dell precision_7770_firmware *
dell vostro_5620_firmware *
dell inspiron_5420_firmware *
dell latitude_7320_firmware *
dell latitude_3330_firmware *
dell latitude_5330_firmware *
dell precision_7560_firmware *
dell precision_5560_firmware *
dell precision_7760_firmware *
dell inspiron_3520_firmware *
dell latitude_9520_firmware *
dell precision_5770_firmware *
dell latitude_9510_firmware *
dell inspiron_7610_firmware *
dell inspiron_5320_firmware *
dell latitude_3320_firmware *
dell latitude_5430_rugged_firmware *
dell latitude_3430_firmware *
dell precision_5570_firmware *
dell vostro_3520_firmware *
dell inspiron_3511_firmware *
dell vostro_3420_firmware *
dell inspiron_14_plus_7420_firmware *
dell latitude_3420_firmware *
dell vostro_5410_firmware *
dell latitude_5530_firmware *
dell latitude_7530_firmware *
dell precision_3571_firmware *
dell precision_5470_firmware *
dell latitude_3530_firmware *
dell precision_5760_firmware *
dell latitude_7330_firmware *
dell precision_3560_firmware *
dell latitude_5421_firmware *
dell inspiron_7510_firmware *
dell latitude_7320_detachable_firmware *
dell precision_3570_firmware *
dell inspiron_7420_firmware *
dell xps_13_9315_firmware *
dell inspiron_14_plus_7620_firmware *
CVE-2022-46754

Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user might access certain pro license features for which this admin is not authorized in order to configure user controlled external entities.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.7 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N 2.3 5.8
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 1.2 5.2

Products Affected

Vendor Product Version
dell wyse_management_suite *
CVE-2022-46755

Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user can edit general client policy for which the user is not authorized.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6
security_alert@emc.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

Products Affected

Vendor Product Version
dell wyse_management_suite *
CVE-2022-46756

Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.

Products Affected

Vendor Product Version
dell vxrail_manager *
CVE-2023-22572

Dell PowerScale OneFS 9.1.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in change password api. A low privilege local attacker could potentially exploit this vulnerability, leading to system takeover.

Products Affected

Vendor Product Version
dell emc_powerscale_onefs *
CVE-2023-22573

Dell PowerScale OneFS 9.0.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in cloudpool. A low privileged local attacker could potentially exploit this vulnerability, leading to sensitive information disclosure.

Products Affected

Vendor Product Version
dell emc_powerscale_onefs *
CVE-2023-22574

Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in platform API of IPMI module. A low-privileged user with permission to read logs on the cluster could potentially exploit this vulnerability, leading to Information disclosure and denial of service.

Products Affected

Vendor Product Version
dell emc_powerscale_onefs *
CVE-2023-22575

Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in celog. A low privileges user could potentially exploit this vulnerability, leading to information disclosure and escalation of privileges.

Products Affected

Vendor Product Version
dell emc_powerscale_onefs *
CVE-2023-23689

Dell PowerScale nodes A200, A2000, H400, H500, H600, H5600, F800, F810 integrated hardware management software contains an uncontrolled resource consumption vulnerability. This may allow an unauthenticated network host to impair built-in hardware management functionality and trigger OneFS data protection mechanism causing a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
dell h400_firmware 9.1.0.0
dell h600_firmware 9.4.0.0
dell h5600_firmware 9.3.0.0
dell f800_firmware 9.1.0.0
dell h5600_firmware 9.5.0.0
dell h500_firmware 9.3.0.0
dell f810_firmware 9.2.0.0
dell f810_firmware 9.0.0.0
dell h500_firmware 9.2.0.0
dell h5600_firmware 9.4.0.0
dell a200_firmware 9.0.0.0
dell h600_firmware 9.5.0.0
dell a2000_firmware 9.2.1.0
dell h500_firmware 9.4.0.0
dell f800_firmware 9.3.0.0
dell f810_firmware 9.5.0.0
dell h500_firmware 9.0.0.0
dell h5600_firmware 9.1.0.0
dell f810_firmware 9.3.0.0
dell h400_firmware 9.3.0.0
dell a200_firmware 9.1.0.0
dell f800_firmware 9.5.0.0
dell h600_firmware 9.3.0.0
dell h600_firmware 9.2.0.0
dell a2000_firmware 9.5.0.0
dell a2000_firmware 9.2.0.0
dell h400_firmware 9.4.0.0
dell a2000_firmware 9.1.0.0
dell a2000_firmware 9.0.0.0
dell a2000_firmware 9.4.0.0
dell h5600_firmware 9.0.0.0
dell f800_firmware 9.0.0.0
dell h600_firmware 9.0.0.0
dell h400_firmware 9.2.1.0
dell h400_firmware 9.5.0.0
dell a200_firmware 9.3.0.0
dell f800_firmware 9.4.0.0
dell f810_firmware 9.4.0.0
dell f800_firmware 9.2.0.0
dell h600_firmware 9.2.1.0
dell f800_firmware 9.2.1.0
dell a200_firmware 9.2.1.0
dell h500_firmware 9.5.0.0
dell a200_firmware 9.4.0.0
dell f810_firmware 9.2.1.0
dell h500_firmware 9.1.0.0
dell h5600_firmware 9.2.1.0
dell a200_firmware 9.2.0.0
dell h400_firmware 9.2.0.0
dell a2000_firmware 9.3.0.0
dell f810_firmware 9.1.0.0
dell a200_firmware 9.5.0.0
dell h600_firmware 9.1.0.0
dell h400_firmware 9.0.0.0
dell h500_firmware 9.2.1.0
dell h5600_firmware 9.2.0.0
CVE-2023-23690

Cloud Mobility for Dell EMC Storage, versions 1.3.0.X and below contains an Improper Check for Certificate Revocation vulnerability. A threat actor does not need any specific privileges to potentially exploit this vulnerability. An attacker could perform a man-in-the-middle attack and eavesdrop on encrypted communications from Cloud Mobility to Cloud Storage devices. Exploitation could lead to the compromise of secret and sensitive information, cloud storage connection downtime, and the integrity of the connection to the Cloud devices.

Products Affected

Vendor Product Version
dell cloud_mobility_for_dell_emc_storage *
CVE-2023-23691

Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains a Client-side desync Vulnerability. An unauthenticated attacker could potentially exploit this vulnerability to force a victim's browser to desynchronize its connection with the website, typically leading to XSS and DoS.

Products Affected

Vendor Product Version
dell powervault_me5084_firmware *
dell powervault_me5012_firmware *
dell powervault_me5024_firmware *
CVE-2023-23692

Dell EMC prior to version DDOS 7.9 contain(s) an OS command injection Vulnerability. An authenticated non admin attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.

Products Affected

Vendor Product Version
dell emc_data_domain_os *
CVE-2023-23693

Dell VxRail, versions prior to 7.0.450, contains an OS command injection Vulnerability in DCManager command-line utility. A local high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H 0.8 5.3

Products Affected

Vendor Product Version
dell vxrail_hyperconverged_infrastructure *
CVE-2023-23694

Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.7 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L 1.2 3.4

Products Affected

Vendor Product Version
dell vxrail_hyperconverged_infrastructure *
CVE-2023-23695

Dell Secure Connect Gateway (SCG) version 5.14.00.12 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6
security_alert@emc.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

Products Affected

Vendor Product Version
dell secure_connect_gateway 5.14.00.12
dell secure_connect_gateway 5.12.00.10
CVE-2023-23696

Dell Command Intel vPro Out of Band, versions prior to 4.3.1, contain an Improper Authorization vulnerability. A locally authenticated malicious users could potentially exploit this vulnerability in order to write arbitrary files to the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell command_|_intel_vpro_out_of_band *
CVE-2023-23697

Dell Command | Intel vPro Out of Band, versions before 4.4.0, contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 1.8 1.4
security_alert@emc.com 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 1.0 3.6

Products Affected

Vendor Product Version
dell command_|_intel_vpro_out_of_band *
CVE-2023-23698

Dell Command | Update, Dell Update, and Alienware Update versions before 4.6.0 and 4.7.1 contain Insecure Operation on Windows Junction in the installer component. A local malicious user may potentially exploit this vulnerability leading to arbitrary file delete.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

Products Affected

Vendor Product Version
dell alienware_update 4.7.1
dell alienware_update 4.6.0
dell command_update 4.6.0
dell command_update 4.7.1
CVE-2023-24567

Dell NetWorker versions 19.5 and earlier contain 'RabbitMQ' version disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and may launch target-specific attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
dell emc_networker *
CVE-2023-24568

Dell NetWorker, contains an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port which could disallow replacing CA signed certificates.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.4 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L 3.1 3.7

Products Affected

Vendor Product Version
dell networker 19.8.0.0
dell networker *
dell networker 19.7.1
CVE-2023-24569

Dell Alienware Command Center versions 5.5.37.0 and prior contain an Improper Input validation vulnerability. A local authenticated malicious user could potentially send malicious input to a named pipe in order to elevate privileges on the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell alienware_command_center *
CVE-2023-24571

Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with administrator privileges could potentially exploit this vulnerability to perform arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0

Products Affected

Vendor Product Version
dell embedded_box_pc_3000_firmware *
CVE-2023-24572

Dell Command | Integration Suite for System Center, versions before 6.4.0 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 1.8 1.4
security_alert@emc.com 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 1.0 3.6

Products Affected

Vendor Product Version
dell command_|_integration_suite_for_system_center *
CVE-2023-24573

Dell Command | Monitor versions prior to 10.9 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2
security_alert@emc.com 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 1.0 3.6

Products Affected

Vendor Product Version
dell command_|_monitor *
CVE-2023-24574

Dell Enterprise SONiC OS, 3.5.3, 4.0.0, 4.0.1, 4.0.2, contains an "Uncontrolled Resource Consumption vulnerability" in authentication component. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to uncontrolled resource consumption by creating permanent home directories for unauthenticated users.

Products Affected

Vendor Product Version
dell enterprise_sonic_distribution *
CVE-2023-24575

Dell Multifunction Printer E525w Driver and Software Suite, versions prior to 1.047.2022, A05, contain a local privilege escalation vulnerability that could be exploited by malicious users to compromise the affected system

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell multifunction_printer_e525w_driver_and_software_suite *
CVE-2023-24576

EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the NetWorker Client execution service (nsrexecd) irrespective of any auth used.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
dell emc_networker 19.7.0.2
dell emc_networker *
CVE-2023-25535

Dell SupportAssist for Home PCs Installer Executable file version prior to 3.13.2.19 used for initial installation has a high vulnerability that can result in local privilege escalation (LPE). This vulnerability only affects first-time installations done prior to 8th March 2023

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.2 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H 0.6 6.0

Products Affected

Vendor Product Version
dell supportassist_for_home_pcs *
CVE-2023-25536

Dell PowerScale OneFS 9.4.0.x contains exposure of sensitive information to an unauthorized actor. A malicious authenticated local user could potentially exploit this vulnerability in certificate management, leading to a potential system takeover.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2023-25537

Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 1.8 4.2

Products Affected

Vendor Product Version
dell poweredge_r740_firmware *
dell emc_xc_core_xc740xd2_firmware *
dell poweredge_m640_firmware *
dell emc_storage_nx3240_firmware *
dell emc_xc_core_xc640_firmware *
dell poweredge_r640_firmware *
dell poweredge_t640_firmware *
dell emc_xc_core_xcxr2_firmware *
dell poweredge_r840_firmware *
dell poweredge_t440_firmware *
dell poweredge_r940_firmware *
dell poweredge_xr2_firmware *
dell emc_xc_core_xc740xd_firmware *
dell poweredge_r740xd2_firmware *
dell poweredge_r740xd_firmware *
dell poweredge_fc640_firmware *
dell poweredge_r940xa_firmware *
dell poweredge_r540_firmware *
dell emc_storage_nx3340_firmware *
dell poweredge_mx740c_firmware *
dell poweredge_xe7420_firmware *
dell dss_8440_firmware *
dell poweredge_r440_firmware *
dell emc_xc_core_6420_firmware *
dell poweredge_mx840c_firmware *
dell poweredge_c4140_firmware *
dell poweredge_xe2420_firmware *
dell poweredge_c6420_firmware *
dell poweredge_xe7440_firmware *
dell emc_xc_core_xc940_firmware *
CVE-2023-25539

Dell NetWorker 19.6.1.2, contains an OS command injection Vulnerability in the NetWorker client. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. This is a high severity vulnerability as the exploitation allows an attacker to take complete control of a system, so Dell recommends customers to upgrade at the earliest opportunity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.4 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H 1.7 6.0

Products Affected

Vendor Product Version
dell networker *
dell networker 19.7.1
CVE-2023-25540

Dell PowerScale OneFS 9.4.0.x contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability to overwrite arbitrary files causing denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 0.8 5.2
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

Products Affected

Vendor Product Version
dell emc_powerscale_onefs *
CVE-2023-25542

Dell Trusted Device Agent, versions prior to 5.3.0, contain(s) an improper installation permissions vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to escalated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell trusted_device_agent *
CVE-2023-25543

Dell Power Manager, versions prior to 3.14, contain an Improper Authorization vulnerability in DPM service. A low privileged malicious user could potentially exploit this vulnerability in order to elevate privileges on the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell power_manager *
CVE-2023-25544

Dell NetWorker versions 19.5 and earlier contain 'Apache Tomcat' version disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and may launch target-specific attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
dell emc_networker *
CVE-2023-25934

DELL ECS prior to 3.8.0.2 contains an improper verification of cryptographic signature vulnerability. A network attacker with an ability to intercept the request could potentially exploit this vulnerability to modify the body data of the request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 2.2 3.6

Products Affected

Vendor Product Version
dell elastic_cloud_storage *
CVE-2023-25936

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L 0.8 4.2

Products Affected

Vendor Product Version
dell inspiron_5310_firmware *
dell inspiron_5591_2-in-1_firmware *
dell optiplex_3090_firmware *
dell xps_17_9730_firmware *
dell optiplex_7480_all-in-one_firmware *
dell inspiron_3593_firmware *
dell inspiron_24_5410_all-in-one_firmware *
dell inspiron_5593_firmware *
dell vostro_3710_firmware *
dell latitude_7414_rugged_extreme_firmware *
dell latitude_3410_firmware *
dell latitude_7390_2-in-1_firmware *
dell inspiron_5400_firmware *
dell latitude_7210_2-in-1_firmware *
dell precision_3520_firmware *
dell latitude_3520_firmware *
dell latitude_3580_firmware *
dell xps_15_9520_firmware *
dell inspiron_5409_firmware *
dell inspiron_3020_firmware *
dell inspiron_7700_all-in-one_firmware *
dell g7_15_7500_firmware *
dell latitude_7480_firmware *
dell xps_15_9530_firmware *
dell alienware_x14_firmware *
dell latitude_3490_firmware *
dell precision_3630_tower_firmware *
dell precision_7820_tower_firmware *
dell inspiron_7591_firmware *
dell optiplex_7490_all-in-one_firmware *
dell g5_15_5590_firmware *
dell latitude_9510_firmware *
dell optiplex_5060_firmware *
dell inspiron_7610_firmware *
dell g7_15_7590_firmware *
dell precision_3430_tower_firmware *
dell alienware_x15_r1_firmware *
dell optiplex_5260_all-in-one_firmware *
dell latitude_9410_firmware *
dell precision_3240_compact_firmware *
dell precision_5530_firmware *
dell vostro_3070_firmware *
dell inspiron_5300_firmware *
dell optiplex_3050_firmware *
dell alienware_m15_r6_firmware *
dell precision_3571_firmware *
dell latitude_5491_firmware *
dell vostro_5502_firmware *
dell precision_5760_firmware *
dell inspiron_3781_firmware *
dell precision_5820_tower_firmware *
dell inspiron_7510_firmware *
dell vostro_5501_firmware *
dell latitude_7389_firmware *
dell g3_3500_firmware *
dell inspiron_7420_firmware *
dell inspiron_16_7620_2-in-1_firmware *
dell vostro_3580_firmware *
dell inspiron_7500_2-in-1_black_firmware *
dell latitude_rugged_7220_firmware *
dell inspiron_3880_firmware *
dell inspiron_3482_firmware *
dell vostro_3400_firmware *
dell inspiron_7500_2-in-1_silver_firmware *
dell latitude_7380_firmware *
dell alienware_m17_r2_firmware *
dell latitude_rugged_7330_firmware *
dell xps_17_9710_firmware *
dell optiplex_3090_ultra_firmware *
dell precision_3551_firmware *
dell alienware_x15_r2_firmware *
dell xps_15_9510_firmware *
dell g3_3779_firmware *
dell alienware_m17_r4_firmware *
dell optiplex_7070_firmware *
dell precision_7740_firmware *
dell vostro_3890_firmware *
dell xps_15_9500_firmware *
dell precision_7560_firmware *
dell precision_7760_firmware *
dell vostro_3470_firmware *
dell inspiron_5493_firmware *
dell precision_3650_tower_firmware *
dell latitude_9520_firmware *
dell latitude_rugged_5430_firmware *
dell inspiron_7506_2-in-1_firmware *
dell wyse_5470_all-in-one_firmware *
dell precision_5530_2-in-1_firmware *
dell latitude_7300_firmware *
dell latitude_3320_firmware *
dell xps_13_9380_firmware *
dell precision_3420_tower_firmware *
dell vostro_5300_firmware *
dell inspiron_3790_firmware *
dell vostro_3670_firmware *
dell inspiron_3671_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell latitude_5320_firmware *
dell xps_17_9700_firmware *
dell latitude_5290_firmware *
dell latitude_rugged_7220ex_firmware *
dell precision_3560_firmware *
dell latitude_7320_detachable_firmware *
dell latitude_3510_firmware *
dell g15_5511_firmware *
dell inspiron_7306_2-in-1_firmware *
dell optiplex_7000_firmware *
dell xps_13_9315_firmware *
dell vostro_3020_t_firmware *
dell inspiron_3470_firmware *
dell vostro_5510_firmware *
dell latitude_14_rugged_5414_firmware *
dell inspiron_3582_firmware *
dell inspiron_7000_firmware *
dell vostro_3690_firmware *
dell latitude_5510_firmware *
dell vostro_3471_firmware *
dell xps_17_9720_firmware *
dell latitude_9420_firmware *
dell precision_3450_firmware *
dell latitude_7400_2-in-1_firmware *
dell optiplex_3000_thin_client_firmware *
dell latitude_7280_firmware *
dell latitude_7290_firmware *
dell latitude_5300_firmware *
dell inspiron_5420_firmware *
dell optiplex_3000_firmware *
dell precision_5560_firmware *
dell xps_13_9310_2-in-1_firmware *
dell inspiron_3583_firmware *
dell optiplex_7071_firmware *
dell inspiron_5481_2-in-1_firmware *
dell precision_5570_firmware *
dell optiplex_7780_all-in-one_firmware *
dell vostro_5491_firmware *
dell alienware_aurora_r15_firmware *
dell inspiron_3590_firmware *
dell vostro_3420_firmware *
dell vostro_3582_firmware *
dell precision_3431_tower_firmware *
dell latitude_5530_firmware *
dell latitude_7530_firmware *
dell vostro_5591_firmware *
dell inspiron_5502_firmware *
dell optiplex_5050_firmware *
dell vostro_3481_firmware *
dell vostro_3490_firmware *
dell alienware_m15_r4_firmware *
dell inspiron_5406_2-in-1_firmware *
dell latitude_5290_2-in-1_firmware *
dell precision_3440_firmware *
dell precision_7510_firmware *
dell chengming_3980_firmware *
dell inspiron_3280_firmware *
dell xps_13_9310_firmware *
dell xps_13_9320_firmware *
dell precision_7865_tower_firmware *
dell precision_7710_firmware *
dell latitude_5580_firmware *
dell latitude_3120_firmware *
dell latitude_7410_firmware *
dell xps_13_9315_2-in-1_firmware *
dell inspiron_5598_firmware *
dell latitude_3189_firmware *
dell inspiron_7791_firmware *
dell precision_3460_small_form_factor_firmware *
dell precision_5750_firmware *
dell vostro_3681_firmware *
dell vostro_5320_firmware *
dell inspiron_5491_2-in-1_firmware *
dell vostro_7620_firmware *
dell inspiron_15_3511_firmware *
dell latitude_9330_firmware *
dell optiplex_3080_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell latitude_3590_firmware *
dell g16_7620_firmware *
dell inspiron_5402_firmware *
dell precision_7520_firmware *
dell latitude_3400_firmware *
dell latitude_5531_firmware *
dell latitude_3180_firmware *
dell g5_15_5500_firmware *
dell vostro_5620_firmware *
dell latitude_5500_firmware *
dell latitude_5330_firmware *
dell inspiron_5391_firmware *
dell inspiron_5501_firmware *
dell optiplex_5000_firmware *
dell g7_17_7700_firmware *
dell wyse_5070_firmware *
dell inspiron_5594_firmware *
dell chengming_3990_firmware *
dell inspiron_5301_firmware *
dell alienware_x17_r2_firmware *
dell precision_3660_firmware *
dell vostro_3584_firmware *
dell inspiron_3881_firmware *
dell vostro_5090_firmware *
dell optiplex_7460_all-in-one_firmware *
dell alienware_aurora_r12_firmware *
dell g3_15_3590_firmware *
dell optiplex_7090_ultra_firmware *
dell inspiron_14_plus_7420_firmware *
dell inspiron_5570_firmware *
dell precision_3550_firmware *
dell vostro_5410_firmware *
dell inspiron_7300_2-in-1_firmware *
dell optiplex_3280_all-in-one_firmware *
dell optiplex_5480_all-in-one_firmware *
dell precision_5470_firmware *
dell latitude_3530_firmware *
dell latitude_7330_firmware *
dell precision_3930_rack_firmware *
dell xps_15_7590_firmware *
dell inspiron_3490_firmware *
dell optiplex_7760_all-in-one_firmware *
dell inspiron_15_5518_firmware *
dell g5_5000_firmware *
dell precision_7540_firmware *
dell latitude_5289_firmware *
dell chengming_3988_firmware *
dell latitude_5280_firmware *
dell inspiron_5410_firmware *
dell vostro_3510_firmware *
dell xps_13_9305_firmware *
dell optiplex_7770_all-in-one_firmware *
dell inspiron_5408_firmware *
dell inspiron_3502_firmware *
dell inspiron_7590_firmware *
dell inspiron_5620_firmware *
dell latitude_7490_firmware *
dell inspiron_3493_firmware *
dell alienware_m16_firmware *
dell latitude_3480_firmware *
dell latitude_3310_2-in-1_firmware *
dell vostro_3590_firmware *
dell inspiron_7710_firmware *
dell optiplex_5250_firmware *
dell inspiron_3510_firmware *
dell latitude_5410_firmware *
dell vostro_5391_firmware *
dell optiplex_7400_firmware *
dell optiplex_7410_all-in-one_firmware *
dell latitude_3430_firmware *
dell inspiron_5401_firmware *
dell optiplex_7470_all-in-one_firmware *
dell optiplex_3050_all-in-one_firmware *
dell alienware_m15_r2_firmware *
dell latitude_5411_firmware *
dell g5_5090_firmware *
dell optiplex_3060_firmware *
dell inspiron_3581_firmware *
dell optiplex_xe3_firmware *
dell precision_3570_firmware *
dell inspiron_5590_firmware *
dell precision_5540_firmware *
dell embedded_box_pc_5000_firmware *
dell precision_7730_firmware *
dell inspiron_7501_firmware *
dell vostro_7510_firmware *
dell latitude_5490_firmware *
dell precision_5720_aio_firmware *
dell latitude_5520_firmware *
dell precision_3561_firmware *
dell inspiron_5508_firmware *
dell vostro_3881_firmware *
dell inspiron_5509_firmware *
dell inspiron_16_7630_2-in-1_firmware *
dell latitude_5521_firmware *
dell vostro_5401_firmware *
dell inspiron_3020s_firmware *
dell vostro_3500_firmware *
dell vostro_3501_firmware *
dell optiplex_5080_firmware *
dell latitude_5420_firmware *
dell alienware_aurora_r11_firmware *
dell inspiron_7490_firmware *
dell inspiron_5400_2-in-1_firmware *
dell inspiron_14_5410_firmware *
dell inspiron_3891_firmware *
dell latitude_7200_2-in-1_firmware *
dell inspiron_3910_firmware *
dell inspiron_14_5430_firmware *
dell precision_3620_tower_firmware *
dell precision_7770_firmware *
dell latitude_5288_firmware *
dell latitude_3300_firmware *
dell vostro_3667_firmware *
dell inspiron_5494_firmware *
dell vostro_3020_sff_firmware *
dell optiplex_5070_firmware *
dell inspiron_3520_firmware *
dell inspiron_3480_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_7212_rugged_extreme_tablet_firmware *
dell latitude_5501_firmware *
dell vostro_3910_firmware *
dell inspiron_5320_firmware *
dell latitude_7390_firmware *
dell vostro_3520_firmware *
dell inspiron_16_5630_firmware *
dell inspiron_5490_aio_firmware *
dell inspiron_7300_firmware *
dell optiplex_7070_ultra_firmware *
dell optiplex_7080_firmware *
dell inspiron_7400_firmware *
dell inspiron_24_5420_all-in-one_firmware *
dell latitude_3420_firmware *
dell inspiron_5770_firmware *
dell inspiron_3793_firmware *
dell optiplex_7090_firmware *
dell inspiron_7790_firmware *
dell latitude_7230_rugged_extreme_tablet_firmware *
dell alienware_area_51m_r2_firmware *
dell latitude_3190_firmware *
dell chengming_3991_firmware *
dell xps_13_9300_firmware *
dell alienware_x17_r1_firmware *
dell latitude_5424_rugged_firmware *
dell precision_5550_firmware *
dell inspiron_7706_2-in-1_firmware *
dell latitude_5300_2-in-1_firmware *
dell vostro_5880_firmware *
dell alienware_m15_r7_firmware *
dell inspiron_5401_aio_firmware *
dell latitude_5400_firmware *
dell latitude_5310_firmware *
dell g7_17_7790_firmware *
dell optiplex_7060_firmware *
dell vostro_3268_firmware *
dell inspiron_14_5418_firmware *
dell vostro_3583_firmware *
dell precision_3540_firmware *
dell chengming_3900_firmware *
dell latitude_3140_firmware *
dell vostro_16_5630_firmware *
dell vostro_3480_firmware *
dell xps_8950_firmware *
dell optiplex_5270_all-in-one_firmware *
dell latitude_5430_firmware *
dell inspiron_5491_aio_firmware *
dell precision_7670_firmware *
dell inspiron_3782_firmware *
dell optiplex_small_form_factor_plus_7010_firmware *
dell precision_7920_tower_firmware *
dell inspiron_14_7430_2-in-1_firmware *
dell inspiron_3670_firmware *
dell chengming_3910_firmware *
dell latitude_5285_2-in-1_firmware *
dell inspiron_16_plus_7620_firmware *
dell inspiron_3471_firmware *
dell chengming_3901_firmware *
dell vostro_5301_firmware *
dell latitude_3190_2-in-1_firmware *
dell precision_3541_firmware *
dell precision_5770_firmware *
dell g3_3579_firmware *
dell latitude_5480_firmware *
dell precision_7720_firmware *
dell optiplex_5400_firmware *
dell latitude_3500_firmware *
dell vostro_3267_firmware *
dell inspiron_24_5421_all-in-one_firmware *
dell latitude_5421_firmware *
dell inspiron_3780_firmware *
dell vostro_3671_firmware *
dell vostro_5890_firmware *
dell xps_13_7390_2-in-1_firmware *
dell optiplex_7000_oem_firmware *
dell inspiron_3521_firmware *
dell precision_3640_tower_firmware *
dell xps_15_9575_2-in-1_firmware *
dell optiplex_5490_all-in-one_firmware *
dell latitude_7310_firmware *
dell vostro_5590_firmware *
dell g15_5530_firmware *
dell alienware_area_51m_r1_firmware *
dell latitude_13_3380_firmware *
dell latitude_12_rugged_extreme_7214_firmware *
dell vostro_5310_firmware *
dell optiplex_3070_firmware *
dell chengming_3911_firmware *
dell latitude_9430_firmware *
dell latitude_7285_2-in-1_firmware *
dell precision_7530_firmware *
dell precision_5520_firmware *
dell latitude_7400_firmware *
dell wyse_5470_firmware *
dell vostro_5402_firmware *
dell vostro_3581_firmware *
dell latitude_7430_firmware *
dell alienware_m17_r3_firmware *
dell latitude_5591_firmware *
dell vostro_7500_firmware *
dell vostro_7590_firmware *
dell inspiron_3580_firmware *
dell inspiron_5490_firmware *
dell latitude_3390_2-in-1_firmware *
dell latitude_5420_rugged_firmware *
dell xps_8960_firmware *
dell latitude_5488_firmware *
dell latitude_3330_firmware *
dell vostro_3401_firmware *
dell latitude_5511_firmware *
dell precision_3530_firmware *
dell inspiron_3501_firmware *
dell g15_5510_firmware *
dell alienware_aurora_r13_firmware *
dell latitude_5590_firmware *
dell optiplex_5090_firmware *
dell optiplex_7050_firmware *
dell xps_13_7390_firmware *
dell inspiron_7391_firmware *
dell wyse_7040_thin_client_firmware *
dell vostro_3668_firmware *
dell inspiron_3511_firmware *
dell optiplex_7450_firmware *
dell inspiron_3584_firmware *
dell xps_8940_firmware *
dell inspiron_7500_firmware *
dell inspiron_15_5510_firmware *
dell optiplex_tower_plus_7010_firmware *
dell alienware_m15_r3_firmware *
dell vostro_3669_firmware *
dell inspiron_3481_firmware *
dell inspiron_5498_firmware *
dell inspiron_27_7720_all-in-one_firmware *
dell vostro_5490_firmware *
dell g15_5520_firmware *
dell inspiron_13_5330_firmware *
dell latitude_3310_firmware *
dell latitude_3301_firmware *
CVE-2023-25937

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L 0.8 4.2

Products Affected

Vendor Product Version
dell inspiron_5310_firmware *
dell inspiron_5591_2-in-1_firmware *
dell optiplex_3090_firmware *
dell xps_17_9730_firmware *
dell optiplex_7480_all-in-one_firmware *
dell inspiron_3593_firmware *
dell inspiron_24_5410_all-in-one_firmware *
dell inspiron_5593_firmware *
dell vostro_3710_firmware *
dell latitude_7414_rugged_extreme_firmware *
dell latitude_3410_firmware *
dell latitude_7390_2-in-1_firmware *
dell inspiron_5400_firmware *
dell latitude_7210_2-in-1_firmware *
dell precision_3520_firmware *
dell latitude_3520_firmware *
dell latitude_3580_firmware *
dell xps_15_9520_firmware *
dell inspiron_5409_firmware *
dell inspiron_3020_firmware *
dell inspiron_7700_all-in-one_firmware *
dell g7_15_7500_firmware *
dell latitude_7480_firmware *
dell xps_15_9530_firmware *
dell alienware_x14_firmware *
dell latitude_3490_firmware *
dell precision_3630_tower_firmware *
dell precision_7820_tower_firmware *
dell inspiron_7591_firmware *
dell optiplex_7490_all-in-one_firmware *
dell g5_15_5590_firmware *
dell latitude_9510_firmware *
dell optiplex_5060_firmware *
dell inspiron_7610_firmware *
dell g7_15_7590_firmware *
dell precision_3430_tower_firmware *
dell alienware_x15_r1_firmware *
dell optiplex_5260_all-in-one_firmware *
dell latitude_9410_firmware *
dell precision_3240_compact_firmware *
dell precision_5530_firmware *
dell vostro_3070_firmware *
dell inspiron_5300_firmware *
dell optiplex_3050_firmware *
dell alienware_m15_r6_firmware *
dell precision_3571_firmware *
dell latitude_5491_firmware *
dell vostro_5502_firmware *
dell precision_5760_firmware *
dell inspiron_3781_firmware *
dell precision_5820_tower_firmware *
dell inspiron_7510_firmware *
dell vostro_5501_firmware *
dell latitude_7389_firmware *
dell g3_3500_firmware *
dell inspiron_7420_firmware *
dell inspiron_16_7620_2-in-1_firmware *
dell vostro_3580_firmware *
dell inspiron_7500_2-in-1_black_firmware *
dell latitude_rugged_7220_firmware *
dell inspiron_3880_firmware *
dell inspiron_3482_firmware *
dell vostro_3400_firmware *
dell inspiron_7500_2-in-1_silver_firmware *
dell latitude_7380_firmware *
dell alienware_m17_r2_firmware *
dell latitude_rugged_7330_firmware *
dell xps_17_9710_firmware *
dell optiplex_3090_ultra_firmware *
dell precision_3551_firmware *
dell alienware_x15_r2_firmware *
dell xps_15_9510_firmware *
dell g3_3779_firmware *
dell alienware_m17_r4_firmware *
dell optiplex_7070_firmware *
dell precision_7740_firmware *
dell vostro_3890_firmware *
dell xps_15_9500_firmware *
dell precision_7560_firmware *
dell precision_7760_firmware *
dell vostro_3470_firmware *
dell inspiron_5493_firmware *
dell precision_3650_tower_firmware *
dell latitude_9520_firmware *
dell latitude_rugged_5430_firmware *
dell inspiron_7506_2-in-1_firmware *
dell wyse_5470_all-in-one_firmware *
dell precision_5530_2-in-1_firmware *
dell latitude_7300_firmware *
dell latitude_3320_firmware *
dell xps_13_9380_firmware *
dell precision_3420_tower_firmware *
dell vostro_5300_firmware *
dell inspiron_3790_firmware *
dell vostro_3670_firmware *
dell inspiron_3671_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell latitude_5320_firmware *
dell xps_17_9700_firmware *
dell latitude_5290_firmware *
dell latitude_rugged_7220ex_firmware *
dell precision_3560_firmware *
dell latitude_7320_detachable_firmware *
dell latitude_3510_firmware *
dell g15_5511_firmware *
dell inspiron_7306_2-in-1_firmware *
dell optiplex_7000_firmware *
dell xps_13_9315_firmware *
dell vostro_3020_t_firmware *
dell inspiron_3470_firmware *
dell vostro_5510_firmware *
dell latitude_14_rugged_5414_firmware *
dell inspiron_3582_firmware *
dell inspiron_7000_firmware *
dell vostro_3690_firmware *
dell latitude_5510_firmware *
dell vostro_3471_firmware *
dell xps_17_9720_firmware *
dell latitude_9420_firmware *
dell precision_3450_firmware *
dell latitude_7400_2-in-1_firmware *
dell optiplex_3000_thin_client_firmware *
dell latitude_7280_firmware *
dell latitude_7290_firmware *
dell latitude_5300_firmware *
dell inspiron_5420_firmware *
dell optiplex_3000_firmware *
dell precision_5560_firmware *
dell xps_13_9310_2-in-1_firmware *
dell inspiron_3583_firmware *
dell optiplex_7071_firmware *
dell inspiron_5481_2-in-1_firmware *
dell precision_5570_firmware *
dell optiplex_7780_all-in-one_firmware *
dell vostro_5491_firmware *
dell alienware_aurora_r15_firmware *
dell inspiron_3590_firmware *
dell vostro_3420_firmware *
dell vostro_3582_firmware *
dell precision_3431_tower_firmware *
dell latitude_5530_firmware *
dell latitude_7530_firmware *
dell vostro_5591_firmware *
dell inspiron_5502_firmware *
dell optiplex_5050_firmware *
dell vostro_3481_firmware *
dell vostro_3490_firmware *
dell alienware_m15_r4_firmware *
dell inspiron_5406_2-in-1_firmware *
dell latitude_5290_2-in-1_firmware *
dell precision_3440_firmware *
dell precision_7510_firmware *
dell chengming_3980_firmware *
dell inspiron_3280_firmware *
dell xps_13_9310_firmware *
dell xps_13_9320_firmware *
dell precision_7865_tower_firmware *
dell precision_7710_firmware *
dell latitude_5580_firmware *
dell latitude_3120_firmware *
dell latitude_7410_firmware *
dell xps_13_9315_2-in-1_firmware *
dell inspiron_5598_firmware *
dell latitude_3189_firmware *
dell inspiron_7791_firmware *
dell precision_3460_small_form_factor_firmware *
dell precision_5750_firmware *
dell vostro_3681_firmware *
dell vostro_5320_firmware *
dell inspiron_5491_2-in-1_firmware *
dell vostro_7620_firmware *
dell inspiron_15_3511_firmware *
dell latitude_9330_firmware *
dell optiplex_3080_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell latitude_3590_firmware *
dell g16_7620_firmware *
dell inspiron_5402_firmware *
dell precision_7520_firmware *
dell latitude_3400_firmware *
dell latitude_5531_firmware *
dell latitude_3180_firmware *
dell g5_15_5500_firmware *
dell vostro_5620_firmware *
dell latitude_5500_firmware *
dell latitude_5330_firmware *
dell inspiron_5391_firmware *
dell inspiron_5501_firmware *
dell optiplex_5000_firmware *
dell g7_17_7700_firmware *
dell wyse_5070_firmware *
dell inspiron_5594_firmware *
dell chengming_3990_firmware *
dell inspiron_5301_firmware *
dell alienware_x17_r2_firmware *
dell precision_3660_firmware *
dell vostro_3584_firmware *
dell inspiron_3881_firmware *
dell vostro_5090_firmware *
dell optiplex_7460_all-in-one_firmware *
dell alienware_aurora_r12_firmware *
dell g3_15_3590_firmware *
dell optiplex_7090_ultra_firmware *
dell inspiron_14_plus_7420_firmware *
dell inspiron_5570_firmware *
dell precision_3550_firmware *
dell vostro_5410_firmware *
dell inspiron_7300_2-in-1_firmware *
dell optiplex_3280_all-in-one_firmware *
dell optiplex_5480_all-in-one_firmware *
dell precision_5470_firmware *
dell latitude_3530_firmware *
dell latitude_7330_firmware *
dell precision_3930_rack_firmware *
dell xps_15_7590_firmware *
dell inspiron_3490_firmware *
dell optiplex_7760_all-in-one_firmware *
dell inspiron_15_5518_firmware *
dell g5_5000_firmware *
dell precision_7540_firmware *
dell latitude_5289_firmware *
dell chengming_3988_firmware *
dell latitude_5280_firmware *
dell inspiron_5410_firmware *
dell vostro_3510_firmware *
dell xps_13_9305_firmware *
dell optiplex_7770_all-in-one_firmware *
dell inspiron_5408_firmware *
dell inspiron_3502_firmware *
dell inspiron_7590_firmware *
dell inspiron_5620_firmware *
dell latitude_7490_firmware *
dell inspiron_3493_firmware *
dell alienware_m16_firmware *
dell latitude_3480_firmware *
dell latitude_3310_2-in-1_firmware *
dell vostro_3590_firmware *
dell inspiron_7710_firmware *
dell optiplex_5250_firmware *
dell inspiron_3510_firmware *
dell latitude_5410_firmware *
dell vostro_5391_firmware *
dell optiplex_7400_firmware *
dell optiplex_7410_all-in-one_firmware *
dell latitude_3430_firmware *
dell inspiron_5401_firmware *
dell optiplex_7470_all-in-one_firmware *
dell optiplex_3050_all-in-one_firmware *
dell alienware_m15_r2_firmware *
dell latitude_5411_firmware *
dell g5_5090_firmware *
dell optiplex_3060_firmware *
dell inspiron_3581_firmware *
dell optiplex_xe3_firmware *
dell precision_3570_firmware *
dell inspiron_5590_firmware *
dell precision_5540_firmware *
dell embedded_box_pc_5000_firmware *
dell precision_7730_firmware *
dell inspiron_7501_firmware *
dell vostro_7510_firmware *
dell latitude_5490_firmware *
dell precision_5720_aio_firmware *
dell latitude_5520_firmware *
dell precision_3561_firmware *
dell inspiron_5508_firmware *
dell vostro_3881_firmware *
dell inspiron_5509_firmware *
dell inspiron_16_7630_2-in-1_firmware *
dell latitude_5521_firmware *
dell vostro_5401_firmware *
dell inspiron_3020s_firmware *
dell vostro_3500_firmware *
dell vostro_3501_firmware *
dell optiplex_5080_firmware *
dell latitude_5420_firmware *
dell alienware_aurora_r11_firmware *
dell inspiron_7490_firmware *
dell inspiron_5400_2-in-1_firmware *
dell inspiron_14_5410_firmware *
dell inspiron_3891_firmware *
dell latitude_7200_2-in-1_firmware *
dell inspiron_3910_firmware *
dell inspiron_14_5430_firmware *
dell precision_3620_tower_firmware *
dell precision_7770_firmware *
dell latitude_5288_firmware *
dell latitude_3300_firmware *
dell vostro_3667_firmware *
dell inspiron_5494_firmware *
dell vostro_3020_sff_firmware *
dell optiplex_5070_firmware *
dell inspiron_3520_firmware *
dell inspiron_3480_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_7212_rugged_extreme_tablet_firmware *
dell latitude_5501_firmware *
dell vostro_3910_firmware *
dell inspiron_5320_firmware *
dell latitude_7390_firmware *
dell vostro_3520_firmware *
dell inspiron_16_5630_firmware *
dell inspiron_5490_aio_firmware *
dell inspiron_7300_firmware *
dell optiplex_7070_ultra_firmware *
dell optiplex_7080_firmware *
dell inspiron_7400_firmware *
dell inspiron_24_5420_all-in-one_firmware *
dell latitude_3420_firmware *
dell inspiron_5770_firmware *
dell inspiron_3793_firmware *
dell optiplex_7090_firmware *
dell inspiron_7790_firmware *
dell latitude_7230_rugged_extreme_tablet_firmware *
dell alienware_area_51m_r2_firmware *
dell latitude_3190_firmware *
dell chengming_3991_firmware *
dell xps_13_9300_firmware *
dell alienware_x17_r1_firmware *
dell latitude_5424_rugged_firmware *
dell precision_5550_firmware *
dell inspiron_7706_2-in-1_firmware *
dell latitude_5300_2-in-1_firmware *
dell vostro_5880_firmware *
dell alienware_m15_r7_firmware *
dell inspiron_5401_aio_firmware *
dell latitude_5400_firmware *
dell latitude_5310_firmware *
dell g7_17_7790_firmware *
dell optiplex_7060_firmware *
dell vostro_3268_firmware *
dell inspiron_14_5418_firmware *
dell vostro_3583_firmware *
dell precision_3540_firmware *
dell chengming_3900_firmware *
dell latitude_3140_firmware *
dell vostro_16_5630_firmware *
dell vostro_3480_firmware *
dell xps_8950_firmware *
dell optiplex_5270_all-in-one_firmware *
dell latitude_5430_firmware *
dell inspiron_5491_aio_firmware *
dell precision_7670_firmware *
dell inspiron_3782_firmware *
dell optiplex_small_form_factor_plus_7010_firmware *
dell precision_7920_tower_firmware *
dell inspiron_14_7430_2-in-1_firmware *
dell inspiron_3670_firmware *
dell chengming_3910_firmware *
dell latitude_5285_2-in-1_firmware *
dell inspiron_16_plus_7620_firmware *
dell inspiron_3471_firmware *
dell chengming_3901_firmware *
dell vostro_5301_firmware *
dell latitude_3190_2-in-1_firmware *
dell precision_3541_firmware *
dell precision_5770_firmware *
dell g3_3579_firmware *
dell latitude_5480_firmware *
dell precision_7720_firmware *
dell optiplex_5400_firmware *
dell latitude_3500_firmware *
dell vostro_3267_firmware *
dell inspiron_24_5421_all-in-one_firmware *
dell latitude_5421_firmware *
dell inspiron_3780_firmware *
dell vostro_3671_firmware *
dell vostro_5890_firmware *
dell xps_13_7390_2-in-1_firmware *
dell optiplex_7000_oem_firmware *
dell inspiron_3521_firmware *
dell precision_3640_tower_firmware *
dell xps_15_9575_2-in-1_firmware *
dell optiplex_5490_all-in-one_firmware *
dell latitude_7310_firmware *
dell vostro_5590_firmware *
dell g15_5530_firmware *
dell alienware_area_51m_r1_firmware *
dell latitude_13_3380_firmware *
dell latitude_12_rugged_extreme_7214_firmware *
dell vostro_5310_firmware *
dell optiplex_3070_firmware *
dell chengming_3911_firmware *
dell latitude_9430_firmware *
dell latitude_7285_2-in-1_firmware *
dell precision_7530_firmware *
dell precision_5520_firmware *
dell latitude_7400_firmware *
dell wyse_5470_firmware *
dell vostro_5402_firmware *
dell vostro_3581_firmware *
dell latitude_7430_firmware *
dell alienware_m17_r3_firmware *
dell latitude_5591_firmware *
dell vostro_7500_firmware *
dell vostro_7590_firmware *
dell inspiron_3580_firmware *
dell inspiron_5490_firmware *
dell latitude_3390_2-in-1_firmware *
dell latitude_5420_rugged_firmware *
dell xps_8960_firmware *
dell latitude_5488_firmware *
dell latitude_3330_firmware *
dell vostro_3401_firmware *
dell latitude_5511_firmware *
dell precision_3530_firmware *
dell inspiron_3501_firmware *
dell g15_5510_firmware *
dell alienware_aurora_r13_firmware *
dell latitude_5590_firmware *
dell optiplex_5090_firmware *
dell optiplex_7050_firmware *
dell xps_13_7390_firmware *
dell inspiron_7391_firmware *
dell wyse_7040_thin_client_firmware *
dell vostro_3668_firmware *
dell inspiron_3511_firmware *
dell optiplex_7450_firmware *
dell inspiron_3584_firmware *
dell xps_8940_firmware *
dell inspiron_7500_firmware *
dell inspiron_15_5510_firmware *
dell optiplex_tower_plus_7010_firmware *
dell alienware_m15_r3_firmware *
dell vostro_3669_firmware *
dell inspiron_3481_firmware *
dell inspiron_5498_firmware *
dell inspiron_27_7720_all-in-one_firmware *
dell vostro_5490_firmware *
dell g15_5520_firmware *
dell inspiron_13_5330_firmware *
dell latitude_3310_firmware *
dell latitude_3301_firmware *
CVE-2023-25938

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L 0.8 4.2

Products Affected

Vendor Product Version
dell inspiron_5310_firmware *
dell inspiron_5591_2-in-1_firmware *
dell optiplex_3090_firmware *
dell xps_17_9730_firmware *
dell optiplex_7480_all-in-one_firmware *
dell inspiron_3593_firmware *
dell inspiron_24_5410_all-in-one_firmware *
dell inspiron_5593_firmware *
dell vostro_3710_firmware *
dell latitude_7414_rugged_extreme_firmware *
dell latitude_3410_firmware *
dell latitude_7390_2-in-1_firmware *
dell inspiron_5400_firmware *
dell latitude_7210_2-in-1_firmware *
dell precision_3520_firmware *
dell latitude_3520_firmware *
dell latitude_3580_firmware *
dell xps_15_9520_firmware *
dell inspiron_5409_firmware *
dell inspiron_3020_firmware *
dell inspiron_7700_all-in-one_firmware *
dell g7_15_7500_firmware *
dell latitude_7480_firmware *
dell xps_15_9530_firmware *
dell alienware_x14_firmware *
dell latitude_3490_firmware *
dell precision_3630_tower_firmware *
dell precision_7820_tower_firmware *
dell inspiron_7591_firmware *
dell optiplex_7490_all-in-one_firmware *
dell g5_15_5590_firmware *
dell latitude_9510_firmware *
dell optiplex_5060_firmware *
dell inspiron_7610_firmware *
dell g7_15_7590_firmware *
dell precision_3430_tower_firmware *
dell alienware_x15_r1_firmware *
dell optiplex_5260_all-in-one_firmware *
dell latitude_9410_firmware *
dell precision_3240_compact_firmware *
dell precision_5530_firmware *
dell vostro_3070_firmware *
dell inspiron_5300_firmware *
dell optiplex_3050_firmware *
dell alienware_m15_r6_firmware *
dell precision_3571_firmware *
dell latitude_5491_firmware *
dell vostro_5502_firmware *
dell precision_5760_firmware *
dell inspiron_3781_firmware *
dell precision_5820_tower_firmware *
dell inspiron_7510_firmware *
dell vostro_5501_firmware *
dell latitude_7389_firmware *
dell g3_3500_firmware *
dell inspiron_7420_firmware *
dell inspiron_16_7620_2-in-1_firmware *
dell vostro_3580_firmware *
dell inspiron_7500_2-in-1_black_firmware *
dell latitude_rugged_7220_firmware *
dell inspiron_3880_firmware *
dell inspiron_3482_firmware *
dell vostro_3400_firmware *
dell inspiron_7500_2-in-1_silver_firmware *
dell latitude_7380_firmware *
dell alienware_m17_r2_firmware *
dell latitude_rugged_7330_firmware *
dell xps_17_9710_firmware *
dell optiplex_3090_ultra_firmware *
dell precision_3551_firmware *
dell alienware_x15_r2_firmware *
dell xps_15_9510_firmware *
dell g3_3779_firmware *
dell alienware_m17_r4_firmware *
dell optiplex_7070_firmware *
dell precision_7740_firmware *
dell vostro_3890_firmware *
dell xps_15_9500_firmware *
dell precision_7560_firmware *
dell precision_7760_firmware *
dell vostro_3470_firmware *
dell inspiron_5493_firmware *
dell precision_3650_tower_firmware *
dell latitude_9520_firmware *
dell latitude_rugged_5430_firmware *
dell inspiron_7506_2-in-1_firmware *
dell wyse_5470_all-in-one_firmware *
dell precision_5530_2-in-1_firmware *
dell latitude_7300_firmware *
dell latitude_3320_firmware *
dell xps_13_9380_firmware *
dell precision_3420_tower_firmware *
dell vostro_5300_firmware *
dell inspiron_3790_firmware *
dell vostro_3670_firmware *
dell inspiron_3671_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell latitude_5320_firmware *
dell xps_17_9700_firmware *
dell latitude_5290_firmware *
dell latitude_rugged_7220ex_firmware *
dell precision_3560_firmware *
dell latitude_7320_detachable_firmware *
dell latitude_3510_firmware *
dell g15_5511_firmware *
dell inspiron_7306_2-in-1_firmware *
dell optiplex_7000_firmware *
dell xps_13_9315_firmware *
dell vostro_3020_t_firmware *
dell inspiron_3470_firmware *
dell vostro_5510_firmware *
dell latitude_14_rugged_5414_firmware *
dell inspiron_3582_firmware *
dell inspiron_7000_firmware *
dell vostro_3690_firmware *
dell latitude_5510_firmware *
dell vostro_3471_firmware *
dell xps_17_9720_firmware *
dell latitude_9420_firmware *
dell precision_3450_firmware *
dell latitude_7400_2-in-1_firmware *
dell optiplex_3000_thin_client_firmware *
dell latitude_7280_firmware *
dell latitude_7290_firmware *
dell latitude_5300_firmware *
dell inspiron_5420_firmware *
dell optiplex_3000_firmware *
dell precision_5560_firmware *
dell xps_13_9310_2-in-1_firmware *
dell inspiron_3583_firmware *
dell optiplex_7071_firmware *
dell inspiron_5481_2-in-1_firmware *
dell precision_5570_firmware *
dell optiplex_7780_all-in-one_firmware *
dell vostro_5491_firmware *
dell alienware_aurora_r15_firmware *
dell inspiron_3590_firmware *
dell vostro_3420_firmware *
dell vostro_3582_firmware *
dell precision_3431_tower_firmware *
dell latitude_5530_firmware *
dell latitude_7530_firmware *
dell vostro_5591_firmware *
dell inspiron_5502_firmware *
dell optiplex_5050_firmware *
dell vostro_3481_firmware *
dell vostro_3490_firmware *
dell alienware_m15_r4_firmware *
dell inspiron_5406_2-in-1_firmware *
dell latitude_5290_2-in-1_firmware *
dell precision_3440_firmware *
dell precision_7510_firmware *
dell chengming_3980_firmware *
dell inspiron_3280_firmware *
dell xps_13_9310_firmware *
dell xps_13_9320_firmware *
dell precision_7865_tower_firmware *
dell precision_7710_firmware *
dell latitude_5580_firmware *
dell latitude_3120_firmware *
dell latitude_7410_firmware *
dell xps_13_9315_2-in-1_firmware *
dell inspiron_5598_firmware *
dell latitude_3189_firmware *
dell inspiron_7791_firmware *
dell precision_3460_small_form_factor_firmware *
dell precision_5750_firmware *
dell vostro_3681_firmware *
dell vostro_5320_firmware *
dell inspiron_5491_2-in-1_firmware *
dell vostro_7620_firmware *
dell inspiron_15_3511_firmware *
dell latitude_9330_firmware *
dell optiplex_3080_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell latitude_3590_firmware *
dell g16_7620_firmware *
dell inspiron_5402_firmware *
dell precision_7520_firmware *
dell latitude_3400_firmware *
dell latitude_5531_firmware *
dell latitude_3180_firmware *
dell g5_15_5500_firmware *
dell vostro_5620_firmware *
dell latitude_5500_firmware *
dell latitude_5330_firmware *
dell inspiron_5391_firmware *
dell inspiron_5501_firmware *
dell optiplex_5000_firmware *
dell g7_17_7700_firmware *
dell wyse_5070_firmware *
dell inspiron_5594_firmware *
dell chengming_3990_firmware *
dell inspiron_5301_firmware *
dell alienware_x17_r2_firmware *
dell precision_3660_firmware *
dell vostro_3584_firmware *
dell inspiron_3881_firmware *
dell vostro_5090_firmware *
dell optiplex_7460_all-in-one_firmware *
dell alienware_aurora_r12_firmware *
dell g3_15_3590_firmware *
dell optiplex_7090_ultra_firmware *
dell inspiron_14_plus_7420_firmware *
dell inspiron_5570_firmware *
dell precision_3550_firmware *
dell vostro_5410_firmware *
dell inspiron_7300_2-in-1_firmware *
dell optiplex_3280_all-in-one_firmware *
dell optiplex_5480_all-in-one_firmware *
dell precision_5470_firmware *
dell latitude_3530_firmware *
dell latitude_7330_firmware *
dell precision_3930_rack_firmware *
dell xps_15_7590_firmware *
dell inspiron_3490_firmware *
dell optiplex_7760_all-in-one_firmware *
dell inspiron_15_5518_firmware *
dell g5_5000_firmware *
dell precision_7540_firmware *
dell latitude_5289_firmware *
dell chengming_3988_firmware *
dell latitude_5280_firmware *
dell inspiron_5410_firmware *
dell vostro_3510_firmware *
dell xps_13_9305_firmware *
dell optiplex_7770_all-in-one_firmware *
dell inspiron_5408_firmware *
dell inspiron_3502_firmware *
dell inspiron_7590_firmware *
dell inspiron_5620_firmware *
dell latitude_7490_firmware *
dell inspiron_3493_firmware *
dell alienware_m16_firmware *
dell latitude_3480_firmware *
dell latitude_3310_2-in-1_firmware *
dell vostro_3590_firmware *
dell inspiron_7710_firmware *
dell optiplex_5250_firmware *
dell inspiron_3510_firmware *
dell latitude_5410_firmware *
dell vostro_5391_firmware *
dell optiplex_7400_firmware *
dell optiplex_7410_all-in-one_firmware *
dell latitude_3430_firmware *
dell inspiron_5401_firmware *
dell optiplex_7470_all-in-one_firmware *
dell optiplex_3050_all-in-one_firmware *
dell alienware_m15_r2_firmware *
dell latitude_5411_firmware *
dell g5_5090_firmware *
dell optiplex_3060_firmware *
dell inspiron_3581_firmware *
dell optiplex_xe3_firmware *
dell precision_3570_firmware *
dell inspiron_5590_firmware *
dell precision_5540_firmware *
dell embedded_box_pc_5000_firmware *
dell precision_7730_firmware *
dell inspiron_7501_firmware *
dell vostro_7510_firmware *
dell latitude_5490_firmware *
dell precision_5720_aio_firmware *
dell latitude_5520_firmware *
dell precision_3561_firmware *
dell inspiron_5508_firmware *
dell vostro_3881_firmware *
dell inspiron_5509_firmware *
dell inspiron_16_7630_2-in-1_firmware *
dell latitude_5521_firmware *
dell vostro_5401_firmware *
dell inspiron_3020s_firmware *
dell vostro_3500_firmware *
dell vostro_3501_firmware *
dell optiplex_5080_firmware *
dell latitude_5420_firmware *
dell alienware_aurora_r11_firmware *
dell inspiron_7490_firmware *
dell inspiron_5400_2-in-1_firmware *
dell inspiron_14_5410_firmware *
dell inspiron_3891_firmware *
dell latitude_7200_2-in-1_firmware *
dell inspiron_3910_firmware *
dell inspiron_14_5430_firmware *
dell precision_3620_tower_firmware *
dell precision_7770_firmware *
dell latitude_5288_firmware *
dell latitude_3300_firmware *
dell vostro_3667_firmware *
dell inspiron_5494_firmware *
dell vostro_3020_sff_firmware *
dell optiplex_5070_firmware *
dell inspiron_3520_firmware *
dell inspiron_3480_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_7212_rugged_extreme_tablet_firmware *
dell latitude_5501_firmware *
dell vostro_3910_firmware *
dell inspiron_5320_firmware *
dell latitude_7390_firmware *
dell vostro_3520_firmware *
dell inspiron_16_5630_firmware *
dell inspiron_5490_aio_firmware *
dell inspiron_7300_firmware *
dell optiplex_7070_ultra_firmware *
dell optiplex_7080_firmware *
dell inspiron_7400_firmware *
dell inspiron_24_5420_all-in-one_firmware *
dell latitude_3420_firmware *
dell inspiron_5770_firmware *
dell inspiron_3793_firmware *
dell optiplex_7090_firmware *
dell inspiron_7790_firmware *
dell latitude_7230_rugged_extreme_tablet_firmware *
dell alienware_area_51m_r2_firmware *
dell latitude_3190_firmware *
dell chengming_3991_firmware *
dell xps_13_9300_firmware *
dell alienware_x17_r1_firmware *
dell latitude_5424_rugged_firmware *
dell precision_5550_firmware *
dell inspiron_7706_2-in-1_firmware *
dell latitude_5300_2-in-1_firmware *
dell vostro_5880_firmware *
dell alienware_m15_r7_firmware *
dell inspiron_5401_aio_firmware *
dell latitude_5400_firmware *
dell latitude_5310_firmware *
dell g7_17_7790_firmware *
dell optiplex_7060_firmware *
dell vostro_3268_firmware *
dell inspiron_14_5418_firmware *
dell vostro_3583_firmware *
dell precision_3540_firmware *
dell chengming_3900_firmware *
dell latitude_3140_firmware *
dell vostro_16_5630_firmware *
dell vostro_3480_firmware *
dell xps_8950_firmware *
dell optiplex_5270_all-in-one_firmware *
dell latitude_5430_firmware *
dell inspiron_5491_aio_firmware *
dell precision_7670_firmware *
dell inspiron_3782_firmware *
dell optiplex_small_form_factor_plus_7010_firmware *
dell precision_7920_tower_firmware *
dell inspiron_14_7430_2-in-1_firmware *
dell inspiron_3670_firmware *
dell chengming_3910_firmware *
dell latitude_5285_2-in-1_firmware *
dell inspiron_16_plus_7620_firmware *
dell inspiron_3471_firmware *
dell chengming_3901_firmware *
dell vostro_5301_firmware *
dell latitude_3190_2-in-1_firmware *
dell precision_3541_firmware *
dell precision_5770_firmware *
dell g3_3579_firmware *
dell latitude_5480_firmware *
dell precision_7720_firmware *
dell optiplex_5400_firmware *
dell latitude_3500_firmware *
dell vostro_3267_firmware *
dell inspiron_24_5421_all-in-one_firmware *
dell latitude_5421_firmware *
dell inspiron_3780_firmware *
dell vostro_3671_firmware *
dell vostro_5890_firmware *
dell xps_13_7390_2-in-1_firmware *
dell optiplex_7000_oem_firmware *
dell inspiron_3521_firmware *
dell precision_3640_tower_firmware *
dell xps_15_9575_2-in-1_firmware *
dell optiplex_5490_all-in-one_firmware *
dell latitude_7310_firmware *
dell vostro_5590_firmware *
dell g15_5530_firmware *
dell alienware_area_51m_r1_firmware *
dell latitude_13_3380_firmware *
dell latitude_12_rugged_extreme_7214_firmware *
dell vostro_5310_firmware *
dell optiplex_3070_firmware *
dell chengming_3911_firmware *
dell latitude_9430_firmware *
dell latitude_7285_2-in-1_firmware *
dell precision_7530_firmware *
dell precision_5520_firmware *
dell latitude_7400_firmware *
dell wyse_5470_firmware *
dell vostro_5402_firmware *
dell vostro_3581_firmware *
dell latitude_7430_firmware *
dell alienware_m17_r3_firmware *
dell latitude_5591_firmware *
dell vostro_7500_firmware *
dell vostro_7590_firmware *
dell inspiron_3580_firmware *
dell inspiron_5490_firmware *
dell latitude_3390_2-in-1_firmware *
dell latitude_5420_rugged_firmware *
dell xps_8960_firmware *
dell latitude_5488_firmware *
dell latitude_3330_firmware *
dell vostro_3401_firmware *
dell latitude_5511_firmware *
dell precision_3530_firmware *
dell inspiron_3501_firmware *
dell g15_5510_firmware *
dell alienware_aurora_r13_firmware *
dell latitude_5590_firmware *
dell optiplex_5090_firmware *
dell optiplex_7050_firmware *
dell xps_13_7390_firmware *
dell inspiron_7391_firmware *
dell wyse_7040_thin_client_firmware *
dell vostro_3668_firmware *
dell inspiron_3511_firmware *
dell optiplex_7450_firmware *
dell inspiron_3584_firmware *
dell xps_8940_firmware *
dell inspiron_7500_firmware *
dell inspiron_15_5510_firmware *
dell optiplex_tower_plus_7010_firmware *
dell alienware_m15_r3_firmware *
dell vostro_3669_firmware *
dell inspiron_3481_firmware *
dell inspiron_5498_firmware *
dell inspiron_27_7720_all-in-one_firmware *
dell vostro_5490_firmware *
dell g15_5520_firmware *
dell inspiron_13_5330_firmware *
dell latitude_3310_firmware *
dell latitude_3301_firmware *
CVE-2023-25940

Dell PowerScale OneFS version 9.5.0.0 contains improper link resolution before file access vulnerability in isi_gather_info. A high privileged local attacker could potentially exploit this vulnerability, leading to system takeover and it breaks the compliance mode guarantees.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell emc_powerscale_onefs 9.5.0.0
CVE-2023-25941

Dell PowerScale OneFS versions 8.2.x-9.5.0.x contain an elevation of privilege vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to Denial of service, escalation of privileges, and information disclosure. This vulnerability breaks the compliance mode guarantee.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell emc_powerscale_onefs *
CVE-2023-25942

Dell PowerScale OneFS versions 8.2.x-9.4.x contain an uncontrolled resource consumption vulnerability. A malicious network user with low privileges could potentially exploit this vulnerability in SMB, leading to a potential denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
security_alert@emc.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
dell emc_powerscale_onefs 9.5.0.0
dell emc_powerscale_onefs *
CVE-2023-28026

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L 0.8 4.2

Products Affected

Vendor Product Version
dell inspiron_5310_firmware *
dell inspiron_5591_2-in-1_firmware *
dell optiplex_3090_firmware *
dell xps_17_9730_firmware *
dell optiplex_7480_all-in-one_firmware *
dell inspiron_3593_firmware *
dell inspiron_24_5410_all-in-one_firmware *
dell inspiron_5593_firmware *
dell vostro_3710_firmware *
dell latitude_7414_rugged_extreme_firmware *
dell latitude_3410_firmware *
dell latitude_7390_2-in-1_firmware *
dell inspiron_5400_firmware *
dell latitude_7210_2-in-1_firmware *
dell precision_3520_firmware *
dell latitude_3520_firmware *
dell latitude_3580_firmware *
dell xps_15_9520_firmware *
dell inspiron_5409_firmware *
dell inspiron_3020_firmware *
dell inspiron_7700_all-in-one_firmware *
dell g7_15_7500_firmware *
dell latitude_7480_firmware *
dell xps_15_9530_firmware *
dell alienware_x14_firmware *
dell latitude_3490_firmware *
dell precision_3630_tower_firmware *
dell precision_7820_tower_firmware *
dell inspiron_7591_firmware *
dell optiplex_7490_all-in-one_firmware *
dell g5_15_5590_firmware *
dell latitude_9510_firmware *
dell optiplex_5060_firmware *
dell inspiron_7610_firmware *
dell g7_15_7590_firmware *
dell precision_3430_tower_firmware *
dell alienware_x15_r1_firmware *
dell optiplex_5260_all-in-one_firmware *
dell latitude_9410_firmware *
dell precision_3240_compact_firmware *
dell precision_5530_firmware *
dell vostro_3070_firmware *
dell inspiron_5300_firmware *
dell optiplex_3050_firmware *
dell alienware_m15_r6_firmware *
dell precision_3571_firmware *
dell latitude_5491_firmware *
dell vostro_5502_firmware *
dell precision_5760_firmware *
dell inspiron_3781_firmware *
dell precision_5820_tower_firmware *
dell inspiron_7510_firmware *
dell vostro_5501_firmware *
dell latitude_7389_firmware *
dell g3_3500_firmware *
dell inspiron_7420_firmware *
dell inspiron_16_7620_2-in-1_firmware *
dell vostro_3580_firmware *
dell inspiron_7500_2-in-1_black_firmware *
dell latitude_rugged_7220_firmware *
dell inspiron_3880_firmware *
dell inspiron_3482_firmware *
dell vostro_3400_firmware *
dell inspiron_7500_2-in-1_silver_firmware *
dell latitude_7380_firmware *
dell alienware_m17_r2_firmware *
dell latitude_rugged_7330_firmware *
dell xps_17_9710_firmware *
dell optiplex_3090_ultra_firmware *
dell precision_3551_firmware *
dell alienware_x15_r2_firmware *
dell xps_15_9510_firmware *
dell g3_3779_firmware *
dell alienware_m17_r4_firmware *
dell optiplex_7070_firmware *
dell precision_7740_firmware *
dell vostro_3890_firmware *
dell xps_15_9500_firmware *
dell precision_7560_firmware *
dell precision_7760_firmware *
dell vostro_3470_firmware *
dell inspiron_5493_firmware *
dell precision_3650_tower_firmware *
dell latitude_9520_firmware *
dell latitude_rugged_5430_firmware *
dell inspiron_7506_2-in-1_firmware *
dell wyse_5470_all-in-one_firmware *
dell precision_5530_2-in-1_firmware *
dell latitude_7300_firmware *
dell latitude_3320_firmware *
dell xps_13_9380_firmware *
dell precision_3420_tower_firmware *
dell vostro_5300_firmware *
dell inspiron_3790_firmware *
dell vostro_3670_firmware *
dell inspiron_3671_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell latitude_5320_firmware *
dell xps_17_9700_firmware *
dell latitude_5290_firmware *
dell latitude_rugged_7220ex_firmware *
dell precision_3560_firmware *
dell latitude_7320_detachable_firmware *
dell latitude_3510_firmware *
dell g15_5511_firmware *
dell inspiron_7306_2-in-1_firmware *
dell optiplex_7000_firmware *
dell xps_13_9315_firmware *
dell vostro_3020_t_firmware *
dell inspiron_3470_firmware *
dell vostro_5510_firmware *
dell latitude_14_rugged_5414_firmware *
dell inspiron_3582_firmware *
dell inspiron_7000_firmware *
dell vostro_3690_firmware *
dell latitude_5510_firmware *
dell vostro_3471_firmware *
dell xps_17_9720_firmware *
dell latitude_9420_firmware *
dell precision_3450_firmware *
dell latitude_7400_2-in-1_firmware *
dell optiplex_3000_thin_client_firmware *
dell latitude_7280_firmware *
dell latitude_7290_firmware *
dell latitude_5300_firmware *
dell inspiron_5420_firmware *
dell optiplex_3000_firmware *
dell precision_5560_firmware *
dell xps_13_9310_2-in-1_firmware *
dell inspiron_3583_firmware *
dell optiplex_7071_firmware *
dell inspiron_5481_2-in-1_firmware *
dell precision_5570_firmware *
dell optiplex_7780_all-in-one_firmware *
dell vostro_5491_firmware *
dell alienware_aurora_r15_firmware *
dell inspiron_3590_firmware *
dell vostro_3420_firmware *
dell vostro_3582_firmware *
dell precision_3431_tower_firmware *
dell latitude_5530_firmware *
dell latitude_7530_firmware *
dell vostro_5591_firmware *
dell inspiron_5502_firmware *
dell optiplex_5050_firmware *
dell vostro_3481_firmware *
dell vostro_3490_firmware *
dell alienware_m15_r4_firmware *
dell inspiron_5406_2-in-1_firmware *
dell latitude_5290_2-in-1_firmware *
dell precision_3440_firmware *
dell precision_7510_firmware *
dell chengming_3980_firmware *
dell inspiron_3280_firmware *
dell xps_13_9310_firmware *
dell xps_13_9320_firmware *
dell precision_7865_tower_firmware *
dell precision_7710_firmware *
dell latitude_5580_firmware *
dell latitude_3120_firmware *
dell latitude_7410_firmware *
dell xps_13_9315_2-in-1_firmware *
dell inspiron_5598_firmware *
dell latitude_3189_firmware *
dell inspiron_7791_firmware *
dell precision_3460_small_form_factor_firmware *
dell precision_5750_firmware *
dell vostro_3681_firmware *
dell vostro_5320_firmware *
dell inspiron_5491_2-in-1_firmware *
dell vostro_7620_firmware *
dell inspiron_15_3511_firmware *
dell latitude_9330_firmware *
dell optiplex_3080_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell latitude_3590_firmware *
dell g16_7620_firmware *
dell inspiron_5402_firmware *
dell precision_7520_firmware *
dell latitude_3400_firmware *
dell latitude_5531_firmware *
dell latitude_3180_firmware *
dell g5_15_5500_firmware *
dell vostro_5620_firmware *
dell latitude_5500_firmware *
dell latitude_5330_firmware *
dell inspiron_5391_firmware *
dell inspiron_5501_firmware *
dell optiplex_5000_firmware *
dell g7_17_7700_firmware *
dell wyse_5070_firmware *
dell inspiron_5594_firmware *
dell chengming_3990_firmware *
dell inspiron_5301_firmware *
dell alienware_x17_r2_firmware *
dell precision_3660_firmware *
dell vostro_3584_firmware *
dell inspiron_3881_firmware *
dell vostro_5090_firmware *
dell optiplex_7460_all-in-one_firmware *
dell alienware_aurora_r12_firmware *
dell g3_15_3590_firmware *
dell optiplex_7090_ultra_firmware *
dell inspiron_14_plus_7420_firmware *
dell inspiron_5570_firmware *
dell precision_3550_firmware *
dell vostro_5410_firmware *
dell inspiron_7300_2-in-1_firmware *
dell optiplex_3280_all-in-one_firmware *
dell optiplex_5480_all-in-one_firmware *
dell precision_5470_firmware *
dell latitude_3530_firmware *
dell latitude_7330_firmware *
dell precision_3930_rack_firmware *
dell xps_15_7590_firmware *
dell inspiron_3490_firmware *
dell optiplex_7760_all-in-one_firmware *
dell inspiron_15_5518_firmware *
dell g5_5000_firmware *
dell precision_7540_firmware *
dell latitude_5289_firmware *
dell chengming_3988_firmware *
dell latitude_5280_firmware *
dell inspiron_5410_firmware *
dell vostro_3510_firmware *
dell xps_13_9305_firmware *
dell optiplex_7770_all-in-one_firmware *
dell inspiron_5408_firmware *
dell inspiron_3502_firmware *
dell inspiron_7590_firmware *
dell inspiron_5620_firmware *
dell latitude_7490_firmware *
dell inspiron_3493_firmware *
dell alienware_m16_firmware *
dell latitude_3480_firmware *
dell latitude_3310_2-in-1_firmware *
dell vostro_3590_firmware *
dell inspiron_7710_firmware *
dell optiplex_5250_firmware *
dell inspiron_3510_firmware *
dell latitude_5410_firmware *
dell vostro_5391_firmware *
dell optiplex_7400_firmware *
dell optiplex_7410_all-in-one_firmware *
dell latitude_3430_firmware *
dell inspiron_5401_firmware *
dell optiplex_7470_all-in-one_firmware *
dell optiplex_3050_all-in-one_firmware *
dell alienware_m15_r2_firmware *
dell latitude_5411_firmware *
dell g5_5090_firmware *
dell optiplex_3060_firmware *
dell inspiron_3581_firmware *
dell optiplex_xe3_firmware *
dell precision_3570_firmware *
dell inspiron_5590_firmware *
dell precision_5540_firmware *
dell embedded_box_pc_5000_firmware *
dell precision_7730_firmware *
dell inspiron_7501_firmware *
dell vostro_7510_firmware *
dell latitude_5490_firmware *
dell precision_5720_aio_firmware *
dell latitude_5520_firmware *
dell precision_3561_firmware *
dell inspiron_5508_firmware *
dell vostro_3881_firmware *
dell inspiron_5509_firmware *
dell inspiron_16_7630_2-in-1_firmware *
dell latitude_5521_firmware *
dell vostro_5401_firmware *
dell inspiron_3020s_firmware *
dell vostro_3500_firmware *
dell vostro_3501_firmware *
dell optiplex_5080_firmware *
dell latitude_5420_firmware *
dell alienware_aurora_r11_firmware *
dell inspiron_7490_firmware *
dell inspiron_5400_2-in-1_firmware *
dell inspiron_14_5410_firmware *
dell inspiron_3891_firmware *
dell latitude_7200_2-in-1_firmware *
dell inspiron_3910_firmware *
dell inspiron_14_5430_firmware *
dell precision_3620_tower_firmware *
dell precision_7770_firmware *
dell latitude_5288_firmware *
dell latitude_3300_firmware *
dell vostro_3667_firmware *
dell inspiron_5494_firmware *
dell vostro_3020_sff_firmware *
dell optiplex_5070_firmware *
dell inspiron_3520_firmware *
dell inspiron_3480_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_7212_rugged_extreme_tablet_firmware *
dell latitude_5501_firmware *
dell vostro_3910_firmware *
dell inspiron_5320_firmware *
dell latitude_7390_firmware *
dell vostro_3520_firmware *
dell inspiron_16_5630_firmware *
dell inspiron_5490_aio_firmware *
dell inspiron_7300_firmware *
dell optiplex_7070_ultra_firmware *
dell optiplex_7080_firmware *
dell inspiron_7400_firmware *
dell inspiron_24_5420_all-in-one_firmware *
dell latitude_3420_firmware *
dell inspiron_5770_firmware *
dell inspiron_3793_firmware *
dell optiplex_7090_firmware *
dell inspiron_7790_firmware *
dell latitude_7230_rugged_extreme_tablet_firmware *
dell alienware_area_51m_r2_firmware *
dell latitude_3190_firmware *
dell chengming_3991_firmware *
dell xps_13_9300_firmware *
dell alienware_x17_r1_firmware *
dell latitude_5424_rugged_firmware *
dell precision_5550_firmware *
dell inspiron_7706_2-in-1_firmware *
dell latitude_5300_2-in-1_firmware *
dell vostro_5880_firmware *
dell alienware_m15_r7_firmware *
dell inspiron_5401_aio_firmware *
dell latitude_5400_firmware *
dell latitude_5310_firmware *
dell g7_17_7790_firmware *
dell optiplex_7060_firmware *
dell vostro_3268_firmware *
dell inspiron_14_5418_firmware *
dell vostro_3583_firmware *
dell precision_3540_firmware *
dell chengming_3900_firmware *
dell latitude_3140_firmware *
dell vostro_16_5630_firmware *
dell vostro_3480_firmware *
dell xps_8950_firmware *
dell optiplex_5270_all-in-one_firmware *
dell latitude_5430_firmware *
dell inspiron_5491_aio_firmware *
dell precision_7670_firmware *
dell inspiron_3782_firmware *
dell optiplex_small_form_factor_plus_7010_firmware *
dell precision_7920_tower_firmware *
dell inspiron_14_7430_2-in-1_firmware *
dell inspiron_3670_firmware *
dell chengming_3910_firmware *
dell latitude_5285_2-in-1_firmware *
dell inspiron_16_plus_7620_firmware *
dell inspiron_3471_firmware *
dell chengming_3901_firmware *
dell vostro_5301_firmware *
dell latitude_3190_2-in-1_firmware *
dell precision_3541_firmware *
dell precision_5770_firmware *
dell g3_3579_firmware *
dell latitude_5480_firmware *
dell precision_7720_firmware *
dell optiplex_5400_firmware *
dell latitude_3500_firmware *
dell vostro_3267_firmware *
dell inspiron_24_5421_all-in-one_firmware *
dell latitude_5421_firmware *
dell inspiron_3780_firmware *
dell vostro_3671_firmware *
dell vostro_5890_firmware *
dell xps_13_7390_2-in-1_firmware *
dell optiplex_7000_oem_firmware *
dell inspiron_3521_firmware *
dell precision_3640_tower_firmware *
dell xps_15_9575_2-in-1_firmware *
dell optiplex_5490_all-in-one_firmware *
dell latitude_7310_firmware *
dell vostro_5590_firmware *
dell g15_5530_firmware *
dell alienware_area_51m_r1_firmware *
dell latitude_13_3380_firmware *
dell latitude_12_rugged_extreme_7214_firmware *
dell vostro_5310_firmware *
dell optiplex_3070_firmware *
dell chengming_3911_firmware *
dell latitude_9430_firmware *
dell latitude_7285_2-in-1_firmware *
dell precision_7530_firmware *
dell precision_5520_firmware *
dell latitude_7400_firmware *
dell wyse_5470_firmware *
dell vostro_5402_firmware *
dell vostro_3581_firmware *
dell latitude_7430_firmware *
dell alienware_m17_r3_firmware *
dell latitude_5591_firmware *
dell vostro_7500_firmware *
dell vostro_7590_firmware *
dell inspiron_3580_firmware *
dell inspiron_5490_firmware *
dell latitude_3390_2-in-1_firmware *
dell latitude_5420_rugged_firmware *
dell xps_8960_firmware *
dell latitude_5488_firmware *
dell latitude_3330_firmware *
dell vostro_3401_firmware *
dell latitude_5511_firmware *
dell precision_3530_firmware *
dell inspiron_3501_firmware *
dell g15_5510_firmware *
dell alienware_aurora_r13_firmware *
dell latitude_5590_firmware *
dell optiplex_5090_firmware *
dell optiplex_7050_firmware *
dell xps_13_7390_firmware *
dell inspiron_7391_firmware *
dell wyse_7040_thin_client_firmware *
dell vostro_3668_firmware *
dell inspiron_3511_firmware *
dell optiplex_7450_firmware *
dell inspiron_3584_firmware *
dell xps_8940_firmware *
dell inspiron_7500_firmware *
dell inspiron_15_5510_firmware *
dell optiplex_tower_plus_7010_firmware *
dell alienware_m15_r3_firmware *
dell vostro_3669_firmware *
dell inspiron_3481_firmware *
dell inspiron_5498_firmware *
dell inspiron_27_7720_all-in-one_firmware *
dell vostro_5490_firmware *
dell g15_5520_firmware *
dell inspiron_13_5330_firmware *
dell latitude_3310_firmware *
dell latitude_3301_firmware *
CVE-2023-28027

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L 0.8 4.2

Products Affected

Vendor Product Version
dell inspiron_5310_firmware *
dell inspiron_5591_2-in-1_firmware *
dell optiplex_3090_firmware *
dell xps_17_9730_firmware *
dell optiplex_7480_all-in-one_firmware *
dell inspiron_3593_firmware *
dell inspiron_24_5410_all-in-one_firmware *
dell inspiron_5593_firmware *
dell vostro_3710_firmware *
dell latitude_7414_rugged_extreme_firmware *
dell latitude_3410_firmware *
dell latitude_7390_2-in-1_firmware *
dell inspiron_5400_firmware *
dell latitude_7210_2-in-1_firmware *
dell precision_3520_firmware *
dell latitude_3520_firmware *
dell latitude_3580_firmware *
dell xps_15_9520_firmware *
dell inspiron_5409_firmware *
dell inspiron_3020_firmware *
dell inspiron_7700_all-in-one_firmware *
dell g7_15_7500_firmware *
dell latitude_7480_firmware *
dell xps_15_9530_firmware *
dell alienware_x14_firmware *
dell latitude_3490_firmware *
dell precision_3630_tower_firmware *
dell precision_7820_tower_firmware *
dell inspiron_7591_firmware *
dell optiplex_7490_all-in-one_firmware *
dell g5_15_5590_firmware *
dell latitude_9510_firmware *
dell optiplex_5060_firmware *
dell inspiron_7610_firmware *
dell g7_15_7590_firmware *
dell precision_3430_tower_firmware *
dell alienware_x15_r1_firmware *
dell optiplex_5260_all-in-one_firmware *
dell latitude_9410_firmware *
dell precision_3240_compact_firmware *
dell precision_5530_firmware *
dell vostro_3070_firmware *
dell inspiron_5300_firmware *
dell optiplex_3050_firmware *
dell alienware_m15_r6_firmware *
dell precision_3571_firmware *
dell latitude_5491_firmware *
dell vostro_5502_firmware *
dell precision_5760_firmware *
dell inspiron_3781_firmware *
dell precision_5820_tower_firmware *
dell inspiron_7510_firmware *
dell vostro_5501_firmware *
dell latitude_7389_firmware *
dell g3_3500_firmware *
dell inspiron_7420_firmware *
dell inspiron_16_7620_2-in-1_firmware *
dell vostro_3580_firmware *
dell inspiron_7500_2-in-1_black_firmware *
dell latitude_rugged_7220_firmware *
dell inspiron_3880_firmware *
dell inspiron_3482_firmware *
dell vostro_3400_firmware *
dell inspiron_7500_2-in-1_silver_firmware *
dell latitude_7380_firmware *
dell alienware_m17_r2_firmware *
dell latitude_rugged_7330_firmware *
dell xps_17_9710_firmware *
dell optiplex_3090_ultra_firmware *
dell precision_3551_firmware *
dell alienware_x15_r2_firmware *
dell xps_15_9510_firmware *
dell g3_3779_firmware *
dell alienware_m17_r4_firmware *
dell optiplex_7070_firmware *
dell precision_7740_firmware *
dell vostro_3890_firmware *
dell xps_15_9500_firmware *
dell precision_7560_firmware *
dell precision_7760_firmware *
dell vostro_3470_firmware *
dell inspiron_5493_firmware *
dell precision_3650_tower_firmware *
dell latitude_9520_firmware *
dell latitude_rugged_5430_firmware *
dell inspiron_7506_2-in-1_firmware *
dell wyse_5470_all-in-one_firmware *
dell precision_5530_2-in-1_firmware *
dell latitude_7300_firmware *
dell latitude_3320_firmware *
dell xps_13_9380_firmware *
dell precision_3420_tower_firmware *
dell vostro_5300_firmware *
dell inspiron_3790_firmware *
dell vostro_3670_firmware *
dell inspiron_3671_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell latitude_5320_firmware *
dell xps_17_9700_firmware *
dell latitude_5290_firmware *
dell latitude_rugged_7220ex_firmware *
dell precision_3560_firmware *
dell latitude_7320_detachable_firmware *
dell latitude_3510_firmware *
dell g15_5511_firmware *
dell inspiron_7306_2-in-1_firmware *
dell optiplex_7000_firmware *
dell xps_13_9315_firmware *
dell vostro_3020_t_firmware *
dell inspiron_3470_firmware *
dell vostro_5510_firmware *
dell latitude_14_rugged_5414_firmware *
dell inspiron_3582_firmware *
dell inspiron_7000_firmware *
dell vostro_3690_firmware *
dell latitude_5510_firmware *
dell vostro_3471_firmware *
dell xps_17_9720_firmware *
dell latitude_9420_firmware *
dell precision_3450_firmware *
dell latitude_7400_2-in-1_firmware *
dell optiplex_3000_thin_client_firmware *
dell latitude_7280_firmware *
dell latitude_7290_firmware *
dell latitude_5300_firmware *
dell inspiron_5420_firmware *
dell optiplex_3000_firmware *
dell precision_5560_firmware *
dell xps_13_9310_2-in-1_firmware *
dell inspiron_3583_firmware *
dell optiplex_7071_firmware *
dell inspiron_5481_2-in-1_firmware *
dell precision_5570_firmware *
dell optiplex_7780_all-in-one_firmware *
dell vostro_5491_firmware *
dell alienware_aurora_r15_firmware *
dell inspiron_3590_firmware *
dell vostro_3420_firmware *
dell vostro_3582_firmware *
dell precision_3431_tower_firmware *
dell latitude_5530_firmware *
dell latitude_7530_firmware *
dell vostro_5591_firmware *
dell inspiron_5502_firmware *
dell optiplex_5050_firmware *
dell vostro_3481_firmware *
dell vostro_3490_firmware *
dell alienware_m15_r4_firmware *
dell inspiron_5406_2-in-1_firmware *
dell latitude_5290_2-in-1_firmware *
dell precision_3440_firmware *
dell precision_7510_firmware *
dell chengming_3980_firmware *
dell inspiron_3280_firmware *
dell xps_13_9310_firmware *
dell xps_13_9320_firmware *
dell precision_7865_tower_firmware *
dell precision_7710_firmware *
dell latitude_5580_firmware *
dell latitude_3120_firmware *
dell latitude_7410_firmware *
dell xps_13_9315_2-in-1_firmware *
dell inspiron_5598_firmware *
dell latitude_3189_firmware *
dell inspiron_7791_firmware *
dell precision_3460_small_form_factor_firmware *
dell precision_5750_firmware *
dell vostro_3681_firmware *
dell vostro_5320_firmware *
dell inspiron_5491_2-in-1_firmware *
dell vostro_7620_firmware *
dell inspiron_15_3511_firmware *
dell latitude_9330_firmware *
dell optiplex_3080_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell latitude_3590_firmware *
dell g16_7620_firmware *
dell inspiron_5402_firmware *
dell precision_7520_firmware *
dell latitude_3400_firmware *
dell latitude_5531_firmware *
dell latitude_3180_firmware *
dell g5_15_5500_firmware *
dell vostro_5620_firmware *
dell latitude_5500_firmware *
dell latitude_5330_firmware *
dell inspiron_5391_firmware *
dell inspiron_5501_firmware *
dell optiplex_5000_firmware *
dell g7_17_7700_firmware *
dell wyse_5070_firmware *
dell inspiron_5594_firmware *
dell chengming_3990_firmware *
dell inspiron_5301_firmware *
dell alienware_x17_r2_firmware *
dell precision_3660_firmware *
dell vostro_3584_firmware *
dell inspiron_3881_firmware *
dell vostro_5090_firmware *
dell optiplex_7460_all-in-one_firmware *
dell alienware_aurora_r12_firmware *
dell g3_15_3590_firmware *
dell optiplex_7090_ultra_firmware *
dell inspiron_14_plus_7420_firmware *
dell inspiron_5570_firmware *
dell precision_3550_firmware *
dell vostro_5410_firmware *
dell inspiron_7300_2-in-1_firmware *
dell optiplex_3280_all-in-one_firmware *
dell optiplex_5480_all-in-one_firmware *
dell precision_5470_firmware *
dell latitude_3530_firmware *
dell latitude_7330_firmware *
dell precision_3930_rack_firmware *
dell xps_15_7590_firmware *
dell inspiron_3490_firmware *
dell optiplex_7760_all-in-one_firmware *
dell inspiron_15_5518_firmware *
dell g5_5000_firmware *
dell precision_7540_firmware *
dell latitude_5289_firmware *
dell chengming_3988_firmware *
dell latitude_5280_firmware *
dell inspiron_5410_firmware *
dell vostro_3510_firmware *
dell xps_13_9305_firmware *
dell optiplex_7770_all-in-one_firmware *
dell inspiron_5408_firmware *
dell inspiron_3502_firmware *
dell inspiron_7590_firmware *
dell inspiron_5620_firmware *
dell latitude_7490_firmware *
dell inspiron_3493_firmware *
dell alienware_m16_firmware *
dell latitude_3480_firmware *
dell latitude_3310_2-in-1_firmware *
dell vostro_3590_firmware *
dell inspiron_7710_firmware *
dell optiplex_5250_firmware *
dell inspiron_3510_firmware *
dell latitude_5410_firmware *
dell vostro_5391_firmware *
dell optiplex_7400_firmware *
dell optiplex_7410_all-in-one_firmware *
dell latitude_3430_firmware *
dell inspiron_5401_firmware *
dell optiplex_7470_all-in-one_firmware *
dell optiplex_3050_all-in-one_firmware *
dell alienware_m15_r2_firmware *
dell latitude_5411_firmware *
dell g5_5090_firmware *
dell optiplex_3060_firmware *
dell inspiron_3581_firmware *
dell optiplex_xe3_firmware *
dell precision_3570_firmware *
dell inspiron_5590_firmware *
dell precision_5540_firmware *
dell embedded_box_pc_5000_firmware *
dell precision_7730_firmware *
dell inspiron_7501_firmware *
dell vostro_7510_firmware *
dell latitude_5490_firmware *
dell precision_5720_aio_firmware *
dell latitude_5520_firmware *
dell precision_3561_firmware *
dell inspiron_5508_firmware *
dell vostro_3881_firmware *
dell inspiron_5509_firmware *
dell inspiron_16_7630_2-in-1_firmware *
dell latitude_5521_firmware *
dell vostro_5401_firmware *
dell inspiron_3020s_firmware *
dell vostro_3500_firmware *
dell vostro_3501_firmware *
dell optiplex_5080_firmware *
dell latitude_5420_firmware *
dell alienware_aurora_r11_firmware *
dell inspiron_7490_firmware *
dell inspiron_5400_2-in-1_firmware *
dell inspiron_14_5410_firmware *
dell inspiron_3891_firmware *
dell latitude_7200_2-in-1_firmware *
dell inspiron_3910_firmware *
dell inspiron_14_5430_firmware *
dell precision_3620_tower_firmware *
dell precision_7770_firmware *
dell latitude_5288_firmware *
dell latitude_3300_firmware *
dell vostro_3667_firmware *
dell inspiron_5494_firmware *
dell vostro_3020_sff_firmware *
dell optiplex_5070_firmware *
dell inspiron_3520_firmware *
dell inspiron_3480_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_7212_rugged_extreme_tablet_firmware *
dell latitude_5501_firmware *
dell vostro_3910_firmware *
dell inspiron_5320_firmware *
dell latitude_7390_firmware *
dell vostro_3520_firmware *
dell inspiron_16_5630_firmware *
dell inspiron_5490_aio_firmware *
dell inspiron_7300_firmware *
dell optiplex_7070_ultra_firmware *
dell optiplex_7080_firmware *
dell inspiron_7400_firmware *
dell inspiron_24_5420_all-in-one_firmware *
dell latitude_3420_firmware *
dell inspiron_5770_firmware *
dell inspiron_3793_firmware *
dell optiplex_7090_firmware *
dell inspiron_7790_firmware *
dell latitude_7230_rugged_extreme_tablet_firmware *
dell alienware_area_51m_r2_firmware *
dell latitude_3190_firmware *
dell chengming_3991_firmware *
dell xps_13_9300_firmware *
dell alienware_x17_r1_firmware *
dell latitude_5424_rugged_firmware *
dell precision_5550_firmware *
dell inspiron_7706_2-in-1_firmware *
dell latitude_5300_2-in-1_firmware *
dell vostro_5880_firmware *
dell alienware_m15_r7_firmware *
dell inspiron_5401_aio_firmware *
dell latitude_5400_firmware *
dell latitude_5310_firmware *
dell g7_17_7790_firmware *
dell optiplex_7060_firmware *
dell vostro_3268_firmware *
dell inspiron_14_5418_firmware *
dell vostro_3583_firmware *
dell precision_3540_firmware *
dell chengming_3900_firmware *
dell latitude_3140_firmware *
dell vostro_16_5630_firmware *
dell vostro_3480_firmware *
dell xps_8950_firmware *
dell optiplex_5270_all-in-one_firmware *
dell latitude_5430_firmware *
dell inspiron_5491_aio_firmware *
dell precision_7670_firmware *
dell inspiron_3782_firmware *
dell optiplex_small_form_factor_plus_7010_firmware *
dell precision_7920_tower_firmware *
dell inspiron_14_7430_2-in-1_firmware *
dell inspiron_3670_firmware *
dell chengming_3910_firmware *
dell latitude_5285_2-in-1_firmware *
dell inspiron_16_plus_7620_firmware *
dell inspiron_3471_firmware *
dell chengming_3901_firmware *
dell vostro_5301_firmware *
dell latitude_3190_2-in-1_firmware *
dell precision_3541_firmware *
dell precision_5770_firmware *
dell g3_3579_firmware *
dell latitude_5480_firmware *
dell precision_7720_firmware *
dell optiplex_5400_firmware *
dell latitude_3500_firmware *
dell vostro_3267_firmware *
dell inspiron_24_5421_all-in-one_firmware *
dell latitude_5421_firmware *
dell inspiron_3780_firmware *
dell vostro_3671_firmware *
dell vostro_5890_firmware *
dell xps_13_7390_2-in-1_firmware *
dell optiplex_7000_oem_firmware *
dell inspiron_3521_firmware *
dell precision_3640_tower_firmware *
dell xps_15_9575_2-in-1_firmware *
dell optiplex_5490_all-in-one_firmware *
dell latitude_7310_firmware *
dell vostro_5590_firmware *
dell g15_5530_firmware *
dell alienware_area_51m_r1_firmware *
dell latitude_13_3380_firmware *
dell latitude_12_rugged_extreme_7214_firmware *
dell vostro_5310_firmware *
dell optiplex_3070_firmware *
dell chengming_3911_firmware *
dell latitude_9430_firmware *
dell latitude_7285_2-in-1_firmware *
dell precision_7530_firmware *
dell precision_5520_firmware *
dell latitude_7400_firmware *
dell wyse_5470_firmware *
dell vostro_5402_firmware *
dell vostro_3581_firmware *
dell latitude_7430_firmware *
dell alienware_m17_r3_firmware *
dell latitude_5591_firmware *
dell vostro_7500_firmware *
dell vostro_7590_firmware *
dell inspiron_3580_firmware *
dell inspiron_5490_firmware *
dell latitude_3390_2-in-1_firmware *
dell latitude_5420_rugged_firmware *
dell xps_8960_firmware *
dell latitude_5488_firmware *
dell latitude_3330_firmware *
dell vostro_3401_firmware *
dell latitude_5511_firmware *
dell precision_3530_firmware *
dell inspiron_3501_firmware *
dell g15_5510_firmware *
dell alienware_aurora_r13_firmware *
dell latitude_5590_firmware *
dell optiplex_5090_firmware *
dell optiplex_7050_firmware *
dell xps_13_7390_firmware *
dell inspiron_7391_firmware *
dell wyse_7040_thin_client_firmware *
dell vostro_3668_firmware *
dell inspiron_3511_firmware *
dell optiplex_7450_firmware *
dell inspiron_3584_firmware *
dell xps_8940_firmware *
dell inspiron_7500_firmware *
dell inspiron_15_5510_firmware *
dell optiplex_tower_plus_7010_firmware *
dell alienware_m15_r3_firmware *
dell vostro_3669_firmware *
dell inspiron_3481_firmware *
dell inspiron_5498_firmware *
dell inspiron_27_7720_all-in-one_firmware *
dell vostro_5490_firmware *
dell g15_5520_firmware *
dell inspiron_13_5330_firmware *
dell latitude_3310_firmware *
dell latitude_3301_firmware *
CVE-2023-28028

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L 0.8 4.2

Products Affected

Vendor Product Version
dell inspiron_5310_firmware *
dell inspiron_5591_2-in-1_firmware *
dell optiplex_3090_firmware *
dell xps_17_9730_firmware *
dell optiplex_7480_all-in-one_firmware *
dell inspiron_3593_firmware *
dell inspiron_24_5410_all-in-one_firmware *
dell inspiron_5593_firmware *
dell vostro_3710_firmware *
dell latitude_7414_rugged_extreme_firmware *
dell latitude_3410_firmware *
dell latitude_7390_2-in-1_firmware *
dell inspiron_5400_firmware *
dell latitude_7210_2-in-1_firmware *
dell precision_3520_firmware *
dell latitude_3520_firmware *
dell latitude_3580_firmware *
dell xps_15_9520_firmware *
dell inspiron_5409_firmware *
dell inspiron_3020_firmware *
dell inspiron_7700_all-in-one_firmware *
dell g7_15_7500_firmware *
dell latitude_7480_firmware *
dell xps_15_9530_firmware *
dell alienware_x14_firmware *
dell latitude_3490_firmware *
dell precision_3630_tower_firmware *
dell precision_7820_tower_firmware *
dell inspiron_7591_firmware *
dell optiplex_7490_all-in-one_firmware *
dell g5_15_5590_firmware *
dell latitude_9510_firmware *
dell optiplex_5060_firmware *
dell inspiron_7610_firmware *
dell g7_15_7590_firmware *
dell precision_3430_tower_firmware *
dell alienware_x15_r1_firmware *
dell optiplex_5260_all-in-one_firmware *
dell latitude_9410_firmware *
dell precision_3240_compact_firmware *
dell precision_5530_firmware *
dell vostro_3070_firmware *
dell inspiron_5300_firmware *
dell optiplex_3050_firmware *
dell alienware_m15_r6_firmware *
dell precision_3571_firmware *
dell latitude_5491_firmware *
dell vostro_5502_firmware *
dell precision_5760_firmware *
dell inspiron_3781_firmware *
dell precision_5820_tower_firmware *
dell inspiron_7510_firmware *
dell vostro_5501_firmware *
dell latitude_7389_firmware *
dell g3_3500_firmware *
dell inspiron_7420_firmware *
dell inspiron_16_7620_2-in-1_firmware *
dell vostro_3580_firmware *
dell inspiron_7500_2-in-1_black_firmware *
dell latitude_rugged_7220_firmware *
dell inspiron_3880_firmware *
dell inspiron_3482_firmware *
dell vostro_3400_firmware *
dell inspiron_7500_2-in-1_silver_firmware *
dell latitude_7380_firmware *
dell alienware_m17_r2_firmware *
dell latitude_rugged_7330_firmware *
dell xps_17_9710_firmware *
dell optiplex_3090_ultra_firmware *
dell precision_3551_firmware *
dell alienware_x15_r2_firmware *
dell xps_15_9510_firmware *
dell g3_3779_firmware *
dell alienware_m17_r4_firmware *
dell optiplex_7070_firmware *
dell precision_7740_firmware *
dell vostro_3890_firmware *
dell xps_15_9500_firmware *
dell precision_7560_firmware *
dell precision_7760_firmware *
dell vostro_3470_firmware *
dell inspiron_5493_firmware *
dell precision_3650_tower_firmware *
dell latitude_9520_firmware *
dell latitude_rugged_5430_firmware *
dell inspiron_7506_2-in-1_firmware *
dell wyse_5470_all-in-one_firmware *
dell precision_5530_2-in-1_firmware *
dell latitude_7300_firmware *
dell latitude_3320_firmware *
dell xps_13_9380_firmware *
dell precision_3420_tower_firmware *
dell vostro_5300_firmware *
dell inspiron_3790_firmware *
dell vostro_3670_firmware *
dell inspiron_3671_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell latitude_5320_firmware *
dell xps_17_9700_firmware *
dell latitude_5290_firmware *
dell latitude_rugged_7220ex_firmware *
dell precision_3560_firmware *
dell latitude_7320_detachable_firmware *
dell latitude_3510_firmware *
dell g15_5511_firmware *
dell inspiron_7306_2-in-1_firmware *
dell optiplex_7000_firmware *
dell xps_13_9315_firmware *
dell vostro_3020_t_firmware *
dell inspiron_3470_firmware *
dell vostro_5510_firmware *
dell latitude_14_rugged_5414_firmware *
dell inspiron_3582_firmware *
dell inspiron_7000_firmware *
dell vostro_3690_firmware *
dell latitude_5510_firmware *
dell vostro_3471_firmware *
dell xps_17_9720_firmware *
dell latitude_9420_firmware *
dell precision_3450_firmware *
dell latitude_7400_2-in-1_firmware *
dell optiplex_3000_thin_client_firmware *
dell latitude_7280_firmware *
dell latitude_7290_firmware *
dell latitude_5300_firmware *
dell inspiron_5420_firmware *
dell optiplex_3000_firmware *
dell precision_5560_firmware *
dell xps_13_9310_2-in-1_firmware *
dell inspiron_3583_firmware *
dell optiplex_7071_firmware *
dell inspiron_5481_2-in-1_firmware *
dell precision_5570_firmware *
dell optiplex_7780_all-in-one_firmware *
dell vostro_5491_firmware *
dell alienware_aurora_r15_firmware *
dell inspiron_3590_firmware *
dell vostro_3420_firmware *
dell vostro_3582_firmware *
dell precision_3431_tower_firmware *
dell latitude_5530_firmware *
dell latitude_7530_firmware *
dell vostro_5591_firmware *
dell inspiron_5502_firmware *
dell optiplex_5050_firmware *
dell vostro_3481_firmware *
dell vostro_3490_firmware *
dell alienware_m15_r4_firmware *
dell inspiron_5406_2-in-1_firmware *
dell latitude_5290_2-in-1_firmware *
dell precision_3440_firmware *
dell precision_7510_firmware *
dell chengming_3980_firmware *
dell inspiron_3280_firmware *
dell xps_13_9310_firmware *
dell xps_13_9320_firmware *
dell precision_7865_tower_firmware *
dell precision_7710_firmware *
dell latitude_5580_firmware *
dell latitude_3120_firmware *
dell latitude_7410_firmware *
dell xps_13_9315_2-in-1_firmware *
dell inspiron_5598_firmware *
dell latitude_3189_firmware *
dell inspiron_7791_firmware *
dell precision_3460_small_form_factor_firmware *
dell precision_5750_firmware *
dell vostro_3681_firmware *
dell vostro_5320_firmware *
dell inspiron_5491_2-in-1_firmware *
dell vostro_7620_firmware *
dell inspiron_15_3511_firmware *
dell latitude_9330_firmware *
dell optiplex_3080_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell latitude_3590_firmware *
dell g16_7620_firmware *
dell inspiron_5402_firmware *
dell precision_7520_firmware *
dell latitude_3400_firmware *
dell latitude_5531_firmware *
dell latitude_3180_firmware *
dell g5_15_5500_firmware *
dell vostro_5620_firmware *
dell latitude_5500_firmware *
dell latitude_5330_firmware *
dell inspiron_5391_firmware *
dell inspiron_5501_firmware *
dell optiplex_5000_firmware *
dell g7_17_7700_firmware *
dell wyse_5070_firmware *
dell inspiron_5594_firmware *
dell chengming_3990_firmware *
dell inspiron_5301_firmware *
dell alienware_x17_r2_firmware *
dell precision_3660_firmware *
dell vostro_3584_firmware *
dell inspiron_3881_firmware *
dell vostro_5090_firmware *
dell optiplex_7460_all-in-one_firmware *
dell alienware_aurora_r12_firmware *
dell g3_15_3590_firmware *
dell optiplex_7090_ultra_firmware *
dell inspiron_14_plus_7420_firmware *
dell inspiron_5570_firmware *
dell precision_3550_firmware *
dell vostro_5410_firmware *
dell inspiron_7300_2-in-1_firmware *
dell optiplex_3280_all-in-one_firmware *
dell optiplex_5480_all-in-one_firmware *
dell precision_5470_firmware *
dell latitude_3530_firmware *
dell latitude_7330_firmware *
dell precision_3930_rack_firmware *
dell xps_15_7590_firmware *
dell inspiron_3490_firmware *
dell optiplex_7760_all-in-one_firmware *
dell inspiron_15_5518_firmware *
dell g5_5000_firmware *
dell precision_7540_firmware *
dell latitude_5289_firmware *
dell chengming_3988_firmware *
dell latitude_5280_firmware *
dell inspiron_5410_firmware *
dell vostro_3510_firmware *
dell xps_13_9305_firmware *
dell optiplex_7770_all-in-one_firmware *
dell inspiron_5408_firmware *
dell inspiron_3502_firmware *
dell inspiron_7590_firmware *
dell inspiron_5620_firmware *
dell latitude_7490_firmware *
dell inspiron_3493_firmware *
dell alienware_m16_firmware *
dell latitude_3480_firmware *
dell latitude_3310_2-in-1_firmware *
dell vostro_3590_firmware *
dell inspiron_7710_firmware *
dell optiplex_5250_firmware *
dell inspiron_3510_firmware *
dell latitude_5410_firmware *
dell vostro_5391_firmware *
dell optiplex_7400_firmware *
dell optiplex_7410_all-in-one_firmware *
dell latitude_3430_firmware *
dell inspiron_5401_firmware *
dell optiplex_7470_all-in-one_firmware *
dell optiplex_3050_all-in-one_firmware *
dell alienware_m15_r2_firmware *
dell latitude_5411_firmware *
dell g5_5090_firmware *
dell optiplex_3060_firmware *
dell inspiron_3581_firmware *
dell optiplex_xe3_firmware *
dell precision_3570_firmware *
dell inspiron_5590_firmware *
dell precision_5540_firmware *
dell embedded_box_pc_5000_firmware *
dell precision_7730_firmware *
dell inspiron_7501_firmware *
dell vostro_7510_firmware *
dell latitude_5490_firmware *
dell precision_5720_aio_firmware *
dell latitude_5520_firmware *
dell precision_3561_firmware *
dell inspiron_5508_firmware *
dell vostro_3881_firmware *
dell inspiron_5509_firmware *
dell inspiron_16_7630_2-in-1_firmware *
dell latitude_5521_firmware *
dell vostro_5401_firmware *
dell inspiron_3020s_firmware *
dell vostro_3500_firmware *
dell vostro_3501_firmware *
dell optiplex_5080_firmware *
dell latitude_5420_firmware *
dell alienware_aurora_r11_firmware *
dell inspiron_7490_firmware *
dell inspiron_5400_2-in-1_firmware *
dell inspiron_14_5410_firmware *
dell inspiron_3891_firmware *
dell latitude_7200_2-in-1_firmware *
dell inspiron_3910_firmware *
dell inspiron_14_5430_firmware *
dell precision_3620_tower_firmware *
dell precision_7770_firmware *
dell latitude_5288_firmware *
dell latitude_3300_firmware *
dell vostro_3667_firmware *
dell inspiron_5494_firmware *
dell vostro_3020_sff_firmware *
dell optiplex_5070_firmware *
dell inspiron_3520_firmware *
dell inspiron_3480_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_7212_rugged_extreme_tablet_firmware *
dell latitude_5501_firmware *
dell vostro_3910_firmware *
dell inspiron_5320_firmware *
dell latitude_7390_firmware *
dell vostro_3520_firmware *
dell inspiron_16_5630_firmware *
dell inspiron_5490_aio_firmware *
dell inspiron_7300_firmware *
dell optiplex_7070_ultra_firmware *
dell optiplex_7080_firmware *
dell inspiron_7400_firmware *
dell inspiron_24_5420_all-in-one_firmware *
dell latitude_3420_firmware *
dell inspiron_5770_firmware *
dell inspiron_3793_firmware *
dell optiplex_7090_firmware *
dell inspiron_7790_firmware *
dell latitude_7230_rugged_extreme_tablet_firmware *
dell alienware_area_51m_r2_firmware *
dell latitude_3190_firmware *
dell chengming_3991_firmware *
dell xps_13_9300_firmware *
dell alienware_x17_r1_firmware *
dell latitude_5424_rugged_firmware *
dell precision_5550_firmware *
dell inspiron_7706_2-in-1_firmware *
dell latitude_5300_2-in-1_firmware *
dell vostro_5880_firmware *
dell alienware_m15_r7_firmware *
dell inspiron_5401_aio_firmware *
dell latitude_5400_firmware *
dell latitude_5310_firmware *
dell g7_17_7790_firmware *
dell optiplex_7060_firmware *
dell vostro_3268_firmware *
dell inspiron_14_5418_firmware *
dell vostro_3583_firmware *
dell precision_3540_firmware *
dell chengming_3900_firmware *
dell latitude_3140_firmware *
dell vostro_16_5630_firmware *
dell vostro_3480_firmware *
dell xps_8950_firmware *
dell optiplex_5270_all-in-one_firmware *
dell latitude_5430_firmware *
dell inspiron_5491_aio_firmware *
dell precision_7670_firmware *
dell inspiron_3782_firmware *
dell optiplex_small_form_factor_plus_7010_firmware *
dell precision_7920_tower_firmware *
dell inspiron_14_7430_2-in-1_firmware *
dell inspiron_3670_firmware *
dell chengming_3910_firmware *
dell latitude_5285_2-in-1_firmware *
dell inspiron_16_plus_7620_firmware *
dell inspiron_3471_firmware *
dell chengming_3901_firmware *
dell vostro_5301_firmware *
dell latitude_3190_2-in-1_firmware *
dell precision_3541_firmware *
dell precision_5770_firmware *
dell g3_3579_firmware *
dell latitude_5480_firmware *
dell precision_7720_firmware *
dell optiplex_5400_firmware *
dell latitude_3500_firmware *
dell vostro_3267_firmware *
dell inspiron_24_5421_all-in-one_firmware *
dell latitude_5421_firmware *
dell inspiron_3780_firmware *
dell vostro_3671_firmware *
dell vostro_5890_firmware *
dell xps_13_7390_2-in-1_firmware *
dell optiplex_7000_oem_firmware *
dell inspiron_3521_firmware *
dell precision_3640_tower_firmware *
dell xps_15_9575_2-in-1_firmware *
dell optiplex_5490_all-in-one_firmware *
dell latitude_7310_firmware *
dell vostro_5590_firmware *
dell g15_5530_firmware *
dell alienware_area_51m_r1_firmware *
dell latitude_13_3380_firmware *
dell latitude_12_rugged_extreme_7214_firmware *
dell vostro_5310_firmware *
dell optiplex_3070_firmware *
dell chengming_3911_firmware *
dell latitude_9430_firmware *
dell latitude_7285_2-in-1_firmware *
dell precision_7530_firmware *
dell precision_5520_firmware *
dell latitude_7400_firmware *
dell wyse_5470_firmware *
dell vostro_5402_firmware *
dell vostro_3581_firmware *
dell latitude_7430_firmware *
dell alienware_m17_r3_firmware *
dell latitude_5591_firmware *
dell vostro_7500_firmware *
dell vostro_7590_firmware *
dell inspiron_3580_firmware *
dell inspiron_5490_firmware *
dell latitude_3390_2-in-1_firmware *
dell latitude_5420_rugged_firmware *
dell xps_8960_firmware *
dell latitude_5488_firmware *
dell latitude_3330_firmware *
dell vostro_3401_firmware *
dell latitude_5511_firmware *
dell precision_3530_firmware *
dell inspiron_3501_firmware *
dell g15_5510_firmware *
dell alienware_aurora_r13_firmware *
dell latitude_5590_firmware *
dell optiplex_5090_firmware *
dell optiplex_7050_firmware *
dell xps_13_7390_firmware *
dell inspiron_7391_firmware *
dell wyse_7040_thin_client_firmware *
dell vostro_3668_firmware *
dell inspiron_3511_firmware *
dell optiplex_7450_firmware *
dell inspiron_3584_firmware *
dell xps_8940_firmware *
dell inspiron_7500_firmware *
dell inspiron_15_5510_firmware *
dell optiplex_tower_plus_7010_firmware *
dell alienware_m15_r3_firmware *
dell vostro_3669_firmware *
dell inspiron_3481_firmware *
dell inspiron_5498_firmware *
dell inspiron_27_7720_all-in-one_firmware *
dell vostro_5490_firmware *
dell g15_5520_firmware *
dell inspiron_13_5330_firmware *
dell latitude_3310_firmware *
dell latitude_3301_firmware *
CVE-2023-28029

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L 0.8 4.2

Products Affected

Vendor Product Version
dell inspiron_5310_firmware *
dell inspiron_5591_2-in-1_firmware *
dell optiplex_3090_firmware *
dell xps_17_9730_firmware *
dell optiplex_7480_all-in-one_firmware *
dell inspiron_3593_firmware *
dell inspiron_24_5410_all-in-one_firmware *
dell inspiron_5593_firmware *
dell vostro_3710_firmware *
dell latitude_7414_rugged_extreme_firmware *
dell latitude_3410_firmware *
dell latitude_7390_2-in-1_firmware *
dell inspiron_5400_firmware *
dell latitude_7210_2-in-1_firmware *
dell precision_3520_firmware *
dell latitude_3520_firmware *
dell latitude_3580_firmware *
dell xps_15_9520_firmware *
dell inspiron_5409_firmware *
dell inspiron_3020_firmware *
dell inspiron_7700_all-in-one_firmware *
dell g7_15_7500_firmware *
dell latitude_7480_firmware *
dell xps_15_9530_firmware *
dell alienware_x14_firmware *
dell latitude_3490_firmware *
dell precision_3630_tower_firmware *
dell precision_7820_tower_firmware *
dell inspiron_7591_firmware *
dell optiplex_7490_all-in-one_firmware *
dell g5_15_5590_firmware *
dell latitude_9510_firmware *
dell optiplex_5060_firmware *
dell inspiron_7610_firmware *
dell g7_15_7590_firmware *
dell precision_3430_tower_firmware *
dell alienware_x15_r1_firmware *
dell optiplex_5260_all-in-one_firmware *
dell latitude_9410_firmware *
dell precision_3240_compact_firmware *
dell precision_5530_firmware *
dell vostro_3070_firmware *
dell inspiron_5300_firmware *
dell optiplex_3050_firmware *
dell alienware_m15_r6_firmware *
dell precision_3571_firmware *
dell latitude_5491_firmware *
dell vostro_5502_firmware *
dell precision_5760_firmware *
dell inspiron_3781_firmware *
dell precision_5820_tower_firmware *
dell inspiron_7510_firmware *
dell vostro_5501_firmware *
dell latitude_7389_firmware *
dell g3_3500_firmware *
dell inspiron_7420_firmware *
dell inspiron_16_7620_2-in-1_firmware *
dell vostro_3580_firmware *
dell inspiron_7500_2-in-1_black_firmware *
dell latitude_rugged_7220_firmware *
dell inspiron_3880_firmware *
dell inspiron_3482_firmware *
dell vostro_3400_firmware *
dell inspiron_7500_2-in-1_silver_firmware *
dell latitude_7380_firmware *
dell alienware_m17_r2_firmware *
dell latitude_rugged_7330_firmware *
dell xps_17_9710_firmware *
dell optiplex_3090_ultra_firmware *
dell precision_3551_firmware *
dell alienware_x15_r2_firmware *
dell xps_15_9510_firmware *
dell g3_3779_firmware *
dell alienware_m17_r4_firmware *
dell optiplex_7070_firmware *
dell precision_7740_firmware *
dell vostro_3890_firmware *
dell xps_15_9500_firmware *
dell precision_7560_firmware *
dell precision_7760_firmware *
dell vostro_3470_firmware *
dell inspiron_5493_firmware *
dell precision_3650_tower_firmware *
dell latitude_9520_firmware *
dell latitude_rugged_5430_firmware *
dell inspiron_7506_2-in-1_firmware *
dell wyse_5470_all-in-one_firmware *
dell precision_5530_2-in-1_firmware *
dell latitude_7300_firmware *
dell latitude_3320_firmware *
dell xps_13_9380_firmware *
dell precision_3420_tower_firmware *
dell vostro_5300_firmware *
dell inspiron_3790_firmware *
dell vostro_3670_firmware *
dell inspiron_3671_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell latitude_5320_firmware *
dell xps_17_9700_firmware *
dell latitude_5290_firmware *
dell latitude_rugged_7220ex_firmware *
dell precision_3560_firmware *
dell latitude_7320_detachable_firmware *
dell latitude_3510_firmware *
dell g15_5511_firmware *
dell inspiron_7306_2-in-1_firmware *
dell optiplex_7000_firmware *
dell xps_13_9315_firmware *
dell vostro_3020_t_firmware *
dell inspiron_3470_firmware *
dell vostro_5510_firmware *
dell latitude_14_rugged_5414_firmware *
dell inspiron_3582_firmware *
dell inspiron_7000_firmware *
dell vostro_3690_firmware *
dell latitude_5510_firmware *
dell vostro_3471_firmware *
dell xps_17_9720_firmware *
dell latitude_9420_firmware *
dell precision_3450_firmware *
dell latitude_7400_2-in-1_firmware *
dell optiplex_3000_thin_client_firmware *
dell latitude_7280_firmware *
dell latitude_7290_firmware *
dell latitude_5300_firmware *
dell inspiron_5420_firmware *
dell optiplex_3000_firmware *
dell precision_5560_firmware *
dell xps_13_9310_2-in-1_firmware *
dell inspiron_3583_firmware *
dell optiplex_7071_firmware *
dell inspiron_5481_2-in-1_firmware *
dell precision_5570_firmware *
dell optiplex_7780_all-in-one_firmware *
dell vostro_5491_firmware *
dell alienware_aurora_r15_firmware *
dell inspiron_3590_firmware *
dell vostro_3420_firmware *
dell vostro_3582_firmware *
dell precision_3431_tower_firmware *
dell latitude_5530_firmware *
dell latitude_7530_firmware *
dell vostro_5591_firmware *
dell inspiron_5502_firmware *
dell optiplex_5050_firmware *
dell vostro_3481_firmware *
dell vostro_3490_firmware *
dell alienware_m15_r4_firmware *
dell inspiron_5406_2-in-1_firmware *
dell latitude_5290_2-in-1_firmware *
dell precision_3440_firmware *
dell precision_7510_firmware *
dell chengming_3980_firmware *
dell inspiron_3280_firmware *
dell xps_13_9310_firmware *
dell xps_13_9320_firmware *
dell precision_7865_tower_firmware *
dell precision_7710_firmware *
dell latitude_5580_firmware *
dell latitude_3120_firmware *
dell latitude_7410_firmware *
dell xps_13_9315_2-in-1_firmware *
dell inspiron_5598_firmware *
dell latitude_3189_firmware *
dell inspiron_7791_firmware *
dell precision_3460_small_form_factor_firmware *
dell precision_5750_firmware *
dell vostro_3681_firmware *
dell vostro_5320_firmware *
dell inspiron_5491_2-in-1_firmware *
dell vostro_7620_firmware *
dell inspiron_15_3511_firmware *
dell latitude_9330_firmware *
dell optiplex_3080_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell latitude_3590_firmware *
dell g16_7620_firmware *
dell inspiron_5402_firmware *
dell precision_7520_firmware *
dell latitude_3400_firmware *
dell latitude_5531_firmware *
dell latitude_3180_firmware *
dell g5_15_5500_firmware *
dell vostro_5620_firmware *
dell latitude_5500_firmware *
dell latitude_5330_firmware *
dell inspiron_5391_firmware *
dell inspiron_5501_firmware *
dell optiplex_5000_firmware *
dell g7_17_7700_firmware *
dell wyse_5070_firmware *
dell inspiron_5594_firmware *
dell chengming_3990_firmware *
dell inspiron_5301_firmware *
dell alienware_x17_r2_firmware *
dell precision_3660_firmware *
dell vostro_3584_firmware *
dell inspiron_3881_firmware *
dell vostro_5090_firmware *
dell optiplex_7460_all-in-one_firmware *
dell alienware_aurora_r12_firmware *
dell g3_15_3590_firmware *
dell optiplex_7090_ultra_firmware *
dell inspiron_14_plus_7420_firmware *
dell inspiron_5570_firmware *
dell precision_3550_firmware *
dell vostro_5410_firmware *
dell inspiron_7300_2-in-1_firmware *
dell optiplex_3280_all-in-one_firmware *
dell optiplex_5480_all-in-one_firmware *
dell precision_5470_firmware *
dell latitude_3530_firmware *
dell latitude_7330_firmware *
dell precision_3930_rack_firmware *
dell xps_15_7590_firmware *
dell inspiron_3490_firmware *
dell optiplex_7760_all-in-one_firmware *
dell inspiron_15_5518_firmware *
dell g5_5000_firmware *
dell precision_7540_firmware *
dell latitude_5289_firmware *
dell chengming_3988_firmware *
dell latitude_5280_firmware *
dell inspiron_5410_firmware *
dell vostro_3510_firmware *
dell xps_13_9305_firmware *
dell optiplex_7770_all-in-one_firmware *
dell inspiron_5408_firmware *
dell inspiron_3502_firmware *
dell inspiron_7590_firmware *
dell inspiron_5620_firmware *
dell latitude_7490_firmware *
dell inspiron_3493_firmware *
dell alienware_m16_firmware *
dell latitude_3480_firmware *
dell latitude_3310_2-in-1_firmware *
dell vostro_3590_firmware *
dell inspiron_7710_firmware *
dell optiplex_5250_firmware *
dell inspiron_3510_firmware *
dell latitude_5410_firmware *
dell vostro_5391_firmware *
dell optiplex_7400_firmware *
dell optiplex_7410_all-in-one_firmware *
dell latitude_3430_firmware *
dell inspiron_5401_firmware *
dell optiplex_7470_all-in-one_firmware *
dell optiplex_3050_all-in-one_firmware *
dell alienware_m15_r2_firmware *
dell latitude_5411_firmware *
dell g5_5090_firmware *
dell optiplex_3060_firmware *
dell inspiron_3581_firmware *
dell optiplex_xe3_firmware *
dell precision_3570_firmware *
dell inspiron_5590_firmware *
dell precision_5540_firmware *
dell embedded_box_pc_5000_firmware *
dell precision_7730_firmware *
dell inspiron_7501_firmware *
dell vostro_7510_firmware *
dell latitude_5490_firmware *
dell precision_5720_aio_firmware *
dell latitude_5520_firmware *
dell precision_3561_firmware *
dell inspiron_5508_firmware *
dell vostro_3881_firmware *
dell inspiron_5509_firmware *
dell inspiron_16_7630_2-in-1_firmware *
dell latitude_5521_firmware *
dell vostro_5401_firmware *
dell inspiron_3020s_firmware *
dell vostro_3500_firmware *
dell vostro_3501_firmware *
dell optiplex_5080_firmware *
dell latitude_5420_firmware *
dell alienware_aurora_r11_firmware *
dell inspiron_7490_firmware *
dell inspiron_5400_2-in-1_firmware *
dell inspiron_14_5410_firmware *
dell inspiron_3891_firmware *
dell latitude_7200_2-in-1_firmware *
dell inspiron_3910_firmware *
dell inspiron_14_5430_firmware *
dell precision_3620_tower_firmware *
dell precision_7770_firmware *
dell latitude_5288_firmware *
dell latitude_3300_firmware *
dell vostro_3667_firmware *
dell inspiron_5494_firmware *
dell vostro_3020_sff_firmware *
dell optiplex_5070_firmware *
dell inspiron_3520_firmware *
dell inspiron_3480_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_7212_rugged_extreme_tablet_firmware *
dell latitude_5501_firmware *
dell vostro_3910_firmware *
dell inspiron_5320_firmware *
dell latitude_7390_firmware *
dell vostro_3520_firmware *
dell inspiron_16_5630_firmware *
dell inspiron_5490_aio_firmware *
dell inspiron_7300_firmware *
dell optiplex_7070_ultra_firmware *
dell optiplex_7080_firmware *
dell inspiron_7400_firmware *
dell inspiron_24_5420_all-in-one_firmware *
dell latitude_3420_firmware *
dell inspiron_5770_firmware *
dell inspiron_3793_firmware *
dell optiplex_7090_firmware *
dell inspiron_7790_firmware *
dell latitude_7230_rugged_extreme_tablet_firmware *
dell alienware_area_51m_r2_firmware *
dell latitude_3190_firmware *
dell chengming_3991_firmware *
dell xps_13_9300_firmware *
dell alienware_x17_r1_firmware *
dell latitude_5424_rugged_firmware *
dell precision_5550_firmware *
dell inspiron_7706_2-in-1_firmware *
dell latitude_5300_2-in-1_firmware *
dell vostro_5880_firmware *
dell alienware_m15_r7_firmware *
dell inspiron_5401_aio_firmware *
dell latitude_5400_firmware *
dell latitude_5310_firmware *
dell g7_17_7790_firmware *
dell optiplex_7060_firmware *
dell vostro_3268_firmware *
dell inspiron_14_5418_firmware *
dell vostro_3583_firmware *
dell precision_3540_firmware *
dell chengming_3900_firmware *
dell latitude_3140_firmware *
dell vostro_16_5630_firmware *
dell vostro_3480_firmware *
dell xps_8950_firmware *
dell optiplex_5270_all-in-one_firmware *
dell latitude_5430_firmware *
dell inspiron_5491_aio_firmware *
dell precision_7670_firmware *
dell inspiron_3782_firmware *
dell optiplex_small_form_factor_plus_7010_firmware *
dell precision_7920_tower_firmware *
dell inspiron_14_7430_2-in-1_firmware *
dell inspiron_3670_firmware *
dell chengming_3910_firmware *
dell latitude_5285_2-in-1_firmware *
dell inspiron_16_plus_7620_firmware *
dell inspiron_3471_firmware *
dell chengming_3901_firmware *
dell vostro_5301_firmware *
dell latitude_3190_2-in-1_firmware *
dell precision_3541_firmware *
dell precision_5770_firmware *
dell g3_3579_firmware *
dell latitude_5480_firmware *
dell precision_7720_firmware *
dell optiplex_5400_firmware *
dell latitude_3500_firmware *
dell vostro_3267_firmware *
dell inspiron_24_5421_all-in-one_firmware *
dell latitude_5421_firmware *
dell inspiron_3780_firmware *
dell vostro_3671_firmware *
dell vostro_5890_firmware *
dell xps_13_7390_2-in-1_firmware *
dell optiplex_7000_oem_firmware *
dell inspiron_3521_firmware *
dell precision_3640_tower_firmware *
dell xps_15_9575_2-in-1_firmware *
dell optiplex_5490_all-in-one_firmware *
dell latitude_7310_firmware *
dell vostro_5590_firmware *
dell g15_5530_firmware *
dell alienware_area_51m_r1_firmware *
dell latitude_13_3380_firmware *
dell latitude_12_rugged_extreme_7214_firmware *
dell vostro_5310_firmware *
dell optiplex_3070_firmware *
dell chengming_3911_firmware *
dell latitude_9430_firmware *
dell latitude_7285_2-in-1_firmware *
dell precision_7530_firmware *
dell precision_5520_firmware *
dell latitude_7400_firmware *
dell wyse_5470_firmware *
dell vostro_5402_firmware *
dell vostro_3581_firmware *
dell latitude_7430_firmware *
dell alienware_m17_r3_firmware *
dell latitude_5591_firmware *
dell vostro_7500_firmware *
dell vostro_7590_firmware *
dell inspiron_3580_firmware *
dell inspiron_5490_firmware *
dell latitude_3390_2-in-1_firmware *
dell latitude_5420_rugged_firmware *
dell xps_8960_firmware *
dell latitude_5488_firmware *
dell latitude_3330_firmware *
dell vostro_3401_firmware *
dell latitude_5511_firmware *
dell precision_3530_firmware *
dell inspiron_3501_firmware *
dell g15_5510_firmware *
dell alienware_aurora_r13_firmware *
dell latitude_5590_firmware *
dell optiplex_5090_firmware *
dell optiplex_7050_firmware *
dell xps_13_7390_firmware *
dell inspiron_7391_firmware *
dell wyse_7040_thin_client_firmware *
dell vostro_3668_firmware *
dell inspiron_3511_firmware *
dell optiplex_7450_firmware *
dell inspiron_3584_firmware *
dell xps_8940_firmware *
dell inspiron_7500_firmware *
dell inspiron_15_5510_firmware *
dell optiplex_tower_plus_7010_firmware *
dell alienware_m15_r3_firmware *
dell vostro_3669_firmware *
dell inspiron_3481_firmware *
dell inspiron_5498_firmware *
dell inspiron_27_7720_all-in-one_firmware *
dell vostro_5490_firmware *
dell g15_5520_firmware *
dell inspiron_13_5330_firmware *
dell latitude_3310_firmware *
dell latitude_3301_firmware *
CVE-2023-28030

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L 0.8 4.2

Products Affected

Vendor Product Version
dell inspiron_5310_firmware *
dell inspiron_5591_2-in-1_firmware *
dell optiplex_3090_firmware *
dell xps_17_9730_firmware *
dell optiplex_7480_all-in-one_firmware *
dell inspiron_3593_firmware *
dell inspiron_24_5410_all-in-one_firmware *
dell inspiron_5593_firmware *
dell vostro_3710_firmware *
dell latitude_7414_rugged_extreme_firmware *
dell latitude_3410_firmware *
dell latitude_7390_2-in-1_firmware *
dell inspiron_5400_firmware *
dell latitude_7210_2-in-1_firmware *
dell precision_3520_firmware *
dell latitude_3520_firmware *
dell latitude_3580_firmware *
dell xps_15_9520_firmware *
dell inspiron_5409_firmware *
dell inspiron_3020_firmware *
dell inspiron_7700_all-in-one_firmware *
dell g7_15_7500_firmware *
dell latitude_7480_firmware *
dell xps_15_9530_firmware *
dell alienware_x14_firmware *
dell latitude_3490_firmware *
dell precision_3630_tower_firmware *
dell precision_7820_tower_firmware *
dell inspiron_7591_firmware *
dell optiplex_7490_all-in-one_firmware *
dell g5_15_5590_firmware *
dell latitude_9510_firmware *
dell optiplex_5060_firmware *
dell inspiron_7610_firmware *
dell g7_15_7590_firmware *
dell precision_3430_tower_firmware *
dell alienware_x15_r1_firmware *
dell optiplex_5260_all-in-one_firmware *
dell latitude_9410_firmware *
dell precision_3240_compact_firmware *
dell precision_5530_firmware *
dell vostro_3070_firmware *
dell inspiron_5300_firmware *
dell optiplex_3050_firmware *
dell alienware_m15_r6_firmware *
dell precision_3571_firmware *
dell latitude_5491_firmware *
dell vostro_5502_firmware *
dell precision_5760_firmware *
dell inspiron_3781_firmware *
dell precision_5820_tower_firmware *
dell inspiron_7510_firmware *
dell vostro_5501_firmware *
dell latitude_7389_firmware *
dell g3_3500_firmware *
dell inspiron_7420_firmware *
dell inspiron_16_7620_2-in-1_firmware *
dell vostro_3580_firmware *
dell inspiron_7500_2-in-1_black_firmware *
dell latitude_rugged_7220_firmware *
dell inspiron_3880_firmware *
dell inspiron_3482_firmware *
dell vostro_3400_firmware *
dell inspiron_7500_2-in-1_silver_firmware *
dell latitude_7380_firmware *
dell alienware_m17_r2_firmware *
dell latitude_rugged_7330_firmware *
dell xps_17_9710_firmware *
dell optiplex_3090_ultra_firmware *
dell precision_3551_firmware *
dell alienware_x15_r2_firmware *
dell xps_15_9510_firmware *
dell g3_3779_firmware *
dell alienware_m17_r4_firmware *
dell optiplex_7070_firmware *
dell precision_7740_firmware *
dell vostro_3890_firmware *
dell xps_15_9500_firmware *
dell precision_7560_firmware *
dell precision_7760_firmware *
dell vostro_3470_firmware *
dell inspiron_5493_firmware *
dell precision_3650_tower_firmware *
dell latitude_9520_firmware *
dell latitude_rugged_5430_firmware *
dell inspiron_7506_2-in-1_firmware *
dell wyse_5470_all-in-one_firmware *
dell precision_5530_2-in-1_firmware *
dell latitude_7300_firmware *
dell latitude_3320_firmware *
dell xps_13_9380_firmware *
dell precision_3420_tower_firmware *
dell vostro_5300_firmware *
dell inspiron_3790_firmware *
dell vostro_3670_firmware *
dell inspiron_3671_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell latitude_5320_firmware *
dell xps_17_9700_firmware *
dell latitude_5290_firmware *
dell latitude_rugged_7220ex_firmware *
dell precision_3560_firmware *
dell latitude_7320_detachable_firmware *
dell latitude_3510_firmware *
dell g15_5511_firmware *
dell inspiron_7306_2-in-1_firmware *
dell optiplex_7000_firmware *
dell xps_13_9315_firmware *
dell vostro_3020_t_firmware *
dell inspiron_3470_firmware *
dell vostro_5510_firmware *
dell latitude_14_rugged_5414_firmware *
dell inspiron_3582_firmware *
dell inspiron_7000_firmware *
dell vostro_3690_firmware *
dell latitude_5510_firmware *
dell vostro_3471_firmware *
dell xps_17_9720_firmware *
dell latitude_9420_firmware *
dell precision_3450_firmware *
dell latitude_7400_2-in-1_firmware *
dell optiplex_3000_thin_client_firmware *
dell latitude_7280_firmware *
dell latitude_7290_firmware *
dell latitude_5300_firmware *
dell inspiron_5420_firmware *
dell optiplex_3000_firmware *
dell precision_5560_firmware *
dell xps_13_9310_2-in-1_firmware *
dell inspiron_3583_firmware *
dell optiplex_7071_firmware *
dell inspiron_5481_2-in-1_firmware *
dell precision_5570_firmware *
dell optiplex_7780_all-in-one_firmware *
dell vostro_5491_firmware *
dell alienware_aurora_r15_firmware *
dell inspiron_3590_firmware *
dell vostro_3420_firmware *
dell vostro_3582_firmware *
dell precision_3431_tower_firmware *
dell latitude_5530_firmware *
dell latitude_7530_firmware *
dell vostro_5591_firmware *
dell inspiron_5502_firmware *
dell optiplex_5050_firmware *
dell vostro_3481_firmware *
dell vostro_3490_firmware *
dell alienware_m15_r4_firmware *
dell inspiron_5406_2-in-1_firmware *
dell latitude_5290_2-in-1_firmware *
dell precision_3440_firmware *
dell precision_7510_firmware *
dell chengming_3980_firmware *
dell inspiron_3280_firmware *
dell xps_13_9310_firmware *
dell xps_13_9320_firmware *
dell precision_7865_tower_firmware *
dell precision_7710_firmware *
dell latitude_5580_firmware *
dell latitude_3120_firmware *
dell latitude_7410_firmware *
dell xps_13_9315_2-in-1_firmware *
dell inspiron_5598_firmware *
dell latitude_3189_firmware *
dell inspiron_7791_firmware *
dell precision_3460_small_form_factor_firmware *
dell precision_5750_firmware *
dell vostro_3681_firmware *
dell vostro_5320_firmware *
dell inspiron_5491_2-in-1_firmware *
dell vostro_7620_firmware *
dell inspiron_15_3511_firmware *
dell latitude_9330_firmware *
dell optiplex_3080_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell latitude_3590_firmware *
dell g16_7620_firmware *
dell inspiron_5402_firmware *
dell precision_7520_firmware *
dell latitude_3400_firmware *
dell latitude_5531_firmware *
dell latitude_3180_firmware *
dell g5_15_5500_firmware *
dell vostro_5620_firmware *
dell latitude_5500_firmware *
dell latitude_5330_firmware *
dell inspiron_5391_firmware *
dell inspiron_5501_firmware *
dell optiplex_5000_firmware *
dell g7_17_7700_firmware *
dell wyse_5070_firmware *
dell inspiron_5594_firmware *
dell chengming_3990_firmware *
dell inspiron_5301_firmware *
dell alienware_x17_r2_firmware *
dell precision_3660_firmware *
dell vostro_3584_firmware *
dell inspiron_3881_firmware *
dell vostro_5090_firmware *
dell optiplex_7460_all-in-one_firmware *
dell alienware_aurora_r12_firmware *
dell g3_15_3590_firmware *
dell optiplex_7090_ultra_firmware *
dell inspiron_14_plus_7420_firmware *
dell inspiron_5570_firmware *
dell precision_3550_firmware *
dell vostro_5410_firmware *
dell inspiron_7300_2-in-1_firmware *
dell optiplex_3280_all-in-one_firmware *
dell optiplex_5480_all-in-one_firmware *
dell precision_5470_firmware *
dell latitude_3530_firmware *
dell latitude_7330_firmware *
dell precision_3930_rack_firmware *
dell xps_15_7590_firmware *
dell inspiron_3490_firmware *
dell optiplex_7760_all-in-one_firmware *
dell inspiron_15_5518_firmware *
dell g5_5000_firmware *
dell precision_7540_firmware *
dell latitude_5289_firmware *
dell chengming_3988_firmware *
dell latitude_5280_firmware *
dell inspiron_5410_firmware *
dell vostro_3510_firmware *
dell xps_13_9305_firmware *
dell optiplex_7770_all-in-one_firmware *
dell inspiron_5408_firmware *
dell inspiron_3502_firmware *
dell inspiron_7590_firmware *
dell inspiron_5620_firmware *
dell latitude_7490_firmware *
dell inspiron_3493_firmware *
dell alienware_m16_firmware *
dell latitude_3480_firmware *
dell latitude_3310_2-in-1_firmware *
dell vostro_3590_firmware *
dell inspiron_7710_firmware *
dell optiplex_5250_firmware *
dell inspiron_3510_firmware *
dell latitude_5410_firmware *
dell vostro_5391_firmware *
dell optiplex_7400_firmware *
dell optiplex_7410_all-in-one_firmware *
dell latitude_3430_firmware *
dell inspiron_5401_firmware *
dell optiplex_7470_all-in-one_firmware *
dell optiplex_3050_all-in-one_firmware *
dell alienware_m15_r2_firmware *
dell latitude_5411_firmware *
dell g5_5090_firmware *
dell optiplex_3060_firmware *
dell inspiron_3581_firmware *
dell optiplex_xe3_firmware *
dell precision_3570_firmware *
dell inspiron_5590_firmware *
dell precision_5540_firmware *
dell embedded_box_pc_5000_firmware *
dell precision_7730_firmware *
dell inspiron_7501_firmware *
dell vostro_7510_firmware *
dell latitude_5490_firmware *
dell precision_5720_aio_firmware *
dell latitude_5520_firmware *
dell precision_3561_firmware *
dell inspiron_5508_firmware *
dell vostro_3881_firmware *
dell inspiron_5509_firmware *
dell inspiron_16_7630_2-in-1_firmware *
dell latitude_5521_firmware *
dell vostro_5401_firmware *
dell inspiron_3020s_firmware *
dell vostro_3500_firmware *
dell vostro_3501_firmware *
dell optiplex_5080_firmware *
dell latitude_5420_firmware *
dell alienware_aurora_r11_firmware *
dell inspiron_7490_firmware *
dell inspiron_5400_2-in-1_firmware *
dell inspiron_14_5410_firmware *
dell inspiron_3891_firmware *
dell latitude_7200_2-in-1_firmware *
dell inspiron_3910_firmware *
dell inspiron_14_5430_firmware *
dell precision_3620_tower_firmware *
dell precision_7770_firmware *
dell latitude_5288_firmware *
dell latitude_3300_firmware *
dell vostro_3667_firmware *
dell inspiron_5494_firmware *
dell vostro_3020_sff_firmware *
dell optiplex_5070_firmware *
dell inspiron_3520_firmware *
dell inspiron_3480_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_7212_rugged_extreme_tablet_firmware *
dell latitude_5501_firmware *
dell vostro_3910_firmware *
dell inspiron_5320_firmware *
dell latitude_7390_firmware *
dell vostro_3520_firmware *
dell inspiron_16_5630_firmware *
dell inspiron_5490_aio_firmware *
dell inspiron_7300_firmware *
dell optiplex_7070_ultra_firmware *
dell optiplex_7080_firmware *
dell inspiron_7400_firmware *
dell inspiron_24_5420_all-in-one_firmware *
dell latitude_3420_firmware *
dell inspiron_5770_firmware *
dell inspiron_3793_firmware *
dell optiplex_7090_firmware *
dell inspiron_7790_firmware *
dell latitude_7230_rugged_extreme_tablet_firmware *
dell alienware_area_51m_r2_firmware *
dell latitude_3190_firmware *
dell chengming_3991_firmware *
dell xps_13_9300_firmware *
dell alienware_x17_r1_firmware *
dell latitude_5424_rugged_firmware *
dell precision_5550_firmware *
dell inspiron_7706_2-in-1_firmware *
dell latitude_5300_2-in-1_firmware *
dell vostro_5880_firmware *
dell alienware_m15_r7_firmware *
dell inspiron_5401_aio_firmware *
dell latitude_5400_firmware *
dell latitude_5310_firmware *
dell g7_17_7790_firmware *
dell optiplex_7060_firmware *
dell vostro_3268_firmware *
dell inspiron_14_5418_firmware *
dell vostro_3583_firmware *
dell precision_3540_firmware *
dell chengming_3900_firmware *
dell latitude_3140_firmware *
dell vostro_16_5630_firmware *
dell vostro_3480_firmware *
dell xps_8950_firmware *
dell optiplex_5270_all-in-one_firmware *
dell latitude_5430_firmware *
dell inspiron_5491_aio_firmware *
dell precision_7670_firmware *
dell inspiron_3782_firmware *
dell optiplex_small_form_factor_plus_7010_firmware *
dell precision_7920_tower_firmware *
dell inspiron_14_7430_2-in-1_firmware *
dell inspiron_3670_firmware *
dell chengming_3910_firmware *
dell latitude_5285_2-in-1_firmware *
dell inspiron_16_plus_7620_firmware *
dell inspiron_3471_firmware *
dell chengming_3901_firmware *
dell vostro_5301_firmware *
dell latitude_3190_2-in-1_firmware *
dell precision_3541_firmware *
dell precision_5770_firmware *
dell g3_3579_firmware *
dell latitude_5480_firmware *
dell precision_7720_firmware *
dell optiplex_5400_firmware *
dell latitude_3500_firmware *
dell vostro_3267_firmware *
dell inspiron_24_5421_all-in-one_firmware *
dell latitude_5421_firmware *
dell inspiron_3780_firmware *
dell vostro_3671_firmware *
dell vostro_5890_firmware *
dell xps_13_7390_2-in-1_firmware *
dell optiplex_7000_oem_firmware *
dell inspiron_3521_firmware *
dell precision_3640_tower_firmware *
dell xps_15_9575_2-in-1_firmware *
dell optiplex_5490_all-in-one_firmware *
dell latitude_7310_firmware *
dell vostro_5590_firmware *
dell g15_5530_firmware *
dell alienware_area_51m_r1_firmware *
dell latitude_13_3380_firmware *
dell latitude_12_rugged_extreme_7214_firmware *
dell vostro_5310_firmware *
dell optiplex_3070_firmware *
dell chengming_3911_firmware *
dell latitude_9430_firmware *
dell latitude_7285_2-in-1_firmware *
dell precision_7530_firmware *
dell precision_5520_firmware *
dell latitude_7400_firmware *
dell wyse_5470_firmware *
dell vostro_5402_firmware *
dell vostro_3581_firmware *
dell latitude_7430_firmware *
dell alienware_m17_r3_firmware *
dell latitude_5591_firmware *
dell vostro_7500_firmware *
dell vostro_7590_firmware *
dell inspiron_3580_firmware *
dell inspiron_5490_firmware *
dell latitude_3390_2-in-1_firmware *
dell latitude_5420_rugged_firmware *
dell xps_8960_firmware *
dell latitude_5488_firmware *
dell latitude_3330_firmware *
dell vostro_3401_firmware *
dell latitude_5511_firmware *
dell precision_3530_firmware *
dell inspiron_3501_firmware *
dell g15_5510_firmware *
dell alienware_aurora_r13_firmware *
dell latitude_5590_firmware *
dell optiplex_5090_firmware *
dell optiplex_7050_firmware *
dell xps_13_7390_firmware *
dell inspiron_7391_firmware *
dell wyse_7040_thin_client_firmware *
dell vostro_3668_firmware *
dell inspiron_3511_firmware *
dell optiplex_7450_firmware *
dell inspiron_3584_firmware *
dell xps_8940_firmware *
dell inspiron_7500_firmware *
dell inspiron_15_5510_firmware *
dell optiplex_tower_plus_7010_firmware *
dell alienware_m15_r3_firmware *
dell vostro_3669_firmware *
dell inspiron_3481_firmware *
dell inspiron_5498_firmware *
dell inspiron_27_7720_all-in-one_firmware *
dell vostro_5490_firmware *
dell g15_5520_firmware *
dell inspiron_13_5330_firmware *
dell latitude_3310_firmware *
dell latitude_3301_firmware *
CVE-2023-28031

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L 0.8 4.2

Products Affected

Vendor Product Version
dell inspiron_5310_firmware *
dell inspiron_5591_2-in-1_firmware *
dell optiplex_3090_firmware *
dell xps_17_9730_firmware *
dell optiplex_7480_all-in-one_firmware *
dell inspiron_3593_firmware *
dell inspiron_24_5410_all-in-one_firmware *
dell inspiron_5593_firmware *
dell vostro_3710_firmware *
dell latitude_7414_rugged_extreme_firmware *
dell latitude_3410_firmware *
dell latitude_7390_2-in-1_firmware *
dell inspiron_5400_firmware *
dell latitude_7210_2-in-1_firmware *
dell precision_3520_firmware *
dell latitude_3520_firmware *
dell latitude_3580_firmware *
dell xps_15_9520_firmware *
dell inspiron_5409_firmware *
dell inspiron_3020_firmware *
dell inspiron_7700_all-in-one_firmware *
dell g7_15_7500_firmware *
dell latitude_7480_firmware *
dell xps_15_9530_firmware *
dell alienware_x14_firmware *
dell latitude_3490_firmware *
dell precision_3630_tower_firmware *
dell precision_7820_tower_firmware *
dell inspiron_7591_firmware *
dell optiplex_7490_all-in-one_firmware *
dell g5_15_5590_firmware *
dell latitude_9510_firmware *
dell optiplex_5060_firmware *
dell inspiron_7610_firmware *
dell g7_15_7590_firmware *
dell precision_3430_tower_firmware *
dell alienware_x15_r1_firmware *
dell optiplex_5260_all-in-one_firmware *
dell latitude_9410_firmware *
dell precision_3240_compact_firmware *
dell precision_5530_firmware *
dell vostro_3070_firmware *
dell inspiron_5300_firmware *
dell optiplex_3050_firmware *
dell alienware_m15_r6_firmware *
dell precision_3571_firmware *
dell latitude_5491_firmware *
dell vostro_5502_firmware *
dell precision_5760_firmware *
dell inspiron_3781_firmware *
dell precision_5820_tower_firmware *
dell inspiron_7510_firmware *
dell vostro_5501_firmware *
dell latitude_7389_firmware *
dell g3_3500_firmware *
dell inspiron_7420_firmware *
dell inspiron_16_7620_2-in-1_firmware *
dell vostro_3580_firmware *
dell inspiron_7500_2-in-1_black_firmware *
dell latitude_rugged_7220_firmware *
dell inspiron_3880_firmware *
dell inspiron_3482_firmware *
dell vostro_3400_firmware *
dell inspiron_7500_2-in-1_silver_firmware *
dell latitude_7380_firmware *
dell alienware_m17_r2_firmware *
dell latitude_rugged_7330_firmware *
dell xps_17_9710_firmware *
dell optiplex_3090_ultra_firmware *
dell precision_3551_firmware *
dell alienware_x15_r2_firmware *
dell xps_15_9510_firmware *
dell g3_3779_firmware *
dell alienware_m17_r4_firmware *
dell optiplex_7070_firmware *
dell precision_7740_firmware *
dell vostro_3890_firmware *
dell xps_15_9500_firmware *
dell precision_7560_firmware *
dell precision_7760_firmware *
dell vostro_3470_firmware *
dell inspiron_5493_firmware *
dell precision_3650_tower_firmware *
dell latitude_9520_firmware *
dell latitude_rugged_5430_firmware *
dell inspiron_7506_2-in-1_firmware *
dell wyse_5470_all-in-one_firmware *
dell precision_5530_2-in-1_firmware *
dell latitude_7300_firmware *
dell latitude_3320_firmware *
dell xps_13_9380_firmware *
dell precision_3420_tower_firmware *
dell vostro_5300_firmware *
dell inspiron_3790_firmware *
dell vostro_3670_firmware *
dell inspiron_3671_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell latitude_5320_firmware *
dell xps_17_9700_firmware *
dell latitude_5290_firmware *
dell latitude_rugged_7220ex_firmware *
dell precision_3560_firmware *
dell latitude_7320_detachable_firmware *
dell latitude_3510_firmware *
dell g15_5511_firmware *
dell inspiron_7306_2-in-1_firmware *
dell optiplex_7000_firmware *
dell xps_13_9315_firmware *
dell vostro_3020_t_firmware *
dell inspiron_3470_firmware *
dell vostro_5510_firmware *
dell latitude_14_rugged_5414_firmware *
dell inspiron_3582_firmware *
dell inspiron_7000_firmware *
dell vostro_3690_firmware *
dell latitude_5510_firmware *
dell vostro_3471_firmware *
dell xps_17_9720_firmware *
dell latitude_9420_firmware *
dell precision_3450_firmware *
dell latitude_7400_2-in-1_firmware *
dell optiplex_3000_thin_client_firmware *
dell latitude_7280_firmware *
dell latitude_7290_firmware *
dell latitude_5300_firmware *
dell inspiron_5420_firmware *
dell optiplex_3000_firmware *
dell precision_5560_firmware *
dell xps_13_9310_2-in-1_firmware *
dell inspiron_3583_firmware *
dell optiplex_7071_firmware *
dell inspiron_5481_2-in-1_firmware *
dell precision_5570_firmware *
dell optiplex_7780_all-in-one_firmware *
dell vostro_5491_firmware *
dell alienware_aurora_r15_firmware *
dell inspiron_3590_firmware *
dell vostro_3420_firmware *
dell vostro_3582_firmware *
dell precision_3431_tower_firmware *
dell latitude_5530_firmware *
dell latitude_7530_firmware *
dell vostro_5591_firmware *
dell inspiron_5502_firmware *
dell optiplex_5050_firmware *
dell vostro_3481_firmware *
dell vostro_3490_firmware *
dell alienware_m15_r4_firmware *
dell inspiron_5406_2-in-1_firmware *
dell latitude_5290_2-in-1_firmware *
dell precision_3440_firmware *
dell precision_7510_firmware *
dell chengming_3980_firmware *
dell inspiron_3280_firmware *
dell xps_13_9310_firmware *
dell xps_13_9320_firmware *
dell precision_7865_tower_firmware *
dell precision_7710_firmware *
dell latitude_5580_firmware *
dell latitude_3120_firmware *
dell latitude_7410_firmware *
dell xps_13_9315_2-in-1_firmware *
dell inspiron_5598_firmware *
dell latitude_3189_firmware *
dell inspiron_7791_firmware *
dell precision_3460_small_form_factor_firmware *
dell precision_5750_firmware *
dell vostro_3681_firmware *
dell vostro_5320_firmware *
dell inspiron_5491_2-in-1_firmware *
dell vostro_7620_firmware *
dell inspiron_15_3511_firmware *
dell latitude_9330_firmware *
dell optiplex_3080_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell latitude_3590_firmware *
dell g16_7620_firmware *
dell inspiron_5402_firmware *
dell precision_7520_firmware *
dell latitude_3400_firmware *
dell latitude_5531_firmware *
dell latitude_3180_firmware *
dell g5_15_5500_firmware *
dell vostro_5620_firmware *
dell latitude_5500_firmware *
dell latitude_5330_firmware *
dell inspiron_5391_firmware *
dell inspiron_5501_firmware *
dell optiplex_5000_firmware *
dell g7_17_7700_firmware *
dell wyse_5070_firmware *
dell inspiron_5594_firmware *
dell chengming_3990_firmware *
dell inspiron_5301_firmware *
dell alienware_x17_r2_firmware *
dell precision_3660_firmware *
dell vostro_3584_firmware *
dell inspiron_3881_firmware *
dell vostro_5090_firmware *
dell optiplex_7460_all-in-one_firmware *
dell alienware_aurora_r12_firmware *
dell g3_15_3590_firmware *
dell optiplex_7090_ultra_firmware *
dell inspiron_14_plus_7420_firmware *
dell inspiron_5570_firmware *
dell precision_3550_firmware *
dell vostro_5410_firmware *
dell inspiron_7300_2-in-1_firmware *
dell optiplex_3280_all-in-one_firmware *
dell optiplex_5480_all-in-one_firmware *
dell precision_5470_firmware *
dell latitude_3530_firmware *
dell latitude_7330_firmware *
dell precision_3930_rack_firmware *
dell xps_15_7590_firmware *
dell inspiron_3490_firmware *
dell optiplex_7760_all-in-one_firmware *
dell inspiron_15_5518_firmware *
dell g5_5000_firmware *
dell precision_7540_firmware *
dell latitude_5289_firmware *
dell chengming_3988_firmware *
dell latitude_5280_firmware *
dell inspiron_5410_firmware *
dell vostro_3510_firmware *
dell xps_13_9305_firmware *
dell optiplex_7770_all-in-one_firmware *
dell inspiron_5408_firmware *
dell inspiron_3502_firmware *
dell inspiron_7590_firmware *
dell inspiron_5620_firmware *
dell latitude_7490_firmware *
dell inspiron_3493_firmware *
dell alienware_m16_firmware *
dell latitude_3480_firmware *
dell latitude_3310_2-in-1_firmware *
dell vostro_3590_firmware *
dell inspiron_7710_firmware *
dell optiplex_5250_firmware *
dell inspiron_3510_firmware *
dell latitude_5410_firmware *
dell vostro_5391_firmware *
dell optiplex_7400_firmware *
dell optiplex_7410_all-in-one_firmware *
dell latitude_3430_firmware *
dell inspiron_5401_firmware *
dell optiplex_7470_all-in-one_firmware *
dell optiplex_3050_all-in-one_firmware *
dell alienware_m15_r2_firmware *
dell latitude_5411_firmware *
dell g5_5090_firmware *
dell optiplex_3060_firmware *
dell inspiron_3581_firmware *
dell optiplex_xe3_firmware *
dell precision_3570_firmware *
dell inspiron_5590_firmware *
dell precision_5540_firmware *
dell embedded_box_pc_5000_firmware *
dell precision_7730_firmware *
dell inspiron_7501_firmware *
dell vostro_7510_firmware *
dell latitude_5490_firmware *
dell precision_5720_aio_firmware *
dell latitude_5520_firmware *
dell precision_3561_firmware *
dell inspiron_5508_firmware *
dell vostro_3881_firmware *
dell inspiron_5509_firmware *
dell inspiron_16_7630_2-in-1_firmware *
dell latitude_5521_firmware *
dell vostro_5401_firmware *
dell inspiron_3020s_firmware *
dell vostro_3500_firmware *
dell vostro_3501_firmware *
dell optiplex_5080_firmware *
dell latitude_5420_firmware *
dell alienware_aurora_r11_firmware *
dell inspiron_7490_firmware *
dell inspiron_5400_2-in-1_firmware *
dell inspiron_14_5410_firmware *
dell inspiron_3891_firmware *
dell latitude_7200_2-in-1_firmware *
dell inspiron_3910_firmware *
dell inspiron_14_5430_firmware *
dell precision_3620_tower_firmware *
dell precision_7770_firmware *
dell latitude_5288_firmware *
dell latitude_3300_firmware *
dell vostro_3667_firmware *
dell inspiron_5494_firmware *
dell vostro_3020_sff_firmware *
dell optiplex_5070_firmware *
dell inspiron_3520_firmware *
dell inspiron_3480_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_7212_rugged_extreme_tablet_firmware *
dell latitude_5501_firmware *
dell vostro_3910_firmware *
dell inspiron_5320_firmware *
dell latitude_7390_firmware *
dell vostro_3520_firmware *
dell inspiron_16_5630_firmware *
dell inspiron_5490_aio_firmware *
dell inspiron_7300_firmware *
dell optiplex_7070_ultra_firmware *
dell optiplex_7080_firmware *
dell inspiron_7400_firmware *
dell inspiron_24_5420_all-in-one_firmware *
dell latitude_3420_firmware *
dell inspiron_5770_firmware *
dell inspiron_3793_firmware *
dell optiplex_7090_firmware *
dell inspiron_7790_firmware *
dell latitude_7230_rugged_extreme_tablet_firmware *
dell alienware_area_51m_r2_firmware *
dell latitude_3190_firmware *
dell chengming_3991_firmware *
dell xps_13_9300_firmware *
dell alienware_x17_r1_firmware *
dell latitude_5424_rugged_firmware *
dell precision_5550_firmware *
dell inspiron_7706_2-in-1_firmware *
dell latitude_5300_2-in-1_firmware *
dell vostro_5880_firmware *
dell alienware_m15_r7_firmware *
dell inspiron_5401_aio_firmware *
dell latitude_5400_firmware *
dell latitude_5310_firmware *
dell g7_17_7790_firmware *
dell optiplex_7060_firmware *
dell vostro_3268_firmware *
dell inspiron_14_5418_firmware *
dell vostro_3583_firmware *
dell precision_3540_firmware *
dell chengming_3900_firmware *
dell latitude_3140_firmware *
dell vostro_16_5630_firmware *
dell vostro_3480_firmware *
dell xps_8950_firmware *
dell optiplex_5270_all-in-one_firmware *
dell latitude_5430_firmware *
dell inspiron_5491_aio_firmware *
dell precision_7670_firmware *
dell inspiron_3782_firmware *
dell optiplex_small_form_factor_plus_7010_firmware *
dell precision_7920_tower_firmware *
dell inspiron_14_7430_2-in-1_firmware *
dell inspiron_3670_firmware *
dell chengming_3910_firmware *
dell latitude_5285_2-in-1_firmware *
dell inspiron_16_plus_7620_firmware *
dell inspiron_3471_firmware *
dell chengming_3901_firmware *
dell vostro_5301_firmware *
dell latitude_3190_2-in-1_firmware *
dell precision_3541_firmware *
dell precision_5770_firmware *
dell g3_3579_firmware *
dell latitude_5480_firmware *
dell precision_7720_firmware *
dell optiplex_5400_firmware *
dell latitude_3500_firmware *
dell vostro_3267_firmware *
dell inspiron_24_5421_all-in-one_firmware *
dell latitude_5421_firmware *
dell inspiron_3780_firmware *
dell vostro_3671_firmware *
dell vostro_5890_firmware *
dell xps_13_7390_2-in-1_firmware *
dell optiplex_7000_oem_firmware *
dell inspiron_3521_firmware *
dell precision_3640_tower_firmware *
dell xps_15_9575_2-in-1_firmware *
dell optiplex_5490_all-in-one_firmware *
dell latitude_7310_firmware *
dell vostro_5590_firmware *
dell g15_5530_firmware *
dell alienware_area_51m_r1_firmware *
dell latitude_13_3380_firmware *
dell latitude_12_rugged_extreme_7214_firmware *
dell vostro_5310_firmware *
dell optiplex_3070_firmware *
dell chengming_3911_firmware *
dell latitude_9430_firmware *
dell latitude_7285_2-in-1_firmware *
dell precision_7530_firmware *
dell precision_5520_firmware *
dell latitude_7400_firmware *
dell wyse_5470_firmware *
dell vostro_5402_firmware *
dell vostro_3581_firmware *
dell latitude_7430_firmware *
dell alienware_m17_r3_firmware *
dell latitude_5591_firmware *
dell vostro_7500_firmware *
dell vostro_7590_firmware *
dell inspiron_3580_firmware *
dell inspiron_5490_firmware *
dell latitude_3390_2-in-1_firmware *
dell latitude_5420_rugged_firmware *
dell xps_8960_firmware *
dell latitude_5488_firmware *
dell latitude_3330_firmware *
dell vostro_3401_firmware *
dell latitude_5511_firmware *
dell precision_3530_firmware *
dell inspiron_3501_firmware *
dell g15_5510_firmware *
dell alienware_aurora_r13_firmware *
dell latitude_5590_firmware *
dell optiplex_5090_firmware *
dell optiplex_7050_firmware *
dell xps_13_7390_firmware *
dell inspiron_7391_firmware *
dell wyse_7040_thin_client_firmware *
dell vostro_3668_firmware *
dell inspiron_3511_firmware *
dell optiplex_7450_firmware *
dell inspiron_3584_firmware *
dell xps_8940_firmware *
dell inspiron_7500_firmware *
dell inspiron_15_5510_firmware *
dell optiplex_tower_plus_7010_firmware *
dell alienware_m15_r3_firmware *
dell vostro_3669_firmware *
dell inspiron_3481_firmware *
dell inspiron_5498_firmware *
dell inspiron_27_7720_all-in-one_firmware *
dell vostro_5490_firmware *
dell g15_5520_firmware *
dell inspiron_13_5330_firmware *
dell latitude_3310_firmware *
dell latitude_3301_firmware *
CVE-2023-28032

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L 0.8 4.2

Products Affected

Vendor Product Version
dell inspiron_5310_firmware *
dell inspiron_5591_2-in-1_firmware *
dell optiplex_3090_firmware *
dell xps_17_9730_firmware *
dell optiplex_7480_all-in-one_firmware *
dell inspiron_3593_firmware *
dell inspiron_24_5410_all-in-one_firmware *
dell inspiron_5593_firmware *
dell vostro_3710_firmware *
dell latitude_7414_rugged_extreme_firmware *
dell latitude_3410_firmware *
dell latitude_7390_2-in-1_firmware *
dell inspiron_5400_firmware *
dell latitude_7210_2-in-1_firmware *
dell precision_3520_firmware *
dell latitude_3520_firmware *
dell latitude_3580_firmware *
dell xps_15_9520_firmware *
dell inspiron_5409_firmware *
dell inspiron_3020_firmware *
dell inspiron_7700_all-in-one_firmware *
dell g7_15_7500_firmware *
dell latitude_7480_firmware *
dell xps_15_9530_firmware *
dell alienware_x14_firmware *
dell latitude_3490_firmware *
dell precision_3630_tower_firmware *
dell precision_7820_tower_firmware *
dell inspiron_7591_firmware *
dell optiplex_7490_all-in-one_firmware *
dell g5_15_5590_firmware *
dell latitude_9510_firmware *
dell optiplex_5060_firmware *
dell inspiron_7610_firmware *
dell g7_15_7590_firmware *
dell precision_3430_tower_firmware *
dell alienware_x15_r1_firmware *
dell optiplex_5260_all-in-one_firmware *
dell latitude_9410_firmware *
dell precision_3240_compact_firmware *
dell precision_5530_firmware *
dell vostro_3070_firmware *
dell inspiron_5300_firmware *
dell optiplex_3050_firmware *
dell alienware_m15_r6_firmware *
dell precision_3571_firmware *
dell latitude_5491_firmware *
dell vostro_5502_firmware *
dell precision_5760_firmware *
dell inspiron_3781_firmware *
dell precision_5820_tower_firmware *
dell inspiron_7510_firmware *
dell vostro_5501_firmware *
dell latitude_7389_firmware *
dell g3_3500_firmware *
dell inspiron_7420_firmware *
dell inspiron_16_7620_2-in-1_firmware *
dell vostro_3580_firmware *
dell inspiron_7500_2-in-1_black_firmware *
dell latitude_rugged_7220_firmware *
dell inspiron_3880_firmware *
dell inspiron_3482_firmware *
dell vostro_3400_firmware *
dell inspiron_7500_2-in-1_silver_firmware *
dell latitude_7380_firmware *
dell alienware_m17_r2_firmware *
dell latitude_rugged_7330_firmware *
dell xps_17_9710_firmware *
dell optiplex_3090_ultra_firmware *
dell precision_3551_firmware *
dell alienware_x15_r2_firmware *
dell xps_15_9510_firmware *
dell g3_3779_firmware *
dell alienware_m17_r4_firmware *
dell optiplex_7070_firmware *
dell precision_7740_firmware *
dell vostro_3890_firmware *
dell xps_15_9500_firmware *
dell precision_7560_firmware *
dell precision_7760_firmware *
dell vostro_3470_firmware *
dell inspiron_5493_firmware *
dell precision_3650_tower_firmware *
dell latitude_9520_firmware *
dell latitude_rugged_5430_firmware *
dell inspiron_7506_2-in-1_firmware *
dell wyse_5470_all-in-one_firmware *
dell precision_5530_2-in-1_firmware *
dell latitude_7300_firmware *
dell latitude_3320_firmware *
dell xps_13_9380_firmware *
dell precision_3420_tower_firmware *
dell vostro_5300_firmware *
dell inspiron_3790_firmware *
dell vostro_3670_firmware *
dell inspiron_3671_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell latitude_5320_firmware *
dell xps_17_9700_firmware *
dell latitude_5290_firmware *
dell latitude_rugged_7220ex_firmware *
dell precision_3560_firmware *
dell latitude_7320_detachable_firmware *
dell latitude_3510_firmware *
dell g15_5511_firmware *
dell inspiron_7306_2-in-1_firmware *
dell optiplex_7000_firmware *
dell xps_13_9315_firmware *
dell vostro_3020_t_firmware *
dell inspiron_3470_firmware *
dell vostro_5510_firmware *
dell latitude_14_rugged_5414_firmware *
dell inspiron_3582_firmware *
dell inspiron_7000_firmware *
dell vostro_3690_firmware *
dell latitude_5510_firmware *
dell vostro_3471_firmware *
dell xps_17_9720_firmware *
dell latitude_9420_firmware *
dell precision_3450_firmware *
dell latitude_7400_2-in-1_firmware *
dell optiplex_3000_thin_client_firmware *
dell latitude_7280_firmware *
dell latitude_7290_firmware *
dell latitude_5300_firmware *
dell inspiron_5420_firmware *
dell optiplex_3000_firmware *
dell precision_5560_firmware *
dell xps_13_9310_2-in-1_firmware *
dell inspiron_3583_firmware *
dell optiplex_7071_firmware *
dell inspiron_5481_2-in-1_firmware *
dell precision_5570_firmware *
dell optiplex_7780_all-in-one_firmware *
dell vostro_5491_firmware *
dell alienware_aurora_r15_firmware *
dell inspiron_3590_firmware *
dell vostro_3420_firmware *
dell vostro_3582_firmware *
dell precision_3431_tower_firmware *
dell latitude_5530_firmware *
dell latitude_7530_firmware *
dell vostro_5591_firmware *
dell inspiron_5502_firmware *
dell optiplex_5050_firmware *
dell vostro_3481_firmware *
dell vostro_3490_firmware *
dell alienware_m15_r4_firmware *
dell inspiron_5406_2-in-1_firmware *
dell latitude_5290_2-in-1_firmware *
dell precision_3440_firmware *
dell precision_7510_firmware *
dell chengming_3980_firmware *
dell inspiron_3280_firmware *
dell xps_13_9310_firmware *
dell xps_13_9320_firmware *
dell precision_7865_tower_firmware *
dell precision_7710_firmware *
dell latitude_5580_firmware *
dell latitude_3120_firmware *
dell latitude_7410_firmware *
dell xps_13_9315_2-in-1_firmware *
dell inspiron_5598_firmware *
dell latitude_3189_firmware *
dell inspiron_7791_firmware *
dell precision_3460_small_form_factor_firmware *
dell precision_5750_firmware *
dell vostro_3681_firmware *
dell vostro_5320_firmware *
dell inspiron_5491_2-in-1_firmware *
dell vostro_7620_firmware *
dell inspiron_15_3511_firmware *
dell latitude_9330_firmware *
dell optiplex_3080_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell latitude_3590_firmware *
dell g16_7620_firmware *
dell inspiron_5402_firmware *
dell precision_7520_firmware *
dell latitude_3400_firmware *
dell latitude_5531_firmware *
dell latitude_3180_firmware *
dell g5_15_5500_firmware *
dell vostro_5620_firmware *
dell latitude_5500_firmware *
dell latitude_5330_firmware *
dell inspiron_5391_firmware *
dell inspiron_5501_firmware *
dell optiplex_5000_firmware *
dell g7_17_7700_firmware *
dell wyse_5070_firmware *
dell inspiron_5594_firmware *
dell chengming_3990_firmware *
dell inspiron_5301_firmware *
dell alienware_x17_r2_firmware *
dell precision_3660_firmware *
dell vostro_3584_firmware *
dell inspiron_3881_firmware *
dell vostro_5090_firmware *
dell optiplex_7460_all-in-one_firmware *
dell alienware_aurora_r12_firmware *
dell g3_15_3590_firmware *
dell optiplex_7090_ultra_firmware *
dell inspiron_14_plus_7420_firmware *
dell inspiron_5570_firmware *
dell precision_3550_firmware *
dell vostro_5410_firmware *
dell inspiron_7300_2-in-1_firmware *
dell optiplex_3280_all-in-one_firmware *
dell optiplex_5480_all-in-one_firmware *
dell precision_5470_firmware *
dell latitude_3530_firmware *
dell latitude_7330_firmware *
dell precision_3930_rack_firmware *
dell xps_15_7590_firmware *
dell inspiron_3490_firmware *
dell optiplex_7760_all-in-one_firmware *
dell inspiron_15_5518_firmware *
dell g5_5000_firmware *
dell precision_7540_firmware *
dell latitude_5289_firmware *
dell chengming_3988_firmware *
dell latitude_5280_firmware *
dell inspiron_5410_firmware *
dell vostro_3510_firmware *
dell xps_13_9305_firmware *
dell optiplex_7770_all-in-one_firmware *
dell inspiron_5408_firmware *
dell inspiron_3502_firmware *
dell inspiron_7590_firmware *
dell inspiron_5620_firmware *
dell latitude_7490_firmware *
dell inspiron_3493_firmware *
dell alienware_m16_firmware *
dell latitude_3480_firmware *
dell latitude_3310_2-in-1_firmware *
dell vostro_3590_firmware *
dell inspiron_7710_firmware *
dell optiplex_5250_firmware *
dell inspiron_3510_firmware *
dell latitude_5410_firmware *
dell vostro_5391_firmware *
dell optiplex_7400_firmware *
dell optiplex_7410_all-in-one_firmware *
dell latitude_3430_firmware *
dell inspiron_5401_firmware *
dell optiplex_7470_all-in-one_firmware *
dell optiplex_3050_all-in-one_firmware *
dell alienware_m15_r2_firmware *
dell latitude_5411_firmware *
dell g5_5090_firmware *
dell optiplex_3060_firmware *
dell inspiron_3581_firmware *
dell optiplex_xe3_firmware *
dell precision_3570_firmware *
dell inspiron_5590_firmware *
dell precision_5540_firmware *
dell embedded_box_pc_5000_firmware *
dell precision_7730_firmware *
dell inspiron_7501_firmware *
dell vostro_7510_firmware *
dell latitude_5490_firmware *
dell precision_5720_aio_firmware *
dell latitude_5520_firmware *
dell precision_3561_firmware *
dell inspiron_5508_firmware *
dell vostro_3881_firmware *
dell inspiron_5509_firmware *
dell inspiron_16_7630_2-in-1_firmware *
dell latitude_5521_firmware *
dell vostro_5401_firmware *
dell inspiron_3020s_firmware *
dell vostro_3500_firmware *
dell vostro_3501_firmware *
dell optiplex_5080_firmware *
dell latitude_5420_firmware *
dell alienware_aurora_r11_firmware *
dell inspiron_7490_firmware *
dell inspiron_5400_2-in-1_firmware *
dell inspiron_14_5410_firmware *
dell inspiron_3891_firmware *
dell latitude_7200_2-in-1_firmware *
dell inspiron_3910_firmware *
dell inspiron_14_5430_firmware *
dell precision_3620_tower_firmware *
dell precision_7770_firmware *
dell latitude_5288_firmware *
dell latitude_3300_firmware *
dell vostro_3667_firmware *
dell inspiron_5494_firmware *
dell vostro_3020_sff_firmware *
dell optiplex_5070_firmware *
dell inspiron_3520_firmware *
dell inspiron_3480_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_7212_rugged_extreme_tablet_firmware *
dell latitude_5501_firmware *
dell vostro_3910_firmware *
dell inspiron_5320_firmware *
dell latitude_7390_firmware *
dell vostro_3520_firmware *
dell inspiron_16_5630_firmware *
dell inspiron_5490_aio_firmware *
dell inspiron_7300_firmware *
dell optiplex_7070_ultra_firmware *
dell optiplex_7080_firmware *
dell inspiron_7400_firmware *
dell inspiron_24_5420_all-in-one_firmware *
dell latitude_3420_firmware *
dell inspiron_5770_firmware *
dell inspiron_3793_firmware *
dell optiplex_7090_firmware *
dell inspiron_7790_firmware *
dell latitude_7230_rugged_extreme_tablet_firmware *
dell alienware_area_51m_r2_firmware *
dell latitude_3190_firmware *
dell chengming_3991_firmware *
dell xps_13_9300_firmware *
dell alienware_x17_r1_firmware *
dell latitude_5424_rugged_firmware *
dell precision_5550_firmware *
dell inspiron_7706_2-in-1_firmware *
dell latitude_5300_2-in-1_firmware *
dell vostro_5880_firmware *
dell alienware_m15_r7_firmware *
dell inspiron_5401_aio_firmware *
dell latitude_5400_firmware *
dell latitude_5310_firmware *
dell g7_17_7790_firmware *
dell optiplex_7060_firmware *
dell vostro_3268_firmware *
dell inspiron_14_5418_firmware *
dell vostro_3583_firmware *
dell precision_3540_firmware *
dell chengming_3900_firmware *
dell latitude_3140_firmware *
dell vostro_16_5630_firmware *
dell vostro_3480_firmware *
dell xps_8950_firmware *
dell optiplex_5270_all-in-one_firmware *
dell latitude_5430_firmware *
dell inspiron_5491_aio_firmware *
dell precision_7670_firmware *
dell inspiron_3782_firmware *
dell optiplex_small_form_factor_plus_7010_firmware *
dell precision_7920_tower_firmware *
dell inspiron_14_7430_2-in-1_firmware *
dell inspiron_3670_firmware *
dell chengming_3910_firmware *
dell latitude_5285_2-in-1_firmware *
dell inspiron_16_plus_7620_firmware *
dell inspiron_3471_firmware *
dell chengming_3901_firmware *
dell vostro_5301_firmware *
dell latitude_3190_2-in-1_firmware *
dell precision_3541_firmware *
dell precision_5770_firmware *
dell g3_3579_firmware *
dell latitude_5480_firmware *
dell precision_7720_firmware *
dell optiplex_5400_firmware *
dell latitude_3500_firmware *
dell vostro_3267_firmware *
dell inspiron_24_5421_all-in-one_firmware *
dell latitude_5421_firmware *
dell inspiron_3780_firmware *
dell vostro_3671_firmware *
dell vostro_5890_firmware *
dell xps_13_7390_2-in-1_firmware *
dell optiplex_7000_oem_firmware *
dell inspiron_3521_firmware *
dell precision_3640_tower_firmware *
dell xps_15_9575_2-in-1_firmware *
dell optiplex_5490_all-in-one_firmware *
dell latitude_7310_firmware *
dell vostro_5590_firmware *
dell g15_5530_firmware *
dell alienware_area_51m_r1_firmware *
dell latitude_13_3380_firmware *
dell latitude_12_rugged_extreme_7214_firmware *
dell vostro_5310_firmware *
dell optiplex_3070_firmware *
dell chengming_3911_firmware *
dell latitude_9430_firmware *
dell latitude_7285_2-in-1_firmware *
dell precision_7530_firmware *
dell precision_5520_firmware *
dell latitude_7400_firmware *
dell wyse_5470_firmware *
dell vostro_5402_firmware *
dell vostro_3581_firmware *
dell latitude_7430_firmware *
dell alienware_m17_r3_firmware *
dell latitude_5591_firmware *
dell vostro_7500_firmware *
dell vostro_7590_firmware *
dell inspiron_3580_firmware *
dell inspiron_5490_firmware *
dell latitude_3390_2-in-1_firmware *
dell latitude_5420_rugged_firmware *
dell xps_8960_firmware *
dell latitude_5488_firmware *
dell latitude_3330_firmware *
dell vostro_3401_firmware *
dell latitude_5511_firmware *
dell precision_3530_firmware *
dell inspiron_3501_firmware *
dell g15_5510_firmware *
dell alienware_aurora_r13_firmware *
dell latitude_5590_firmware *
dell optiplex_5090_firmware *
dell optiplex_7050_firmware *
dell xps_13_7390_firmware *
dell inspiron_7391_firmware *
dell wyse_7040_thin_client_firmware *
dell vostro_3668_firmware *
dell inspiron_3511_firmware *
dell optiplex_7450_firmware *
dell inspiron_3584_firmware *
dell xps_8940_firmware *
dell inspiron_7500_firmware *
dell inspiron_15_5510_firmware *
dell optiplex_tower_plus_7010_firmware *
dell alienware_m15_r3_firmware *
dell vostro_3669_firmware *
dell inspiron_3481_firmware *
dell inspiron_5498_firmware *
dell inspiron_27_7720_all-in-one_firmware *
dell vostro_5490_firmware *
dell g15_5520_firmware *
dell inspiron_13_5330_firmware *
dell latitude_3310_firmware *
dell latitude_3301_firmware *
CVE-2023-28033

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L 0.8 4.2

Products Affected

Vendor Product Version
dell inspiron_5310_firmware *
dell inspiron_5591_2-in-1_firmware *
dell optiplex_3090_firmware *
dell xps_17_9730_firmware *
dell optiplex_7480_all-in-one_firmware *
dell inspiron_3593_firmware *
dell inspiron_24_5410_all-in-one_firmware *
dell inspiron_5593_firmware *
dell vostro_3710_firmware *
dell latitude_7414_rugged_extreme_firmware *
dell latitude_3410_firmware *
dell latitude_7390_2-in-1_firmware *
dell inspiron_5400_firmware *
dell latitude_7210_2-in-1_firmware *
dell precision_3520_firmware *
dell latitude_3520_firmware *
dell latitude_3580_firmware *
dell xps_15_9520_firmware *
dell inspiron_5409_firmware *
dell inspiron_3020_firmware *
dell inspiron_7700_all-in-one_firmware *
dell g7_15_7500_firmware *
dell latitude_7480_firmware *
dell xps_15_9530_firmware *
dell alienware_x14_firmware *
dell latitude_3490_firmware *
dell precision_3630_tower_firmware *
dell precision_7820_tower_firmware *
dell inspiron_7591_firmware *
dell optiplex_7490_all-in-one_firmware *
dell g5_15_5590_firmware *
dell latitude_9510_firmware *
dell optiplex_5060_firmware *
dell inspiron_7610_firmware *
dell g7_15_7590_firmware *
dell precision_3430_tower_firmware *
dell alienware_x15_r1_firmware *
dell optiplex_5260_all-in-one_firmware *
dell latitude_9410_firmware *
dell precision_3240_compact_firmware *
dell precision_5530_firmware *
dell vostro_3070_firmware *
dell inspiron_5300_firmware *
dell optiplex_3050_firmware *
dell alienware_m15_r6_firmware *
dell precision_3571_firmware *
dell latitude_5491_firmware *
dell vostro_5502_firmware *
dell precision_5760_firmware *
dell inspiron_3781_firmware *
dell precision_5820_tower_firmware *
dell inspiron_7510_firmware *
dell vostro_5501_firmware *
dell latitude_7389_firmware *
dell g3_3500_firmware *
dell inspiron_7420_firmware *
dell inspiron_16_7620_2-in-1_firmware *
dell vostro_3580_firmware *
dell inspiron_7500_2-in-1_black_firmware *
dell latitude_rugged_7220_firmware *
dell inspiron_3880_firmware *
dell inspiron_3482_firmware *
dell vostro_3400_firmware *
dell inspiron_7500_2-in-1_silver_firmware *
dell latitude_7380_firmware *
dell alienware_m17_r2_firmware *
dell latitude_rugged_7330_firmware *
dell xps_17_9710_firmware *
dell optiplex_3090_ultra_firmware *
dell precision_3551_firmware *
dell alienware_x15_r2_firmware *
dell xps_15_9510_firmware *
dell g3_3779_firmware *
dell alienware_m17_r4_firmware *
dell optiplex_7070_firmware *
dell precision_7740_firmware *
dell vostro_3890_firmware *
dell xps_15_9500_firmware *
dell precision_7560_firmware *
dell precision_7760_firmware *
dell vostro_3470_firmware *
dell inspiron_5493_firmware *
dell precision_3650_tower_firmware *
dell latitude_9520_firmware *
dell latitude_rugged_5430_firmware *
dell inspiron_7506_2-in-1_firmware *
dell wyse_5470_all-in-one_firmware *
dell precision_5530_2-in-1_firmware *
dell latitude_7300_firmware *
dell latitude_3320_firmware *
dell xps_13_9380_firmware *
dell precision_3420_tower_firmware *
dell vostro_5300_firmware *
dell inspiron_3790_firmware *
dell vostro_3670_firmware *
dell inspiron_3671_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell latitude_5320_firmware *
dell xps_17_9700_firmware *
dell latitude_5290_firmware *
dell latitude_rugged_7220ex_firmware *
dell precision_3560_firmware *
dell latitude_7320_detachable_firmware *
dell latitude_3510_firmware *
dell g15_5511_firmware *
dell inspiron_7306_2-in-1_firmware *
dell optiplex_7000_firmware *
dell xps_13_9315_firmware *
dell vostro_3020_t_firmware *
dell inspiron_3470_firmware *
dell vostro_5510_firmware *
dell latitude_14_rugged_5414_firmware *
dell inspiron_3582_firmware *
dell inspiron_7000_firmware *
dell vostro_3690_firmware *
dell latitude_5510_firmware *
dell vostro_3471_firmware *
dell xps_17_9720_firmware *
dell latitude_9420_firmware *
dell precision_3450_firmware *
dell latitude_7400_2-in-1_firmware *
dell optiplex_3000_thin_client_firmware *
dell latitude_7280_firmware *
dell latitude_7290_firmware *
dell latitude_5300_firmware *
dell inspiron_5420_firmware *
dell optiplex_3000_firmware *
dell precision_5560_firmware *
dell xps_13_9310_2-in-1_firmware *
dell inspiron_3583_firmware *
dell optiplex_7071_firmware *
dell inspiron_5481_2-in-1_firmware *
dell precision_5570_firmware *
dell optiplex_7780_all-in-one_firmware *
dell vostro_5491_firmware *
dell alienware_aurora_r15_firmware *
dell inspiron_3590_firmware *
dell vostro_3420_firmware *
dell vostro_3582_firmware *
dell precision_3431_tower_firmware *
dell latitude_5530_firmware *
dell latitude_7530_firmware *
dell vostro_5591_firmware *
dell inspiron_5502_firmware *
dell optiplex_5050_firmware *
dell vostro_3481_firmware *
dell vostro_3490_firmware *
dell alienware_m15_r4_firmware *
dell inspiron_5406_2-in-1_firmware *
dell latitude_5290_2-in-1_firmware *
dell precision_3440_firmware *
dell precision_7510_firmware *
dell chengming_3980_firmware *
dell inspiron_3280_firmware *
dell xps_13_9310_firmware *
dell xps_13_9320_firmware *
dell precision_7865_tower_firmware *
dell precision_7710_firmware *
dell latitude_5580_firmware *
dell latitude_3120_firmware *
dell latitude_7410_firmware *
dell xps_13_9315_2-in-1_firmware *
dell inspiron_5598_firmware *
dell latitude_3189_firmware *
dell inspiron_7791_firmware *
dell precision_3460_small_form_factor_firmware *
dell precision_5750_firmware *
dell vostro_3681_firmware *
dell vostro_5320_firmware *
dell inspiron_5491_2-in-1_firmware *
dell vostro_7620_firmware *
dell inspiron_15_3511_firmware *
dell latitude_9330_firmware *
dell optiplex_3080_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell latitude_3590_firmware *
dell g16_7620_firmware *
dell inspiron_5402_firmware *
dell precision_7520_firmware *
dell latitude_3400_firmware *
dell latitude_5531_firmware *
dell latitude_3180_firmware *
dell g5_15_5500_firmware *
dell vostro_5620_firmware *
dell latitude_5500_firmware *
dell latitude_5330_firmware *
dell inspiron_5391_firmware *
dell inspiron_5501_firmware *
dell optiplex_5000_firmware *
dell g7_17_7700_firmware *
dell wyse_5070_firmware *
dell inspiron_5594_firmware *
dell chengming_3990_firmware *
dell inspiron_5301_firmware *
dell alienware_x17_r2_firmware *
dell precision_3660_firmware *
dell vostro_3584_firmware *
dell inspiron_3881_firmware *
dell vostro_5090_firmware *
dell optiplex_7460_all-in-one_firmware *
dell alienware_aurora_r12_firmware *
dell g3_15_3590_firmware *
dell optiplex_7090_ultra_firmware *
dell inspiron_14_plus_7420_firmware *
dell inspiron_5570_firmware *
dell precision_3550_firmware *
dell vostro_5410_firmware *
dell inspiron_7300_2-in-1_firmware *
dell optiplex_3280_all-in-one_firmware *
dell optiplex_5480_all-in-one_firmware *
dell precision_5470_firmware *
dell latitude_3530_firmware *
dell latitude_7330_firmware *
dell precision_3930_rack_firmware *
dell xps_15_7590_firmware *
dell inspiron_3490_firmware *
dell optiplex_7760_all-in-one_firmware *
dell inspiron_15_5518_firmware *
dell g5_5000_firmware *
dell precision_7540_firmware *
dell latitude_5289_firmware *
dell chengming_3988_firmware *
dell latitude_5280_firmware *
dell inspiron_5410_firmware *
dell vostro_3510_firmware *
dell xps_13_9305_firmware *
dell optiplex_7770_all-in-one_firmware *
dell inspiron_5408_firmware *
dell inspiron_3502_firmware *
dell inspiron_7590_firmware *
dell inspiron_5620_firmware *
dell latitude_7490_firmware *
dell inspiron_3493_firmware *
dell alienware_m16_firmware *
dell latitude_3480_firmware *
dell latitude_3310_2-in-1_firmware *
dell vostro_3590_firmware *
dell inspiron_7710_firmware *
dell optiplex_5250_firmware *
dell inspiron_3510_firmware *
dell latitude_5410_firmware *
dell vostro_5391_firmware *
dell optiplex_7400_firmware *
dell optiplex_7410_all-in-one_firmware *
dell latitude_3430_firmware *
dell inspiron_5401_firmware *
dell optiplex_7470_all-in-one_firmware *
dell optiplex_3050_all-in-one_firmware *
dell alienware_m15_r2_firmware *
dell latitude_5411_firmware *
dell g5_5090_firmware *
dell optiplex_3060_firmware *
dell inspiron_3581_firmware *
dell optiplex_xe3_firmware *
dell precision_3570_firmware *
dell inspiron_5590_firmware *
dell precision_5540_firmware *
dell embedded_box_pc_5000_firmware *
dell precision_7730_firmware *
dell inspiron_7501_firmware *
dell vostro_7510_firmware *
dell latitude_5490_firmware *
dell precision_5720_aio_firmware *
dell latitude_5520_firmware *
dell precision_3561_firmware *
dell inspiron_5508_firmware *
dell vostro_3881_firmware *
dell inspiron_5509_firmware *
dell inspiron_16_7630_2-in-1_firmware *
dell latitude_5521_firmware *
dell vostro_5401_firmware *
dell inspiron_3020s_firmware *
dell vostro_3500_firmware *
dell vostro_3501_firmware *
dell optiplex_5080_firmware *
dell latitude_5420_firmware *
dell alienware_aurora_r11_firmware *
dell inspiron_7490_firmware *
dell inspiron_5400_2-in-1_firmware *
dell inspiron_14_5410_firmware *
dell inspiron_3891_firmware *
dell latitude_7200_2-in-1_firmware *
dell inspiron_3910_firmware *
dell inspiron_14_5430_firmware *
dell precision_3620_tower_firmware *
dell precision_7770_firmware *
dell latitude_5288_firmware *
dell latitude_3300_firmware *
dell vostro_3667_firmware *
dell inspiron_5494_firmware *
dell vostro_3020_sff_firmware *
dell optiplex_5070_firmware *
dell inspiron_3520_firmware *
dell inspiron_3480_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_7212_rugged_extreme_tablet_firmware *
dell latitude_5501_firmware *
dell vostro_3910_firmware *
dell inspiron_5320_firmware *
dell latitude_7390_firmware *
dell vostro_3520_firmware *
dell inspiron_16_5630_firmware *
dell inspiron_5490_aio_firmware *
dell inspiron_7300_firmware *
dell optiplex_7070_ultra_firmware *
dell optiplex_7080_firmware *
dell inspiron_7400_firmware *
dell inspiron_24_5420_all-in-one_firmware *
dell latitude_3420_firmware *
dell inspiron_5770_firmware *
dell inspiron_3793_firmware *
dell optiplex_7090_firmware *
dell inspiron_7790_firmware *
dell latitude_7230_rugged_extreme_tablet_firmware *
dell alienware_area_51m_r2_firmware *
dell latitude_3190_firmware *
dell chengming_3991_firmware *
dell xps_13_9300_firmware *
dell alienware_x17_r1_firmware *
dell latitude_5424_rugged_firmware *
dell precision_5550_firmware *
dell inspiron_7706_2-in-1_firmware *
dell latitude_5300_2-in-1_firmware *
dell vostro_5880_firmware *
dell alienware_m15_r7_firmware *
dell inspiron_5401_aio_firmware *
dell latitude_5400_firmware *
dell latitude_5310_firmware *
dell g7_17_7790_firmware *
dell optiplex_7060_firmware *
dell vostro_3268_firmware *
dell inspiron_14_5418_firmware *
dell vostro_3583_firmware *
dell precision_3540_firmware *
dell chengming_3900_firmware *
dell latitude_3140_firmware *
dell vostro_16_5630_firmware *
dell vostro_3480_firmware *
dell xps_8950_firmware *
dell optiplex_5270_all-in-one_firmware *
dell latitude_5430_firmware *
dell inspiron_5491_aio_firmware *
dell precision_7670_firmware *
dell inspiron_3782_firmware *
dell optiplex_small_form_factor_plus_7010_firmware *
dell precision_7920_tower_firmware *
dell inspiron_14_7430_2-in-1_firmware *
dell inspiron_3670_firmware *
dell chengming_3910_firmware *
dell latitude_5285_2-in-1_firmware *
dell inspiron_16_plus_7620_firmware *
dell inspiron_3471_firmware *
dell chengming_3901_firmware *
dell vostro_5301_firmware *
dell latitude_3190_2-in-1_firmware *
dell precision_3541_firmware *
dell precision_5770_firmware *
dell g3_3579_firmware *
dell latitude_5480_firmware *
dell precision_7720_firmware *
dell optiplex_5400_firmware *
dell latitude_3500_firmware *
dell vostro_3267_firmware *
dell inspiron_24_5421_all-in-one_firmware *
dell latitude_5421_firmware *
dell inspiron_3780_firmware *
dell vostro_3671_firmware *
dell vostro_5890_firmware *
dell xps_13_7390_2-in-1_firmware *
dell optiplex_7000_oem_firmware *
dell inspiron_3521_firmware *
dell precision_3640_tower_firmware *
dell xps_15_9575_2-in-1_firmware *
dell optiplex_5490_all-in-one_firmware *
dell latitude_7310_firmware *
dell vostro_5590_firmware *
dell g15_5530_firmware *
dell alienware_area_51m_r1_firmware *
dell latitude_13_3380_firmware *
dell latitude_12_rugged_extreme_7214_firmware *
dell vostro_5310_firmware *
dell optiplex_3070_firmware *
dell chengming_3911_firmware *
dell latitude_9430_firmware *
dell latitude_7285_2-in-1_firmware *
dell precision_7530_firmware *
dell precision_5520_firmware *
dell latitude_7400_firmware *
dell wyse_5470_firmware *
dell vostro_5402_firmware *
dell vostro_3581_firmware *
dell latitude_7430_firmware *
dell alienware_m17_r3_firmware *
dell latitude_5591_firmware *
dell vostro_7500_firmware *
dell vostro_7590_firmware *
dell inspiron_3580_firmware *
dell inspiron_5490_firmware *
dell latitude_3390_2-in-1_firmware *
dell latitude_5420_rugged_firmware *
dell xps_8960_firmware *
dell latitude_5488_firmware *
dell latitude_3330_firmware *
dell vostro_3401_firmware *
dell latitude_5511_firmware *
dell precision_3530_firmware *
dell inspiron_3501_firmware *
dell g15_5510_firmware *
dell alienware_aurora_r13_firmware *
dell latitude_5590_firmware *
dell optiplex_5090_firmware *
dell optiplex_7050_firmware *
dell xps_13_7390_firmware *
dell inspiron_7391_firmware *
dell wyse_7040_thin_client_firmware *
dell vostro_3668_firmware *
dell inspiron_3511_firmware *
dell optiplex_7450_firmware *
dell inspiron_3584_firmware *
dell xps_8940_firmware *
dell inspiron_7500_firmware *
dell inspiron_15_5510_firmware *
dell optiplex_tower_plus_7010_firmware *
dell alienware_m15_r3_firmware *
dell vostro_3669_firmware *
dell inspiron_3481_firmware *
dell inspiron_5498_firmware *
dell inspiron_27_7720_all-in-one_firmware *
dell vostro_5490_firmware *
dell g15_5520_firmware *
dell inspiron_13_5330_firmware *
dell latitude_3310_firmware *
dell latitude_3301_firmware *
CVE-2023-28034

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L 0.8 4.2

Products Affected

Vendor Product Version
dell inspiron_5310_firmware *
dell inspiron_5591_2-in-1_firmware *
dell optiplex_3090_firmware *
dell xps_17_9730_firmware *
dell optiplex_7480_all-in-one_firmware *
dell inspiron_3593_firmware *
dell inspiron_24_5410_all-in-one_firmware *
dell inspiron_5593_firmware *
dell vostro_3710_firmware *
dell latitude_7414_rugged_extreme_firmware *
dell latitude_3410_firmware *
dell latitude_7390_2-in-1_firmware *
dell inspiron_5400_firmware *
dell latitude_7210_2-in-1_firmware *
dell precision_3520_firmware *
dell latitude_3520_firmware *
dell latitude_3580_firmware *
dell xps_15_9520_firmware *
dell inspiron_5409_firmware *
dell inspiron_3020_firmware *
dell inspiron_7700_all-in-one_firmware *
dell g7_15_7500_firmware *
dell latitude_7480_firmware *
dell xps_15_9530_firmware *
dell alienware_x14_firmware *
dell latitude_3490_firmware *
dell precision_3630_tower_firmware *
dell precision_7820_tower_firmware *
dell inspiron_7591_firmware *
dell optiplex_7490_all-in-one_firmware *
dell g5_15_5590_firmware *
dell latitude_9510_firmware *
dell optiplex_5060_firmware *
dell inspiron_7610_firmware *
dell g7_15_7590_firmware *
dell precision_3430_tower_firmware *
dell alienware_x15_r1_firmware *
dell optiplex_5260_all-in-one_firmware *
dell latitude_9410_firmware *
dell precision_3240_compact_firmware *
dell precision_5530_firmware *
dell vostro_3070_firmware *
dell inspiron_5300_firmware *
dell optiplex_3050_firmware *
dell alienware_m15_r6_firmware *
dell precision_3571_firmware *
dell latitude_5491_firmware *
dell vostro_5502_firmware *
dell precision_5760_firmware *
dell inspiron_3781_firmware *
dell precision_5820_tower_firmware *
dell inspiron_7510_firmware *
dell vostro_5501_firmware *
dell latitude_7389_firmware *
dell g3_3500_firmware *
dell inspiron_7420_firmware *
dell inspiron_16_7620_2-in-1_firmware *
dell vostro_3580_firmware *
dell inspiron_7500_2-in-1_black_firmware *
dell latitude_rugged_7220_firmware *
dell inspiron_3880_firmware *
dell inspiron_3482_firmware *
dell vostro_3400_firmware *
dell inspiron_7500_2-in-1_silver_firmware *
dell latitude_7380_firmware *
dell alienware_m17_r2_firmware *
dell latitude_rugged_7330_firmware *
dell xps_17_9710_firmware *
dell optiplex_3090_ultra_firmware *
dell precision_3551_firmware *
dell alienware_x15_r2_firmware *
dell xps_15_9510_firmware *
dell g3_3779_firmware *
dell alienware_m17_r4_firmware *
dell optiplex_7070_firmware *
dell precision_7740_firmware *
dell vostro_3890_firmware *
dell xps_15_9500_firmware *
dell precision_7560_firmware *
dell precision_7760_firmware *
dell vostro_3470_firmware *
dell inspiron_5493_firmware *
dell precision_3650_tower_firmware *
dell latitude_9520_firmware *
dell latitude_rugged_5430_firmware *
dell inspiron_7506_2-in-1_firmware *
dell wyse_5470_all-in-one_firmware *
dell precision_5530_2-in-1_firmware *
dell latitude_7300_firmware *
dell latitude_3320_firmware *
dell xps_13_9380_firmware *
dell precision_3420_tower_firmware *
dell vostro_5300_firmware *
dell inspiron_3790_firmware *
dell vostro_3670_firmware *
dell inspiron_3671_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell latitude_5320_firmware *
dell xps_17_9700_firmware *
dell latitude_5290_firmware *
dell latitude_rugged_7220ex_firmware *
dell precision_3560_firmware *
dell latitude_7320_detachable_firmware *
dell latitude_3510_firmware *
dell g15_5511_firmware *
dell inspiron_7306_2-in-1_firmware *
dell optiplex_7000_firmware *
dell xps_13_9315_firmware *
dell vostro_3020_t_firmware *
dell inspiron_3470_firmware *
dell vostro_5510_firmware *
dell latitude_14_rugged_5414_firmware *
dell inspiron_3582_firmware *
dell inspiron_7000_firmware *
dell vostro_3690_firmware *
dell latitude_5510_firmware *
dell vostro_3471_firmware *
dell xps_17_9720_firmware *
dell latitude_9420_firmware *
dell precision_3450_firmware *
dell latitude_7400_2-in-1_firmware *
dell optiplex_3000_thin_client_firmware *
dell latitude_7280_firmware *
dell latitude_7290_firmware *
dell latitude_5300_firmware *
dell inspiron_5420_firmware *
dell optiplex_3000_firmware *
dell precision_5560_firmware *
dell xps_13_9310_2-in-1_firmware *
dell inspiron_3583_firmware *
dell optiplex_7071_firmware *
dell inspiron_5481_2-in-1_firmware *
dell precision_5570_firmware *
dell optiplex_7780_all-in-one_firmware *
dell vostro_5491_firmware *
dell alienware_aurora_r15_firmware *
dell inspiron_3590_firmware *
dell vostro_3420_firmware *
dell vostro_3582_firmware *
dell precision_3431_tower_firmware *
dell latitude_5530_firmware *
dell latitude_7530_firmware *
dell vostro_5591_firmware *
dell inspiron_5502_firmware *
dell optiplex_5050_firmware *
dell vostro_3481_firmware *
dell vostro_3490_firmware *
dell alienware_m15_r4_firmware *
dell inspiron_5406_2-in-1_firmware *
dell latitude_5290_2-in-1_firmware *
dell precision_3440_firmware *
dell precision_7510_firmware *
dell chengming_3980_firmware *
dell inspiron_3280_firmware *
dell xps_13_9310_firmware *
dell xps_13_9320_firmware *
dell precision_7865_tower_firmware *
dell precision_7710_firmware *
dell latitude_5580_firmware *
dell latitude_3120_firmware *
dell latitude_7410_firmware *
dell xps_13_9315_2-in-1_firmware *
dell inspiron_5598_firmware *
dell latitude_3189_firmware *
dell inspiron_7791_firmware *
dell precision_3460_small_form_factor_firmware *
dell precision_5750_firmware *
dell vostro_3681_firmware *
dell vostro_5320_firmware *
dell inspiron_5491_2-in-1_firmware *
dell vostro_7620_firmware *
dell inspiron_15_3511_firmware *
dell latitude_9330_firmware *
dell optiplex_3080_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell latitude_3590_firmware *
dell g16_7620_firmware *
dell inspiron_5402_firmware *
dell precision_7520_firmware *
dell latitude_3400_firmware *
dell latitude_5531_firmware *
dell latitude_3180_firmware *
dell g5_15_5500_firmware *
dell vostro_5620_firmware *
dell latitude_5500_firmware *
dell latitude_5330_firmware *
dell inspiron_5391_firmware *
dell inspiron_5501_firmware *
dell optiplex_5000_firmware *
dell g7_17_7700_firmware *
dell wyse_5070_firmware *
dell inspiron_5594_firmware *
dell chengming_3990_firmware *
dell inspiron_5301_firmware *
dell alienware_x17_r2_firmware *
dell precision_3660_firmware *
dell vostro_3584_firmware *
dell inspiron_3881_firmware *
dell vostro_5090_firmware *
dell optiplex_7460_all-in-one_firmware *
dell alienware_aurora_r12_firmware *
dell g3_15_3590_firmware *
dell optiplex_7090_ultra_firmware *
dell inspiron_14_plus_7420_firmware *
dell inspiron_5570_firmware *
dell precision_3550_firmware *
dell vostro_5410_firmware *
dell inspiron_7300_2-in-1_firmware *
dell optiplex_3280_all-in-one_firmware *
dell optiplex_5480_all-in-one_firmware *
dell precision_5470_firmware *
dell latitude_3530_firmware *
dell latitude_7330_firmware *
dell precision_3930_rack_firmware *
dell xps_15_7590_firmware *
dell inspiron_3490_firmware *
dell optiplex_7760_all-in-one_firmware *
dell inspiron_15_5518_firmware *
dell g5_5000_firmware *
dell precision_7540_firmware *
dell latitude_5289_firmware *
dell chengming_3988_firmware *
dell latitude_5280_firmware *
dell inspiron_5410_firmware *
dell vostro_3510_firmware *
dell xps_13_9305_firmware *
dell optiplex_7770_all-in-one_firmware *
dell inspiron_5408_firmware *
dell inspiron_3502_firmware *
dell inspiron_7590_firmware *
dell inspiron_5620_firmware *
dell latitude_7490_firmware *
dell inspiron_3493_firmware *
dell alienware_m16_firmware *
dell latitude_3480_firmware *
dell latitude_3310_2-in-1_firmware *
dell vostro_3590_firmware *
dell inspiron_7710_firmware *
dell optiplex_5250_firmware *
dell inspiron_3510_firmware *
dell latitude_5410_firmware *
dell vostro_5391_firmware *
dell optiplex_7400_firmware *
dell optiplex_7410_all-in-one_firmware *
dell latitude_3430_firmware *
dell inspiron_5401_firmware *
dell optiplex_7470_all-in-one_firmware *
dell optiplex_3050_all-in-one_firmware *
dell alienware_m15_r2_firmware *
dell latitude_5411_firmware *
dell g5_5090_firmware *
dell optiplex_3060_firmware *
dell inspiron_3581_firmware *
dell optiplex_xe3_firmware *
dell precision_3570_firmware *
dell inspiron_5590_firmware *
dell precision_5540_firmware *
dell embedded_box_pc_5000_firmware *
dell precision_7730_firmware *
dell inspiron_7501_firmware *
dell vostro_7510_firmware *
dell latitude_5490_firmware *
dell precision_5720_aio_firmware *
dell latitude_5520_firmware *
dell precision_3561_firmware *
dell inspiron_5508_firmware *
dell vostro_3881_firmware *
dell inspiron_5509_firmware *
dell inspiron_16_7630_2-in-1_firmware *
dell latitude_5521_firmware *
dell vostro_5401_firmware *
dell inspiron_3020s_firmware *
dell vostro_3500_firmware *
dell vostro_3501_firmware *
dell optiplex_5080_firmware *
dell latitude_5420_firmware *
dell alienware_aurora_r11_firmware *
dell inspiron_7490_firmware *
dell inspiron_5400_2-in-1_firmware *
dell inspiron_14_5410_firmware *
dell inspiron_3891_firmware *
dell latitude_7200_2-in-1_firmware *
dell inspiron_3910_firmware *
dell inspiron_14_5430_firmware *
dell precision_3620_tower_firmware *
dell precision_7770_firmware *
dell latitude_5288_firmware *
dell latitude_3300_firmware *
dell vostro_3667_firmware *
dell inspiron_5494_firmware *
dell vostro_3020_sff_firmware *
dell optiplex_5070_firmware *
dell inspiron_3520_firmware *
dell inspiron_3480_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_7212_rugged_extreme_tablet_firmware *
dell latitude_5501_firmware *
dell vostro_3910_firmware *
dell inspiron_5320_firmware *
dell latitude_7390_firmware *
dell vostro_3520_firmware *
dell inspiron_16_5630_firmware *
dell inspiron_5490_aio_firmware *
dell inspiron_7300_firmware *
dell optiplex_7070_ultra_firmware *
dell optiplex_7080_firmware *
dell inspiron_7400_firmware *
dell inspiron_24_5420_all-in-one_firmware *
dell latitude_3420_firmware *
dell inspiron_5770_firmware *
dell inspiron_3793_firmware *
dell optiplex_7090_firmware *
dell inspiron_7790_firmware *
dell latitude_7230_rugged_extreme_tablet_firmware *
dell alienware_area_51m_r2_firmware *
dell latitude_3190_firmware *
dell chengming_3991_firmware *
dell xps_13_9300_firmware *
dell alienware_x17_r1_firmware *
dell latitude_5424_rugged_firmware *
dell precision_5550_firmware *
dell inspiron_7706_2-in-1_firmware *
dell latitude_5300_2-in-1_firmware *
dell vostro_5880_firmware *
dell alienware_m15_r7_firmware *
dell inspiron_5401_aio_firmware *
dell latitude_5400_firmware *
dell latitude_5310_firmware *
dell g7_17_7790_firmware *
dell optiplex_7060_firmware *
dell vostro_3268_firmware *
dell inspiron_14_5418_firmware *
dell vostro_3583_firmware *
dell precision_3540_firmware *
dell chengming_3900_firmware *
dell latitude_3140_firmware *
dell vostro_16_5630_firmware *
dell vostro_3480_firmware *
dell xps_8950_firmware *
dell optiplex_5270_all-in-one_firmware *
dell latitude_5430_firmware *
dell inspiron_5491_aio_firmware *
dell precision_7670_firmware *
dell inspiron_3782_firmware *
dell optiplex_small_form_factor_plus_7010_firmware *
dell precision_7920_tower_firmware *
dell inspiron_14_7430_2-in-1_firmware *
dell inspiron_3670_firmware *
dell chengming_3910_firmware *
dell latitude_5285_2-in-1_firmware *
dell inspiron_16_plus_7620_firmware *
dell inspiron_3471_firmware *
dell chengming_3901_firmware *
dell vostro_5301_firmware *
dell latitude_3190_2-in-1_firmware *
dell precision_3541_firmware *
dell precision_5770_firmware *
dell g3_3579_firmware *
dell latitude_5480_firmware *
dell precision_7720_firmware *
dell optiplex_5400_firmware *
dell latitude_3500_firmware *
dell vostro_3267_firmware *
dell inspiron_24_5421_all-in-one_firmware *
dell latitude_5421_firmware *
dell inspiron_3780_firmware *
dell vostro_3671_firmware *
dell vostro_5890_firmware *
dell xps_13_7390_2-in-1_firmware *
dell optiplex_7000_oem_firmware *
dell inspiron_3521_firmware *
dell precision_3640_tower_firmware *
dell xps_15_9575_2-in-1_firmware *
dell optiplex_5490_all-in-one_firmware *
dell latitude_7310_firmware *
dell vostro_5590_firmware *
dell g15_5530_firmware *
dell alienware_area_51m_r1_firmware *
dell latitude_13_3380_firmware *
dell latitude_12_rugged_extreme_7214_firmware *
dell vostro_5310_firmware *
dell optiplex_3070_firmware *
dell chengming_3911_firmware *
dell latitude_9430_firmware *
dell latitude_7285_2-in-1_firmware *
dell precision_7530_firmware *
dell precision_5520_firmware *
dell latitude_7400_firmware *
dell wyse_5470_firmware *
dell vostro_5402_firmware *
dell vostro_3581_firmware *
dell latitude_7430_firmware *
dell alienware_m17_r3_firmware *
dell latitude_5591_firmware *
dell vostro_7500_firmware *
dell vostro_7590_firmware *
dell inspiron_3580_firmware *
dell inspiron_5490_firmware *
dell latitude_3390_2-in-1_firmware *
dell latitude_5420_rugged_firmware *
dell xps_8960_firmware *
dell latitude_5488_firmware *
dell latitude_3330_firmware *
dell vostro_3401_firmware *
dell latitude_5511_firmware *
dell precision_3530_firmware *
dell inspiron_3501_firmware *
dell g15_5510_firmware *
dell alienware_aurora_r13_firmware *
dell latitude_5590_firmware *
dell optiplex_5090_firmware *
dell optiplex_7050_firmware *
dell xps_13_7390_firmware *
dell inspiron_7391_firmware *
dell wyse_7040_thin_client_firmware *
dell vostro_3668_firmware *
dell inspiron_3511_firmware *
dell optiplex_7450_firmware *
dell inspiron_3584_firmware *
dell xps_8940_firmware *
dell inspiron_7500_firmware *
dell inspiron_15_5510_firmware *
dell optiplex_tower_plus_7010_firmware *
dell alienware_m15_r3_firmware *
dell vostro_3669_firmware *
dell inspiron_3481_firmware *
dell inspiron_5498_firmware *
dell inspiron_27_7720_all-in-one_firmware *
dell vostro_5490_firmware *
dell g15_5520_firmware *
dell inspiron_13_5330_firmware *
dell latitude_3310_firmware *
dell latitude_3301_firmware *
CVE-2023-28035

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L 0.8 4.2

Products Affected

Vendor Product Version
dell inspiron_5310_firmware *
dell inspiron_5591_2-in-1_firmware *
dell optiplex_3090_firmware *
dell xps_17_9730_firmware *
dell optiplex_7480_all-in-one_firmware *
dell inspiron_3593_firmware *
dell inspiron_24_5410_all-in-one_firmware *
dell inspiron_5593_firmware *
dell vostro_3710_firmware *
dell latitude_7414_rugged_extreme_firmware *
dell latitude_3410_firmware *
dell latitude_7390_2-in-1_firmware *
dell inspiron_5400_firmware *
dell latitude_7210_2-in-1_firmware *
dell precision_3520_firmware *
dell latitude_3520_firmware *
dell latitude_3580_firmware *
dell xps_15_9520_firmware *
dell inspiron_5409_firmware *
dell inspiron_3020_firmware *
dell inspiron_7700_all-in-one_firmware *
dell g7_15_7500_firmware *
dell latitude_7480_firmware *
dell xps_15_9530_firmware *
dell alienware_x14_firmware *
dell latitude_3490_firmware *
dell precision_3630_tower_firmware *
dell precision_7820_tower_firmware *
dell inspiron_7591_firmware *
dell optiplex_7490_all-in-one_firmware *
dell g5_15_5590_firmware *
dell latitude_9510_firmware *
dell optiplex_5060_firmware *
dell inspiron_7610_firmware *
dell g7_15_7590_firmware *
dell precision_3430_tower_firmware *
dell alienware_x15_r1_firmware *
dell optiplex_5260_all-in-one_firmware *
dell latitude_9410_firmware *
dell precision_3240_compact_firmware *
dell precision_5530_firmware *
dell vostro_3070_firmware *
dell inspiron_5300_firmware *
dell optiplex_3050_firmware *
dell alienware_m15_r6_firmware *
dell precision_3571_firmware *
dell latitude_5491_firmware *
dell vostro_5502_firmware *
dell precision_5760_firmware *
dell inspiron_3781_firmware *
dell precision_5820_tower_firmware *
dell inspiron_7510_firmware *
dell vostro_5501_firmware *
dell latitude_7389_firmware *
dell g3_3500_firmware *
dell inspiron_7420_firmware *
dell inspiron_16_7620_2-in-1_firmware *
dell vostro_3580_firmware *
dell inspiron_7500_2-in-1_black_firmware *
dell latitude_rugged_7220_firmware *
dell inspiron_3880_firmware *
dell inspiron_3482_firmware *
dell vostro_3400_firmware *
dell inspiron_7500_2-in-1_silver_firmware *
dell latitude_7380_firmware *
dell alienware_m17_r2_firmware *
dell latitude_rugged_7330_firmware *
dell xps_17_9710_firmware *
dell optiplex_3090_ultra_firmware *
dell precision_3551_firmware *
dell alienware_x15_r2_firmware *
dell xps_15_9510_firmware *
dell g3_3779_firmware *
dell alienware_m17_r4_firmware *
dell optiplex_7070_firmware *
dell precision_7740_firmware *
dell vostro_3890_firmware *
dell xps_15_9500_firmware *
dell precision_7560_firmware *
dell precision_7760_firmware *
dell vostro_3470_firmware *
dell inspiron_5493_firmware *
dell precision_3650_tower_firmware *
dell latitude_9520_firmware *
dell latitude_rugged_5430_firmware *
dell inspiron_7506_2-in-1_firmware *
dell wyse_5470_all-in-one_firmware *
dell precision_5530_2-in-1_firmware *
dell latitude_7300_firmware *
dell latitude_3320_firmware *
dell xps_13_9380_firmware *
dell precision_3420_tower_firmware *
dell vostro_5300_firmware *
dell inspiron_3790_firmware *
dell vostro_3670_firmware *
dell inspiron_3671_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell latitude_5320_firmware *
dell xps_17_9700_firmware *
dell latitude_5290_firmware *
dell latitude_rugged_7220ex_firmware *
dell precision_3560_firmware *
dell latitude_7320_detachable_firmware *
dell latitude_3510_firmware *
dell g15_5511_firmware *
dell inspiron_7306_2-in-1_firmware *
dell optiplex_7000_firmware *
dell xps_13_9315_firmware *
dell vostro_3020_t_firmware *
dell inspiron_3470_firmware *
dell vostro_5510_firmware *
dell latitude_14_rugged_5414_firmware *
dell inspiron_3582_firmware *
dell inspiron_7000_firmware *
dell vostro_3690_firmware *
dell latitude_5510_firmware *
dell vostro_3471_firmware *
dell xps_17_9720_firmware *
dell latitude_9420_firmware *
dell precision_3450_firmware *
dell latitude_7400_2-in-1_firmware *
dell optiplex_3000_thin_client_firmware *
dell latitude_7280_firmware *
dell latitude_7290_firmware *
dell latitude_5300_firmware *
dell inspiron_5420_firmware *
dell optiplex_3000_firmware *
dell precision_5560_firmware *
dell xps_13_9310_2-in-1_firmware *
dell inspiron_3583_firmware *
dell optiplex_7071_firmware *
dell inspiron_5481_2-in-1_firmware *
dell precision_5570_firmware *
dell optiplex_7780_all-in-one_firmware *
dell vostro_5491_firmware *
dell alienware_aurora_r15_firmware *
dell inspiron_3590_firmware *
dell vostro_3420_firmware *
dell vostro_3582_firmware *
dell precision_3431_tower_firmware *
dell latitude_5530_firmware *
dell latitude_7530_firmware *
dell vostro_5591_firmware *
dell inspiron_5502_firmware *
dell optiplex_5050_firmware *
dell vostro_3481_firmware *
dell vostro_3490_firmware *
dell alienware_m15_r4_firmware *
dell inspiron_5406_2-in-1_firmware *
dell latitude_5290_2-in-1_firmware *
dell precision_3440_firmware *
dell precision_7510_firmware *
dell chengming_3980_firmware *
dell inspiron_3280_firmware *
dell xps_13_9310_firmware *
dell xps_13_9320_firmware *
dell precision_7865_tower_firmware *
dell precision_7710_firmware *
dell latitude_5580_firmware *
dell latitude_3120_firmware *
dell latitude_7410_firmware *
dell xps_13_9315_2-in-1_firmware *
dell inspiron_5598_firmware *
dell latitude_3189_firmware *
dell inspiron_7791_firmware *
dell precision_3460_small_form_factor_firmware *
dell precision_5750_firmware *
dell vostro_3681_firmware *
dell vostro_5320_firmware *
dell inspiron_5491_2-in-1_firmware *
dell vostro_7620_firmware *
dell inspiron_15_3511_firmware *
dell latitude_9330_firmware *
dell optiplex_3080_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell latitude_3590_firmware *
dell g16_7620_firmware *
dell inspiron_5402_firmware *
dell precision_7520_firmware *
dell latitude_3400_firmware *
dell latitude_5531_firmware *
dell latitude_3180_firmware *
dell g5_15_5500_firmware *
dell vostro_5620_firmware *
dell latitude_5500_firmware *
dell latitude_5330_firmware *
dell inspiron_5391_firmware *
dell inspiron_5501_firmware *
dell optiplex_5000_firmware *
dell g7_17_7700_firmware *
dell wyse_5070_firmware *
dell inspiron_5594_firmware *
dell chengming_3990_firmware *
dell inspiron_5301_firmware *
dell alienware_x17_r2_firmware *
dell precision_3660_firmware *
dell vostro_3584_firmware *
dell inspiron_3881_firmware *
dell vostro_5090_firmware *
dell optiplex_7460_all-in-one_firmware *
dell alienware_aurora_r12_firmware *
dell g3_15_3590_firmware *
dell optiplex_7090_ultra_firmware *
dell inspiron_14_plus_7420_firmware *
dell inspiron_5570_firmware *
dell precision_3550_firmware *
dell vostro_5410_firmware *
dell inspiron_7300_2-in-1_firmware *
dell optiplex_3280_all-in-one_firmware *
dell optiplex_5480_all-in-one_firmware *
dell precision_5470_firmware *
dell latitude_3530_firmware *
dell latitude_7330_firmware *
dell precision_3930_rack_firmware *
dell xps_15_7590_firmware *
dell inspiron_3490_firmware *
dell optiplex_7760_all-in-one_firmware *
dell inspiron_15_5518_firmware *
dell g5_5000_firmware *
dell precision_7540_firmware *
dell latitude_5289_firmware *
dell chengming_3988_firmware *
dell latitude_5280_firmware *
dell inspiron_5410_firmware *
dell vostro_3510_firmware *
dell xps_13_9305_firmware *
dell optiplex_7770_all-in-one_firmware *
dell inspiron_5408_firmware *
dell inspiron_3502_firmware *
dell inspiron_7590_firmware *
dell inspiron_5620_firmware *
dell latitude_7490_firmware *
dell inspiron_3493_firmware *
dell alienware_m16_firmware *
dell latitude_3480_firmware *
dell latitude_3310_2-in-1_firmware *
dell vostro_3590_firmware *
dell inspiron_7710_firmware *
dell optiplex_5250_firmware *
dell inspiron_3510_firmware *
dell latitude_5410_firmware *
dell vostro_5391_firmware *
dell optiplex_7400_firmware *
dell optiplex_7410_all-in-one_firmware *
dell latitude_3430_firmware *
dell inspiron_5401_firmware *
dell optiplex_7470_all-in-one_firmware *
dell optiplex_3050_all-in-one_firmware *
dell alienware_m15_r2_firmware *
dell latitude_5411_firmware *
dell g5_5090_firmware *
dell optiplex_3060_firmware *
dell inspiron_3581_firmware *
dell optiplex_xe3_firmware *
dell precision_3570_firmware *
dell inspiron_5590_firmware *
dell precision_5540_firmware *
dell embedded_box_pc_5000_firmware *
dell precision_7730_firmware *
dell inspiron_7501_firmware *
dell vostro_7510_firmware *
dell latitude_5490_firmware *
dell precision_5720_aio_firmware *
dell latitude_5520_firmware *
dell precision_3561_firmware *
dell inspiron_5508_firmware *
dell vostro_3881_firmware *
dell inspiron_5509_firmware *
dell inspiron_16_7630_2-in-1_firmware *
dell latitude_5521_firmware *
dell vostro_5401_firmware *
dell inspiron_3020s_firmware *
dell vostro_3500_firmware *
dell vostro_3501_firmware *
dell optiplex_5080_firmware *
dell latitude_5420_firmware *
dell alienware_aurora_r11_firmware *
dell inspiron_7490_firmware *
dell inspiron_5400_2-in-1_firmware *
dell inspiron_14_5410_firmware *
dell inspiron_3891_firmware *
dell latitude_7200_2-in-1_firmware *
dell inspiron_3910_firmware *
dell inspiron_14_5430_firmware *
dell precision_3620_tower_firmware *
dell precision_7770_firmware *
dell latitude_5288_firmware *
dell latitude_3300_firmware *
dell vostro_3667_firmware *
dell inspiron_5494_firmware *
dell vostro_3020_sff_firmware *
dell optiplex_5070_firmware *
dell inspiron_3520_firmware *
dell inspiron_3480_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_7212_rugged_extreme_tablet_firmware *
dell latitude_5501_firmware *
dell vostro_3910_firmware *
dell inspiron_5320_firmware *
dell latitude_7390_firmware *
dell vostro_3520_firmware *
dell inspiron_16_5630_firmware *
dell inspiron_5490_aio_firmware *
dell inspiron_7300_firmware *
dell optiplex_7070_ultra_firmware *
dell optiplex_7080_firmware *
dell inspiron_7400_firmware *
dell inspiron_24_5420_all-in-one_firmware *
dell latitude_3420_firmware *
dell inspiron_5770_firmware *
dell inspiron_3793_firmware *
dell optiplex_7090_firmware *
dell inspiron_7790_firmware *
dell latitude_7230_rugged_extreme_tablet_firmware *
dell alienware_area_51m_r2_firmware *
dell latitude_3190_firmware *
dell chengming_3991_firmware *
dell xps_13_9300_firmware *
dell alienware_x17_r1_firmware *
dell latitude_5424_rugged_firmware *
dell precision_5550_firmware *
dell inspiron_7706_2-in-1_firmware *
dell latitude_5300_2-in-1_firmware *
dell vostro_5880_firmware *
dell alienware_m15_r7_firmware *
dell inspiron_5401_aio_firmware *
dell latitude_5400_firmware *
dell latitude_5310_firmware *
dell g7_17_7790_firmware *
dell optiplex_7060_firmware *
dell vostro_3268_firmware *
dell inspiron_14_5418_firmware *
dell vostro_3583_firmware *
dell precision_3540_firmware *
dell chengming_3900_firmware *
dell latitude_3140_firmware *
dell vostro_16_5630_firmware *
dell vostro_3480_firmware *
dell xps_8950_firmware *
dell optiplex_5270_all-in-one_firmware *
dell latitude_5430_firmware *
dell inspiron_5491_aio_firmware *
dell precision_7670_firmware *
dell inspiron_3782_firmware *
dell optiplex_small_form_factor_plus_7010_firmware *
dell precision_7920_tower_firmware *
dell inspiron_14_7430_2-in-1_firmware *
dell inspiron_3670_firmware *
dell chengming_3910_firmware *
dell latitude_5285_2-in-1_firmware *
dell inspiron_16_plus_7620_firmware *
dell inspiron_3471_firmware *
dell chengming_3901_firmware *
dell vostro_5301_firmware *
dell latitude_3190_2-in-1_firmware *
dell precision_3541_firmware *
dell precision_5770_firmware *
dell g3_3579_firmware *
dell latitude_5480_firmware *
dell precision_7720_firmware *
dell optiplex_5400_firmware *
dell latitude_3500_firmware *
dell vostro_3267_firmware *
dell inspiron_24_5421_all-in-one_firmware *
dell latitude_5421_firmware *
dell inspiron_3780_firmware *
dell vostro_3671_firmware *
dell vostro_5890_firmware *
dell xps_13_7390_2-in-1_firmware *
dell optiplex_7000_oem_firmware *
dell inspiron_3521_firmware *
dell precision_3640_tower_firmware *
dell xps_15_9575_2-in-1_firmware *
dell optiplex_5490_all-in-one_firmware *
dell latitude_7310_firmware *
dell vostro_5590_firmware *
dell g15_5530_firmware *
dell alienware_area_51m_r1_firmware *
dell latitude_13_3380_firmware *
dell latitude_12_rugged_extreme_7214_firmware *
dell vostro_5310_firmware *
dell optiplex_3070_firmware *
dell chengming_3911_firmware *
dell latitude_9430_firmware *
dell latitude_7285_2-in-1_firmware *
dell precision_7530_firmware *
dell precision_5520_firmware *
dell latitude_7400_firmware *
dell wyse_5470_firmware *
dell vostro_5402_firmware *
dell vostro_3581_firmware *
dell latitude_7430_firmware *
dell alienware_m17_r3_firmware *
dell latitude_5591_firmware *
dell vostro_7500_firmware *
dell vostro_7590_firmware *
dell inspiron_3580_firmware *
dell inspiron_5490_firmware *
dell latitude_3390_2-in-1_firmware *
dell latitude_5420_rugged_firmware *
dell xps_8960_firmware *
dell latitude_5488_firmware *
dell latitude_3330_firmware *
dell vostro_3401_firmware *
dell latitude_5511_firmware *
dell precision_3530_firmware *
dell inspiron_3501_firmware *
dell g15_5510_firmware *
dell alienware_aurora_r13_firmware *
dell latitude_5590_firmware *
dell optiplex_5090_firmware *
dell optiplex_7050_firmware *
dell xps_13_7390_firmware *
dell inspiron_7391_firmware *
dell wyse_7040_thin_client_firmware *
dell vostro_3668_firmware *
dell inspiron_3511_firmware *
dell optiplex_7450_firmware *
dell inspiron_3584_firmware *
dell xps_8940_firmware *
dell inspiron_7500_firmware *
dell inspiron_15_5510_firmware *
dell optiplex_tower_plus_7010_firmware *
dell alienware_m15_r3_firmware *
dell vostro_3669_firmware *
dell inspiron_3481_firmware *
dell inspiron_5498_firmware *
dell inspiron_27_7720_all-in-one_firmware *
dell vostro_5490_firmware *
dell g15_5520_firmware *
dell inspiron_13_5330_firmware *
dell latitude_3310_firmware *
dell latitude_3301_firmware *
CVE-2023-28036

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L 0.8 4.2

Products Affected

Vendor Product Version
dell inspiron_5310_firmware *
dell inspiron_5591_2-in-1_firmware *
dell optiplex_3090_firmware *
dell xps_17_9730_firmware *
dell optiplex_7480_all-in-one_firmware *
dell inspiron_3593_firmware *
dell inspiron_24_5410_all-in-one_firmware *
dell inspiron_5593_firmware *
dell vostro_3710_firmware *
dell latitude_7414_rugged_extreme_firmware *
dell latitude_3410_firmware *
dell latitude_7390_2-in-1_firmware *
dell inspiron_5400_firmware *
dell latitude_7210_2-in-1_firmware *
dell precision_3520_firmware *
dell latitude_3520_firmware *
dell latitude_3580_firmware *
dell xps_15_9520_firmware *
dell inspiron_5409_firmware *
dell inspiron_3020_firmware *
dell inspiron_7700_all-in-one_firmware *
dell g7_15_7500_firmware *
dell latitude_7480_firmware *
dell xps_15_9530_firmware *
dell alienware_x14_firmware *
dell latitude_3490_firmware *
dell precision_3630_tower_firmware *
dell precision_7820_tower_firmware *
dell inspiron_7591_firmware *
dell optiplex_7490_all-in-one_firmware *
dell g5_15_5590_firmware *
dell latitude_9510_firmware *
dell optiplex_5060_firmware *
dell inspiron_7610_firmware *
dell g7_15_7590_firmware *
dell precision_3430_tower_firmware *
dell alienware_x15_r1_firmware *
dell optiplex_5260_all-in-one_firmware *
dell latitude_9410_firmware *
dell precision_3240_compact_firmware *
dell precision_5530_firmware *
dell vostro_3070_firmware *
dell inspiron_5300_firmware *
dell optiplex_3050_firmware *
dell alienware_m15_r6_firmware *
dell precision_3571_firmware *
dell latitude_5491_firmware *
dell vostro_5502_firmware *
dell precision_5760_firmware *
dell inspiron_3781_firmware *
dell precision_5820_tower_firmware *
dell inspiron_7510_firmware *
dell vostro_5501_firmware *
dell latitude_7389_firmware *
dell g3_3500_firmware *
dell inspiron_7420_firmware *
dell inspiron_16_7620_2-in-1_firmware *
dell vostro_3580_firmware *
dell inspiron_7500_2-in-1_black_firmware *
dell latitude_rugged_7220_firmware *
dell inspiron_3880_firmware *
dell inspiron_3482_firmware *
dell vostro_3400_firmware *
dell inspiron_7500_2-in-1_silver_firmware *
dell latitude_7380_firmware *
dell alienware_m17_r2_firmware *
dell latitude_rugged_7330_firmware *
dell xps_17_9710_firmware *
dell optiplex_3090_ultra_firmware *
dell precision_3551_firmware *
dell alienware_x15_r2_firmware *
dell xps_15_9510_firmware *
dell g3_3779_firmware *
dell alienware_m17_r4_firmware *
dell optiplex_7070_firmware *
dell precision_7740_firmware *
dell vostro_3890_firmware *
dell xps_15_9500_firmware *
dell precision_7560_firmware *
dell precision_7760_firmware *
dell vostro_3470_firmware *
dell inspiron_5493_firmware *
dell precision_3650_tower_firmware *
dell latitude_9520_firmware *
dell latitude_rugged_5430_firmware *
dell inspiron_7506_2-in-1_firmware *
dell wyse_5470_all-in-one_firmware *
dell precision_5530_2-in-1_firmware *
dell latitude_7300_firmware *
dell latitude_3320_firmware *
dell xps_13_9380_firmware *
dell precision_3420_tower_firmware *
dell vostro_5300_firmware *
dell inspiron_3790_firmware *
dell vostro_3670_firmware *
dell inspiron_3671_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell latitude_5320_firmware *
dell xps_17_9700_firmware *
dell latitude_5290_firmware *
dell latitude_rugged_7220ex_firmware *
dell precision_3560_firmware *
dell latitude_7320_detachable_firmware *
dell latitude_3510_firmware *
dell g15_5511_firmware *
dell inspiron_7306_2-in-1_firmware *
dell optiplex_7000_firmware *
dell xps_13_9315_firmware *
dell vostro_3020_t_firmware *
dell inspiron_3470_firmware *
dell vostro_5510_firmware *
dell latitude_14_rugged_5414_firmware *
dell inspiron_3582_firmware *
dell inspiron_7000_firmware *
dell vostro_3690_firmware *
dell latitude_5510_firmware *
dell vostro_3471_firmware *
dell xps_17_9720_firmware *
dell latitude_9420_firmware *
dell precision_3450_firmware *
dell latitude_7400_2-in-1_firmware *
dell optiplex_3000_thin_client_firmware *
dell latitude_7280_firmware *
dell latitude_7290_firmware *
dell latitude_5300_firmware *
dell inspiron_5420_firmware *
dell optiplex_3000_firmware *
dell precision_5560_firmware *
dell xps_13_9310_2-in-1_firmware *
dell inspiron_3583_firmware *
dell optiplex_7071_firmware *
dell inspiron_5481_2-in-1_firmware *
dell precision_5570_firmware *
dell optiplex_7780_all-in-one_firmware *
dell vostro_5491_firmware *
dell alienware_aurora_r15_firmware *
dell inspiron_3590_firmware *
dell vostro_3420_firmware *
dell vostro_3582_firmware *
dell precision_3431_tower_firmware *
dell latitude_5530_firmware *
dell latitude_7530_firmware *
dell vostro_5591_firmware *
dell inspiron_5502_firmware *
dell optiplex_5050_firmware *
dell vostro_3481_firmware *
dell vostro_3490_firmware *
dell alienware_m15_r4_firmware *
dell inspiron_5406_2-in-1_firmware *
dell latitude_5290_2-in-1_firmware *
dell precision_3440_firmware *
dell precision_7510_firmware *
dell chengming_3980_firmware *
dell inspiron_3280_firmware *
dell xps_13_9310_firmware *
dell xps_13_9320_firmware *
dell precision_7865_tower_firmware *
dell precision_7710_firmware *
dell latitude_5580_firmware *
dell latitude_3120_firmware *
dell latitude_7410_firmware *
dell xps_13_9315_2-in-1_firmware *
dell inspiron_5598_firmware *
dell latitude_3189_firmware *
dell inspiron_7791_firmware *
dell precision_3460_small_form_factor_firmware *
dell precision_5750_firmware *
dell vostro_3681_firmware *
dell vostro_5320_firmware *
dell inspiron_5491_2-in-1_firmware *
dell vostro_7620_firmware *
dell inspiron_15_3511_firmware *
dell latitude_9330_firmware *
dell optiplex_3080_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell latitude_3590_firmware *
dell g16_7620_firmware *
dell inspiron_5402_firmware *
dell precision_7520_firmware *
dell latitude_3400_firmware *
dell latitude_5531_firmware *
dell latitude_3180_firmware *
dell g5_15_5500_firmware *
dell vostro_5620_firmware *
dell latitude_5500_firmware *
dell latitude_5330_firmware *
dell inspiron_5391_firmware *
dell inspiron_5501_firmware *
dell optiplex_5000_firmware *
dell g7_17_7700_firmware *
dell wyse_5070_firmware *
dell inspiron_5594_firmware *
dell chengming_3990_firmware *
dell inspiron_5301_firmware *
dell alienware_x17_r2_firmware *
dell precision_3660_firmware *
dell vostro_3584_firmware *
dell inspiron_3881_firmware *
dell vostro_5090_firmware *
dell optiplex_7460_all-in-one_firmware *
dell alienware_aurora_r12_firmware *
dell g3_15_3590_firmware *
dell optiplex_7090_ultra_firmware *
dell inspiron_14_plus_7420_firmware *
dell inspiron_5570_firmware *
dell precision_3550_firmware *
dell vostro_5410_firmware *
dell inspiron_7300_2-in-1_firmware *
dell optiplex_3280_all-in-one_firmware *
dell optiplex_5480_all-in-one_firmware *
dell precision_5470_firmware *
dell latitude_3530_firmware *
dell latitude_7330_firmware *
dell precision_3930_rack_firmware *
dell xps_15_7590_firmware *
dell inspiron_3490_firmware *
dell optiplex_7760_all-in-one_firmware *
dell inspiron_15_5518_firmware *
dell g5_5000_firmware *
dell precision_7540_firmware *
dell latitude_5289_firmware *
dell chengming_3988_firmware *
dell latitude_5280_firmware *
dell inspiron_5410_firmware *
dell vostro_3510_firmware *
dell xps_13_9305_firmware *
dell optiplex_7770_all-in-one_firmware *
dell inspiron_5408_firmware *
dell inspiron_3502_firmware *
dell inspiron_7590_firmware *
dell inspiron_5620_firmware *
dell latitude_7490_firmware *
dell inspiron_3493_firmware *
dell alienware_m16_firmware *
dell latitude_3480_firmware *
dell latitude_3310_2-in-1_firmware *
dell vostro_3590_firmware *
dell inspiron_7710_firmware *
dell optiplex_5250_firmware *
dell inspiron_3510_firmware *
dell latitude_5410_firmware *
dell vostro_5391_firmware *
dell optiplex_7400_firmware *
dell optiplex_7410_all-in-one_firmware *
dell latitude_3430_firmware *
dell inspiron_5401_firmware *
dell optiplex_7470_all-in-one_firmware *
dell optiplex_3050_all-in-one_firmware *
dell alienware_m15_r2_firmware *
dell latitude_5411_firmware *
dell g5_5090_firmware *
dell optiplex_3060_firmware *
dell inspiron_3581_firmware *
dell optiplex_xe3_firmware *
dell precision_3570_firmware *
dell inspiron_5590_firmware *
dell precision_5540_firmware *
dell embedded_box_pc_5000_firmware *
dell precision_7730_firmware *
dell inspiron_7501_firmware *
dell vostro_7510_firmware *
dell latitude_5490_firmware *
dell precision_5720_aio_firmware *
dell latitude_5520_firmware *
dell precision_3561_firmware *
dell inspiron_5508_firmware *
dell vostro_3881_firmware *
dell inspiron_5509_firmware *
dell inspiron_16_7630_2-in-1_firmware *
dell latitude_5521_firmware *
dell vostro_5401_firmware *
dell inspiron_3020s_firmware *
dell vostro_3500_firmware *
dell vostro_3501_firmware *
dell optiplex_5080_firmware *
dell latitude_5420_firmware *
dell alienware_aurora_r11_firmware *
dell inspiron_7490_firmware *
dell inspiron_5400_2-in-1_firmware *
dell inspiron_14_5410_firmware *
dell inspiron_3891_firmware *
dell latitude_7200_2-in-1_firmware *
dell inspiron_3910_firmware *
dell inspiron_14_5430_firmware *
dell precision_3620_tower_firmware *
dell precision_7770_firmware *
dell latitude_5288_firmware *
dell latitude_3300_firmware *
dell vostro_3667_firmware *
dell inspiron_5494_firmware *
dell vostro_3020_sff_firmware *
dell optiplex_5070_firmware *
dell inspiron_3520_firmware *
dell inspiron_3480_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_7212_rugged_extreme_tablet_firmware *
dell latitude_5501_firmware *
dell vostro_3910_firmware *
dell inspiron_5320_firmware *
dell latitude_7390_firmware *
dell vostro_3520_firmware *
dell inspiron_16_5630_firmware *
dell inspiron_5490_aio_firmware *
dell inspiron_7300_firmware *
dell optiplex_7070_ultra_firmware *
dell optiplex_7080_firmware *
dell inspiron_7400_firmware *
dell inspiron_24_5420_all-in-one_firmware *
dell latitude_3420_firmware *
dell inspiron_5770_firmware *
dell inspiron_3793_firmware *
dell optiplex_7090_firmware *
dell inspiron_7790_firmware *
dell latitude_7230_rugged_extreme_tablet_firmware *
dell alienware_area_51m_r2_firmware *
dell latitude_3190_firmware *
dell chengming_3991_firmware *
dell xps_13_9300_firmware *
dell alienware_x17_r1_firmware *
dell latitude_5424_rugged_firmware *
dell precision_5550_firmware *
dell inspiron_7706_2-in-1_firmware *
dell latitude_5300_2-in-1_firmware *
dell vostro_5880_firmware *
dell alienware_m15_r7_firmware *
dell inspiron_5401_aio_firmware *
dell latitude_5400_firmware *
dell latitude_5310_firmware *
dell g7_17_7790_firmware *
dell optiplex_7060_firmware *
dell vostro_3268_firmware *
dell inspiron_14_5418_firmware *
dell vostro_3583_firmware *
dell precision_3540_firmware *
dell chengming_3900_firmware *
dell latitude_3140_firmware *
dell vostro_16_5630_firmware *
dell vostro_3480_firmware *
dell xps_8950_firmware *
dell optiplex_5270_all-in-one_firmware *
dell latitude_5430_firmware *
dell inspiron_5491_aio_firmware *
dell precision_7670_firmware *
dell inspiron_3782_firmware *
dell optiplex_small_form_factor_plus_7010_firmware *
dell precision_7920_tower_firmware *
dell inspiron_14_7430_2-in-1_firmware *
dell inspiron_3670_firmware *
dell chengming_3910_firmware *
dell latitude_5285_2-in-1_firmware *
dell inspiron_16_plus_7620_firmware *
dell inspiron_3471_firmware *
dell chengming_3901_firmware *
dell vostro_5301_firmware *
dell latitude_3190_2-in-1_firmware *
dell precision_3541_firmware *
dell precision_5770_firmware *
dell g3_3579_firmware *
dell latitude_5480_firmware *
dell precision_7720_firmware *
dell optiplex_5400_firmware *
dell latitude_3500_firmware *
dell vostro_3267_firmware *
dell inspiron_24_5421_all-in-one_firmware *
dell latitude_5421_firmware *
dell inspiron_3780_firmware *
dell vostro_3671_firmware *
dell vostro_5890_firmware *
dell xps_13_7390_2-in-1_firmware *
dell optiplex_7000_oem_firmware *
dell inspiron_3521_firmware *
dell precision_3640_tower_firmware *
dell xps_15_9575_2-in-1_firmware *
dell optiplex_5490_all-in-one_firmware *
dell latitude_7310_firmware *
dell vostro_5590_firmware *
dell g15_5530_firmware *
dell alienware_area_51m_r1_firmware *
dell latitude_13_3380_firmware *
dell latitude_12_rugged_extreme_7214_firmware *
dell vostro_5310_firmware *
dell optiplex_3070_firmware *
dell chengming_3911_firmware *
dell latitude_9430_firmware *
dell latitude_7285_2-in-1_firmware *
dell precision_7530_firmware *
dell precision_5520_firmware *
dell latitude_7400_firmware *
dell wyse_5470_firmware *
dell vostro_5402_firmware *
dell vostro_3581_firmware *
dell latitude_7430_firmware *
dell alienware_m17_r3_firmware *
dell latitude_5591_firmware *
dell vostro_7500_firmware *
dell vostro_7590_firmware *
dell inspiron_3580_firmware *
dell inspiron_5490_firmware *
dell latitude_3390_2-in-1_firmware *
dell latitude_5420_rugged_firmware *
dell xps_8960_firmware *
dell latitude_5488_firmware *
dell latitude_3330_firmware *
dell vostro_3401_firmware *
dell latitude_5511_firmware *
dell precision_3530_firmware *
dell inspiron_3501_firmware *
dell g15_5510_firmware *
dell alienware_aurora_r13_firmware *
dell latitude_5590_firmware *
dell optiplex_5090_firmware *
dell optiplex_7050_firmware *
dell xps_13_7390_firmware *
dell inspiron_7391_firmware *
dell wyse_7040_thin_client_firmware *
dell vostro_3668_firmware *
dell inspiron_3511_firmware *
dell optiplex_7450_firmware *
dell inspiron_3584_firmware *
dell xps_8940_firmware *
dell inspiron_7500_firmware *
dell inspiron_15_5510_firmware *
dell optiplex_tower_plus_7010_firmware *
dell alienware_m15_r3_firmware *
dell vostro_3669_firmware *
dell inspiron_3481_firmware *
dell inspiron_5498_firmware *
dell inspiron_27_7720_all-in-one_firmware *
dell vostro_5490_firmware *
dell g15_5520_firmware *
dell inspiron_13_5330_firmware *
dell latitude_3310_firmware *
dell latitude_3301_firmware *
CVE-2023-28039

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L 0.8 4.2

Products Affected

Vendor Product Version
dell inspiron_5310_firmware *
dell inspiron_5591_2-in-1_firmware *
dell optiplex_3090_firmware *
dell xps_17_9730_firmware *
dell optiplex_7480_all-in-one_firmware *
dell inspiron_3593_firmware *
dell inspiron_24_5410_all-in-one_firmware *
dell inspiron_5593_firmware *
dell vostro_3710_firmware *
dell latitude_7414_rugged_extreme_firmware *
dell latitude_3410_firmware *
dell latitude_7390_2-in-1_firmware *
dell inspiron_5400_firmware *
dell latitude_7210_2-in-1_firmware *
dell precision_3520_firmware *
dell latitude_3520_firmware *
dell latitude_3580_firmware *
dell xps_15_9520_firmware *
dell inspiron_5409_firmware *
dell inspiron_3020_firmware *
dell inspiron_7700_all-in-one_firmware *
dell g7_15_7500_firmware *
dell latitude_7480_firmware *
dell xps_15_9530_firmware *
dell alienware_x14_firmware *
dell latitude_3490_firmware *
dell precision_3630_tower_firmware *
dell precision_7820_tower_firmware *
dell inspiron_7591_firmware *
dell optiplex_7490_all-in-one_firmware *
dell g5_15_5590_firmware *
dell latitude_9510_firmware *
dell optiplex_5060_firmware *
dell inspiron_7610_firmware *
dell g7_15_7590_firmware *
dell precision_3430_tower_firmware *
dell alienware_x15_r1_firmware *
dell optiplex_5260_all-in-one_firmware *
dell latitude_9410_firmware *
dell precision_3240_compact_firmware *
dell precision_5530_firmware *
dell vostro_3070_firmware *
dell inspiron_5300_firmware *
dell optiplex_3050_firmware *
dell alienware_m15_r6_firmware *
dell precision_3571_firmware *
dell latitude_5491_firmware *
dell vostro_5502_firmware *
dell precision_5760_firmware *
dell inspiron_3781_firmware *
dell precision_5820_tower_firmware *
dell inspiron_7510_firmware *
dell vostro_5501_firmware *
dell latitude_7389_firmware *
dell g3_3500_firmware *
dell inspiron_7420_firmware *
dell inspiron_16_7620_2-in-1_firmware *
dell vostro_3580_firmware *
dell inspiron_7500_2-in-1_black_firmware *
dell latitude_rugged_7220_firmware *
dell inspiron_3880_firmware *
dell inspiron_3482_firmware *
dell vostro_3400_firmware *
dell inspiron_7500_2-in-1_silver_firmware *
dell latitude_7380_firmware *
dell alienware_m17_r2_firmware *
dell latitude_rugged_7330_firmware *
dell xps_17_9710_firmware *
dell optiplex_3090_ultra_firmware *
dell precision_3551_firmware *
dell alienware_x15_r2_firmware *
dell xps_15_9510_firmware *
dell g3_3779_firmware *
dell alienware_m17_r4_firmware *
dell optiplex_7070_firmware *
dell precision_7740_firmware *
dell vostro_3890_firmware *
dell xps_15_9500_firmware *
dell precision_7560_firmware *
dell precision_7760_firmware *
dell vostro_3470_firmware *
dell inspiron_5493_firmware *
dell precision_3650_tower_firmware *
dell latitude_9520_firmware *
dell latitude_rugged_5430_firmware *
dell inspiron_7506_2-in-1_firmware *
dell wyse_5470_all-in-one_firmware *
dell precision_5530_2-in-1_firmware *
dell latitude_7300_firmware *
dell latitude_3320_firmware *
dell xps_13_9380_firmware *
dell precision_3420_tower_firmware *
dell vostro_5300_firmware *
dell inspiron_3790_firmware *
dell vostro_3670_firmware *
dell inspiron_3671_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell latitude_5320_firmware *
dell xps_17_9700_firmware *
dell latitude_5290_firmware *
dell latitude_rugged_7220ex_firmware *
dell precision_3560_firmware *
dell latitude_7320_detachable_firmware *
dell latitude_3510_firmware *
dell g15_5511_firmware *
dell inspiron_7306_2-in-1_firmware *
dell optiplex_7000_firmware *
dell xps_13_9315_firmware *
dell vostro_3020_t_firmware *
dell inspiron_3470_firmware *
dell vostro_5510_firmware *
dell latitude_14_rugged_5414_firmware *
dell inspiron_3582_firmware *
dell inspiron_7000_firmware *
dell vostro_3690_firmware *
dell latitude_5510_firmware *
dell vostro_3471_firmware *
dell xps_17_9720_firmware *
dell latitude_9420_firmware *
dell precision_3450_firmware *
dell latitude_7400_2-in-1_firmware *
dell optiplex_3000_thin_client_firmware *
dell latitude_7280_firmware *
dell latitude_7290_firmware *
dell latitude_5300_firmware *
dell inspiron_5420_firmware *
dell optiplex_3000_firmware *
dell precision_5560_firmware *
dell xps_13_9310_2-in-1_firmware *
dell inspiron_3583_firmware *
dell optiplex_7071_firmware *
dell inspiron_5481_2-in-1_firmware *
dell precision_5570_firmware *
dell optiplex_7780_all-in-one_firmware *
dell vostro_5491_firmware *
dell alienware_aurora_r15_firmware *
dell inspiron_3590_firmware *
dell vostro_3420_firmware *
dell vostro_3582_firmware *
dell precision_3431_tower_firmware *
dell latitude_5530_firmware *
dell latitude_7530_firmware *
dell vostro_5591_firmware *
dell inspiron_5502_firmware *
dell optiplex_5050_firmware *
dell vostro_3481_firmware *
dell vostro_3490_firmware *
dell alienware_m15_r4_firmware *
dell inspiron_5406_2-in-1_firmware *
dell latitude_5290_2-in-1_firmware *
dell precision_3440_firmware *
dell precision_7510_firmware *
dell chengming_3980_firmware *
dell inspiron_3280_firmware *
dell xps_13_9310_firmware *
dell xps_13_9320_firmware *
dell precision_7865_tower_firmware *
dell precision_7710_firmware *
dell latitude_5580_firmware *
dell latitude_3120_firmware *
dell latitude_7410_firmware *
dell xps_13_9315_2-in-1_firmware *
dell inspiron_5598_firmware *
dell latitude_3189_firmware *
dell inspiron_7791_firmware *
dell precision_3460_small_form_factor_firmware *
dell precision_5750_firmware *
dell vostro_3681_firmware *
dell vostro_5320_firmware *
dell inspiron_5491_2-in-1_firmware *
dell vostro_7620_firmware *
dell inspiron_15_3511_firmware *
dell latitude_9330_firmware *
dell optiplex_3080_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell latitude_3590_firmware *
dell g16_7620_firmware *
dell inspiron_5402_firmware *
dell precision_7520_firmware *
dell latitude_3400_firmware *
dell latitude_5531_firmware *
dell latitude_3180_firmware *
dell g5_15_5500_firmware *
dell vostro_5620_firmware *
dell latitude_5500_firmware *
dell latitude_5330_firmware *
dell inspiron_5391_firmware *
dell inspiron_5501_firmware *
dell optiplex_5000_firmware *
dell g7_17_7700_firmware *
dell wyse_5070_firmware *
dell inspiron_5594_firmware *
dell chengming_3990_firmware *
dell inspiron_5301_firmware *
dell alienware_x17_r2_firmware *
dell precision_3660_firmware *
dell vostro_3584_firmware *
dell inspiron_3881_firmware *
dell vostro_5090_firmware *
dell optiplex_7460_all-in-one_firmware *
dell alienware_aurora_r12_firmware *
dell g3_15_3590_firmware *
dell optiplex_7090_ultra_firmware *
dell inspiron_14_plus_7420_firmware *
dell inspiron_5570_firmware *
dell precision_3550_firmware *
dell vostro_5410_firmware *
dell inspiron_7300_2-in-1_firmware *
dell optiplex_3280_all-in-one_firmware *
dell optiplex_5480_all-in-one_firmware *
dell precision_5470_firmware *
dell latitude_3530_firmware *
dell latitude_7330_firmware *
dell precision_3930_rack_firmware *
dell xps_15_7590_firmware *
dell inspiron_3490_firmware *
dell optiplex_7760_all-in-one_firmware *
dell inspiron_15_5518_firmware *
dell g5_5000_firmware *
dell precision_7540_firmware *
dell latitude_5289_firmware *
dell chengming_3988_firmware *
dell latitude_5280_firmware *
dell inspiron_5410_firmware *
dell vostro_3510_firmware *
dell xps_13_9305_firmware *
dell optiplex_7770_all-in-one_firmware *
dell inspiron_5408_firmware *
dell inspiron_3502_firmware *
dell inspiron_7590_firmware *
dell inspiron_5620_firmware *
dell latitude_7490_firmware *
dell inspiron_3493_firmware *
dell alienware_m16_firmware *
dell latitude_3480_firmware *
dell latitude_3310_2-in-1_firmware *
dell vostro_3590_firmware *
dell inspiron_7710_firmware *
dell optiplex_5250_firmware *
dell inspiron_3510_firmware *
dell latitude_5410_firmware *
dell vostro_5391_firmware *
dell optiplex_7400_firmware *
dell optiplex_7410_all-in-one_firmware *
dell latitude_3430_firmware *
dell inspiron_5401_firmware *
dell optiplex_7470_all-in-one_firmware *
dell optiplex_3050_all-in-one_firmware *
dell alienware_m15_r2_firmware *
dell latitude_5411_firmware *
dell g5_5090_firmware *
dell optiplex_3060_firmware *
dell inspiron_3581_firmware *
dell optiplex_xe3_firmware *
dell precision_3570_firmware *
dell inspiron_5590_firmware *
dell precision_5540_firmware *
dell embedded_box_pc_5000_firmware *
dell precision_7730_firmware *
dell inspiron_7501_firmware *
dell vostro_7510_firmware *
dell latitude_5490_firmware *
dell precision_5720_aio_firmware *
dell latitude_5520_firmware *
dell precision_3561_firmware *
dell inspiron_5508_firmware *
dell vostro_3881_firmware *
dell inspiron_5509_firmware *
dell inspiron_16_7630_2-in-1_firmware *
dell latitude_5521_firmware *
dell vostro_5401_firmware *
dell inspiron_3020s_firmware *
dell vostro_3500_firmware *
dell vostro_3501_firmware *
dell optiplex_5080_firmware *
dell latitude_5420_firmware *
dell alienware_aurora_r11_firmware *
dell inspiron_7490_firmware *
dell inspiron_5400_2-in-1_firmware *
dell inspiron_14_5410_firmware *
dell inspiron_3891_firmware *
dell latitude_7200_2-in-1_firmware *
dell inspiron_3910_firmware *
dell inspiron_14_5430_firmware *
dell precision_3620_tower_firmware *
dell precision_7770_firmware *
dell latitude_5288_firmware *
dell latitude_3300_firmware *
dell vostro_3667_firmware *
dell inspiron_5494_firmware *
dell vostro_3020_sff_firmware *
dell optiplex_5070_firmware *
dell inspiron_3520_firmware *
dell inspiron_3480_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_7212_rugged_extreme_tablet_firmware *
dell latitude_5501_firmware *
dell vostro_3910_firmware *
dell inspiron_5320_firmware *
dell latitude_7390_firmware *
dell vostro_3520_firmware *
dell inspiron_16_5630_firmware *
dell inspiron_5490_aio_firmware *
dell inspiron_7300_firmware *
dell optiplex_7070_ultra_firmware *
dell optiplex_7080_firmware *
dell inspiron_7400_firmware *
dell inspiron_24_5420_all-in-one_firmware *
dell latitude_3420_firmware *
dell inspiron_5770_firmware *
dell inspiron_3793_firmware *
dell optiplex_7090_firmware *
dell inspiron_7790_firmware *
dell latitude_7230_rugged_extreme_tablet_firmware *
dell alienware_area_51m_r2_firmware *
dell latitude_3190_firmware *
dell chengming_3991_firmware *
dell xps_13_9300_firmware *
dell alienware_x17_r1_firmware *
dell latitude_5424_rugged_firmware *
dell precision_5550_firmware *
dell inspiron_7706_2-in-1_firmware *
dell latitude_5300_2-in-1_firmware *
dell vostro_5880_firmware *
dell alienware_m15_r7_firmware *
dell inspiron_5401_aio_firmware *
dell latitude_5400_firmware *
dell latitude_5310_firmware *
dell g7_17_7790_firmware *
dell optiplex_7060_firmware *
dell vostro_3268_firmware *
dell inspiron_14_5418_firmware *
dell vostro_3583_firmware *
dell precision_3540_firmware *
dell chengming_3900_firmware *
dell latitude_3140_firmware *
dell vostro_16_5630_firmware *
dell vostro_3480_firmware *
dell xps_8950_firmware *
dell optiplex_5270_all-in-one_firmware *
dell latitude_5430_firmware *
dell inspiron_5491_aio_firmware *
dell precision_7670_firmware *
dell inspiron_3782_firmware *
dell optiplex_small_form_factor_plus_7010_firmware *
dell precision_7920_tower_firmware *
dell inspiron_14_7430_2-in-1_firmware *
dell inspiron_3670_firmware *
dell chengming_3910_firmware *
dell latitude_5285_2-in-1_firmware *
dell inspiron_16_plus_7620_firmware *
dell inspiron_3471_firmware *
dell chengming_3901_firmware *
dell vostro_5301_firmware *
dell latitude_3190_2-in-1_firmware *
dell precision_3541_firmware *
dell precision_5770_firmware *
dell g3_3579_firmware *
dell latitude_5480_firmware *
dell precision_7720_firmware *
dell optiplex_5400_firmware *
dell latitude_3500_firmware *
dell vostro_3267_firmware *
dell inspiron_24_5421_all-in-one_firmware *
dell latitude_5421_firmware *
dell inspiron_3780_firmware *
dell vostro_3671_firmware *
dell vostro_5890_firmware *
dell xps_13_7390_2-in-1_firmware *
dell optiplex_7000_oem_firmware *
dell inspiron_3521_firmware *
dell precision_3640_tower_firmware *
dell xps_15_9575_2-in-1_firmware *
dell optiplex_5490_all-in-one_firmware *
dell latitude_7310_firmware *
dell vostro_5590_firmware *
dell g15_5530_firmware *
dell alienware_area_51m_r1_firmware *
dell latitude_13_3380_firmware *
dell latitude_12_rugged_extreme_7214_firmware *
dell vostro_5310_firmware *
dell optiplex_3070_firmware *
dell chengming_3911_firmware *
dell latitude_9430_firmware *
dell latitude_7285_2-in-1_firmware *
dell precision_7530_firmware *
dell precision_5520_firmware *
dell latitude_7400_firmware *
dell wyse_5470_firmware *
dell vostro_5402_firmware *
dell vostro_3581_firmware *
dell latitude_7430_firmware *
dell alienware_m17_r3_firmware *
dell latitude_5591_firmware *
dell vostro_7500_firmware *
dell vostro_7590_firmware *
dell inspiron_3580_firmware *
dell inspiron_5490_firmware *
dell latitude_3390_2-in-1_firmware *
dell latitude_5420_rugged_firmware *
dell xps_8960_firmware *
dell latitude_5488_firmware *
dell latitude_3330_firmware *
dell vostro_3401_firmware *
dell latitude_5511_firmware *
dell precision_3530_firmware *
dell inspiron_3501_firmware *
dell g15_5510_firmware *
dell alienware_aurora_r13_firmware *
dell latitude_5590_firmware *
dell optiplex_5090_firmware *
dell optiplex_7050_firmware *
dell xps_13_7390_firmware *
dell inspiron_7391_firmware *
dell wyse_7040_thin_client_firmware *
dell vostro_3668_firmware *
dell inspiron_3511_firmware *
dell optiplex_7450_firmware *
dell inspiron_3584_firmware *
dell xps_8940_firmware *
dell inspiron_7500_firmware *
dell inspiron_15_5510_firmware *
dell optiplex_tower_plus_7010_firmware *
dell alienware_m15_r3_firmware *
dell vostro_3669_firmware *
dell inspiron_3481_firmware *
dell inspiron_5498_firmware *
dell inspiron_27_7720_all-in-one_firmware *
dell vostro_5490_firmware *
dell g15_5520_firmware *
dell inspiron_13_5330_firmware *
dell latitude_3310_firmware *
dell latitude_3301_firmware *
CVE-2023-28040

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L 0.8 4.2

Products Affected

Vendor Product Version
dell inspiron_5310_firmware *
dell inspiron_5591_2-in-1_firmware *
dell optiplex_3090_firmware *
dell xps_17_9730_firmware *
dell optiplex_7480_all-in-one_firmware *
dell inspiron_3593_firmware *
dell inspiron_24_5410_all-in-one_firmware *
dell inspiron_5593_firmware *
dell vostro_3710_firmware *
dell latitude_7414_rugged_extreme_firmware *
dell latitude_3410_firmware *
dell latitude_7390_2-in-1_firmware *
dell inspiron_5400_firmware *
dell latitude_7210_2-in-1_firmware *
dell precision_3520_firmware *
dell latitude_3520_firmware *
dell latitude_3580_firmware *
dell xps_15_9520_firmware *
dell inspiron_5409_firmware *
dell inspiron_3020_firmware *
dell inspiron_7700_all-in-one_firmware *
dell g7_15_7500_firmware *
dell latitude_7480_firmware *
dell xps_15_9530_firmware *
dell alienware_x14_firmware *
dell latitude_3490_firmware *
dell precision_3630_tower_firmware *
dell precision_7820_tower_firmware *
dell inspiron_7591_firmware *
dell optiplex_7490_all-in-one_firmware *
dell g5_15_5590_firmware *
dell latitude_9510_firmware *
dell optiplex_5060_firmware *
dell inspiron_7610_firmware *
dell g7_15_7590_firmware *
dell precision_3430_tower_firmware *
dell alienware_x15_r1_firmware *
dell optiplex_5260_all-in-one_firmware *
dell latitude_9410_firmware *
dell precision_3240_compact_firmware *
dell precision_5530_firmware *
dell vostro_3070_firmware *
dell inspiron_5300_firmware *
dell optiplex_3050_firmware *
dell alienware_m15_r6_firmware *
dell precision_3571_firmware *
dell latitude_5491_firmware *
dell vostro_5502_firmware *
dell precision_5760_firmware *
dell inspiron_3781_firmware *
dell precision_5820_tower_firmware *
dell inspiron_7510_firmware *
dell vostro_5501_firmware *
dell latitude_7389_firmware *
dell g3_3500_firmware *
dell inspiron_7420_firmware *
dell inspiron_16_7620_2-in-1_firmware *
dell vostro_3580_firmware *
dell inspiron_7500_2-in-1_black_firmware *
dell latitude_rugged_7220_firmware *
dell inspiron_3880_firmware *
dell inspiron_3482_firmware *
dell vostro_3400_firmware *
dell inspiron_7500_2-in-1_silver_firmware *
dell latitude_7380_firmware *
dell alienware_m17_r2_firmware *
dell latitude_rugged_7330_firmware *
dell xps_17_9710_firmware *
dell optiplex_3090_ultra_firmware *
dell precision_3551_firmware *
dell alienware_x15_r2_firmware *
dell xps_15_9510_firmware *
dell g3_3779_firmware *
dell alienware_m17_r4_firmware *
dell optiplex_7070_firmware *
dell precision_7740_firmware *
dell vostro_3890_firmware *
dell xps_15_9500_firmware *
dell precision_7560_firmware *
dell precision_7760_firmware *
dell vostro_3470_firmware *
dell inspiron_5493_firmware *
dell precision_3650_tower_firmware *
dell latitude_9520_firmware *
dell latitude_rugged_5430_firmware *
dell inspiron_7506_2-in-1_firmware *
dell wyse_5470_all-in-one_firmware *
dell precision_5530_2-in-1_firmware *
dell latitude_7300_firmware *
dell latitude_3320_firmware *
dell xps_13_9380_firmware *
dell precision_3420_tower_firmware *
dell vostro_5300_firmware *
dell inspiron_3790_firmware *
dell vostro_3670_firmware *
dell inspiron_3671_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell latitude_5320_firmware *
dell xps_17_9700_firmware *
dell latitude_5290_firmware *
dell latitude_rugged_7220ex_firmware *
dell precision_3560_firmware *
dell latitude_7320_detachable_firmware *
dell latitude_3510_firmware *
dell g15_5511_firmware *
dell inspiron_7306_2-in-1_firmware *
dell optiplex_7000_firmware *
dell xps_13_9315_firmware *
dell vostro_3020_t_firmware *
dell inspiron_3470_firmware *
dell vostro_5510_firmware *
dell latitude_14_rugged_5414_firmware *
dell inspiron_3582_firmware *
dell inspiron_7000_firmware *
dell vostro_3690_firmware *
dell latitude_5510_firmware *
dell vostro_3471_firmware *
dell xps_17_9720_firmware *
dell latitude_9420_firmware *
dell precision_3450_firmware *
dell latitude_7400_2-in-1_firmware *
dell optiplex_3000_thin_client_firmware *
dell latitude_7280_firmware *
dell latitude_7290_firmware *
dell latitude_5300_firmware *
dell inspiron_5420_firmware *
dell optiplex_3000_firmware *
dell precision_5560_firmware *
dell xps_13_9310_2-in-1_firmware *
dell inspiron_3583_firmware *
dell optiplex_7071_firmware *
dell inspiron_5481_2-in-1_firmware *
dell precision_5570_firmware *
dell optiplex_7780_all-in-one_firmware *
dell vostro_5491_firmware *
dell alienware_aurora_r15_firmware *
dell inspiron_3590_firmware *
dell vostro_3420_firmware *
dell vostro_3582_firmware *
dell precision_3431_tower_firmware *
dell latitude_5530_firmware *
dell latitude_7530_firmware *
dell vostro_5591_firmware *
dell inspiron_5502_firmware *
dell optiplex_5050_firmware *
dell vostro_3481_firmware *
dell vostro_3490_firmware *
dell alienware_m15_r4_firmware *
dell inspiron_5406_2-in-1_firmware *
dell latitude_5290_2-in-1_firmware *
dell precision_3440_firmware *
dell precision_7510_firmware *
dell chengming_3980_firmware *
dell inspiron_3280_firmware *
dell xps_13_9310_firmware *
dell xps_13_9320_firmware *
dell precision_7865_tower_firmware *
dell precision_7710_firmware *
dell latitude_5580_firmware *
dell latitude_3120_firmware *
dell latitude_7410_firmware *
dell xps_13_9315_2-in-1_firmware *
dell inspiron_5598_firmware *
dell latitude_3189_firmware *
dell inspiron_7791_firmware *
dell precision_3460_small_form_factor_firmware *
dell precision_5750_firmware *
dell vostro_3681_firmware *
dell vostro_5320_firmware *
dell inspiron_5491_2-in-1_firmware *
dell vostro_7620_firmware *
dell inspiron_15_3511_firmware *
dell latitude_9330_firmware *
dell optiplex_3080_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell latitude_3590_firmware *
dell g16_7620_firmware *
dell inspiron_5402_firmware *
dell precision_7520_firmware *
dell latitude_3400_firmware *
dell latitude_5531_firmware *
dell latitude_3180_firmware *
dell g5_15_5500_firmware *
dell vostro_5620_firmware *
dell latitude_5500_firmware *
dell latitude_5330_firmware *
dell inspiron_5391_firmware *
dell inspiron_5501_firmware *
dell optiplex_5000_firmware *
dell g7_17_7700_firmware *
dell wyse_5070_firmware *
dell inspiron_5594_firmware *
dell chengming_3990_firmware *
dell inspiron_5301_firmware *
dell alienware_x17_r2_firmware *
dell precision_3660_firmware *
dell vostro_3584_firmware *
dell inspiron_3881_firmware *
dell vostro_5090_firmware *
dell optiplex_7460_all-in-one_firmware *
dell alienware_aurora_r12_firmware *
dell g3_15_3590_firmware *
dell optiplex_7090_ultra_firmware *
dell inspiron_14_plus_7420_firmware *
dell inspiron_5570_firmware *
dell precision_3550_firmware *
dell vostro_5410_firmware *
dell inspiron_7300_2-in-1_firmware *
dell optiplex_3280_all-in-one_firmware *
dell optiplex_5480_all-in-one_firmware *
dell precision_5470_firmware *
dell latitude_3530_firmware *
dell latitude_7330_firmware *
dell precision_3930_rack_firmware *
dell xps_15_7590_firmware *
dell inspiron_3490_firmware *
dell optiplex_7760_all-in-one_firmware *
dell inspiron_15_5518_firmware *
dell g5_5000_firmware *
dell precision_7540_firmware *
dell latitude_5289_firmware *
dell chengming_3988_firmware *
dell latitude_5280_firmware *
dell inspiron_5410_firmware *
dell vostro_3510_firmware *
dell xps_13_9305_firmware *
dell optiplex_7770_all-in-one_firmware *
dell inspiron_5408_firmware *
dell inspiron_3502_firmware *
dell inspiron_7590_firmware *
dell inspiron_5620_firmware *
dell latitude_7490_firmware *
dell inspiron_3493_firmware *
dell alienware_m16_firmware *
dell latitude_3480_firmware *
dell latitude_3310_2-in-1_firmware *
dell vostro_3590_firmware *
dell inspiron_7710_firmware *
dell optiplex_5250_firmware *
dell inspiron_3510_firmware *
dell latitude_5410_firmware *
dell vostro_5391_firmware *
dell optiplex_7400_firmware *
dell optiplex_7410_all-in-one_firmware *
dell latitude_3430_firmware *
dell inspiron_5401_firmware *
dell optiplex_7470_all-in-one_firmware *
dell optiplex_3050_all-in-one_firmware *
dell alienware_m15_r2_firmware *
dell latitude_5411_firmware *
dell g5_5090_firmware *
dell optiplex_3060_firmware *
dell inspiron_3581_firmware *
dell optiplex_xe3_firmware *
dell precision_3570_firmware *
dell inspiron_5590_firmware *
dell precision_5540_firmware *
dell embedded_box_pc_5000_firmware *
dell precision_7730_firmware *
dell inspiron_7501_firmware *
dell vostro_7510_firmware *
dell latitude_5490_firmware *
dell precision_5720_aio_firmware *
dell latitude_5520_firmware *
dell precision_3561_firmware *
dell inspiron_5508_firmware *
dell vostro_3881_firmware *
dell inspiron_5509_firmware *
dell inspiron_16_7630_2-in-1_firmware *
dell latitude_5521_firmware *
dell vostro_5401_firmware *
dell inspiron_3020s_firmware *
dell vostro_3500_firmware *
dell vostro_3501_firmware *
dell optiplex_5080_firmware *
dell latitude_5420_firmware *
dell alienware_aurora_r11_firmware *
dell inspiron_7490_firmware *
dell inspiron_5400_2-in-1_firmware *
dell inspiron_14_5410_firmware *
dell inspiron_3891_firmware *
dell latitude_7200_2-in-1_firmware *
dell inspiron_3910_firmware *
dell inspiron_14_5430_firmware *
dell precision_3620_tower_firmware *
dell precision_7770_firmware *
dell latitude_5288_firmware *
dell latitude_3300_firmware *
dell vostro_3667_firmware *
dell inspiron_5494_firmware *
dell vostro_3020_sff_firmware *
dell optiplex_5070_firmware *
dell inspiron_3520_firmware *
dell inspiron_3480_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_7212_rugged_extreme_tablet_firmware *
dell latitude_5501_firmware *
dell vostro_3910_firmware *
dell inspiron_5320_firmware *
dell latitude_7390_firmware *
dell vostro_3520_firmware *
dell inspiron_16_5630_firmware *
dell inspiron_5490_aio_firmware *
dell inspiron_7300_firmware *
dell optiplex_7070_ultra_firmware *
dell optiplex_7080_firmware *
dell inspiron_7400_firmware *
dell inspiron_24_5420_all-in-one_firmware *
dell latitude_3420_firmware *
dell inspiron_5770_firmware *
dell inspiron_3793_firmware *
dell optiplex_7090_firmware *
dell inspiron_7790_firmware *
dell latitude_7230_rugged_extreme_tablet_firmware *
dell alienware_area_51m_r2_firmware *
dell latitude_3190_firmware *
dell chengming_3991_firmware *
dell xps_13_9300_firmware *
dell alienware_x17_r1_firmware *
dell latitude_5424_rugged_firmware *
dell precision_5550_firmware *
dell inspiron_7706_2-in-1_firmware *
dell latitude_5300_2-in-1_firmware *
dell vostro_5880_firmware *
dell alienware_m15_r7_firmware *
dell inspiron_5401_aio_firmware *
dell latitude_5400_firmware *
dell latitude_5310_firmware *
dell g7_17_7790_firmware *
dell optiplex_7060_firmware *
dell vostro_3268_firmware *
dell inspiron_14_5418_firmware *
dell vostro_3583_firmware *
dell precision_3540_firmware *
dell chengming_3900_firmware *
dell latitude_3140_firmware *
dell vostro_16_5630_firmware *
dell vostro_3480_firmware *
dell xps_8950_firmware *
dell optiplex_5270_all-in-one_firmware *
dell latitude_5430_firmware *
dell inspiron_5491_aio_firmware *
dell precision_7670_firmware *
dell inspiron_3782_firmware *
dell optiplex_small_form_factor_plus_7010_firmware *
dell precision_7920_tower_firmware *
dell inspiron_14_7430_2-in-1_firmware *
dell inspiron_3670_firmware *
dell chengming_3910_firmware *
dell latitude_5285_2-in-1_firmware *
dell inspiron_16_plus_7620_firmware *
dell inspiron_3471_firmware *
dell chengming_3901_firmware *
dell vostro_5301_firmware *
dell latitude_3190_2-in-1_firmware *
dell precision_3541_firmware *
dell precision_5770_firmware *
dell g3_3579_firmware *
dell latitude_5480_firmware *
dell precision_7720_firmware *
dell optiplex_5400_firmware *
dell latitude_3500_firmware *
dell vostro_3267_firmware *
dell inspiron_24_5421_all-in-one_firmware *
dell latitude_5421_firmware *
dell inspiron_3780_firmware *
dell vostro_3671_firmware *
dell vostro_5890_firmware *
dell xps_13_7390_2-in-1_firmware *
dell optiplex_7000_oem_firmware *
dell inspiron_3521_firmware *
dell precision_3640_tower_firmware *
dell xps_15_9575_2-in-1_firmware *
dell optiplex_5490_all-in-one_firmware *
dell latitude_7310_firmware *
dell vostro_5590_firmware *
dell g15_5530_firmware *
dell alienware_area_51m_r1_firmware *
dell latitude_13_3380_firmware *
dell latitude_12_rugged_extreme_7214_firmware *
dell vostro_5310_firmware *
dell optiplex_3070_firmware *
dell chengming_3911_firmware *
dell latitude_9430_firmware *
dell latitude_7285_2-in-1_firmware *
dell precision_7530_firmware *
dell precision_5520_firmware *
dell latitude_7400_firmware *
dell wyse_5470_firmware *
dell vostro_5402_firmware *
dell vostro_3581_firmware *
dell latitude_7430_firmware *
dell alienware_m17_r3_firmware *
dell latitude_5591_firmware *
dell vostro_7500_firmware *
dell vostro_7590_firmware *
dell inspiron_3580_firmware *
dell inspiron_5490_firmware *
dell latitude_3390_2-in-1_firmware *
dell latitude_5420_rugged_firmware *
dell xps_8960_firmware *
dell latitude_5488_firmware *
dell latitude_3330_firmware *
dell vostro_3401_firmware *
dell latitude_5511_firmware *
dell precision_3530_firmware *
dell inspiron_3501_firmware *
dell g15_5510_firmware *
dell alienware_aurora_r13_firmware *
dell latitude_5590_firmware *
dell optiplex_5090_firmware *
dell optiplex_7050_firmware *
dell xps_13_7390_firmware *
dell inspiron_7391_firmware *
dell wyse_7040_thin_client_firmware *
dell vostro_3668_firmware *
dell inspiron_3511_firmware *
dell optiplex_7450_firmware *
dell inspiron_3584_firmware *
dell xps_8940_firmware *
dell inspiron_7500_firmware *
dell inspiron_15_5510_firmware *
dell optiplex_tower_plus_7010_firmware *
dell alienware_m15_r3_firmware *
dell vostro_3669_firmware *
dell inspiron_3481_firmware *
dell inspiron_5498_firmware *
dell inspiron_27_7720_all-in-one_firmware *
dell vostro_5490_firmware *
dell g15_5520_firmware *
dell inspiron_13_5330_firmware *
dell latitude_3310_firmware *
dell latitude_3301_firmware *
CVE-2023-28041

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L 0.8 4.2

Products Affected

Vendor Product Version
dell inspiron_5310_firmware *
dell inspiron_5591_2-in-1_firmware *
dell optiplex_3090_firmware *
dell xps_17_9730_firmware *
dell optiplex_7480_all-in-one_firmware *
dell inspiron_3593_firmware *
dell inspiron_24_5410_all-in-one_firmware *
dell inspiron_5593_firmware *
dell vostro_3710_firmware *
dell latitude_7414_rugged_extreme_firmware *
dell latitude_3410_firmware *
dell latitude_7390_2-in-1_firmware *
dell inspiron_5400_firmware *
dell latitude_7210_2-in-1_firmware *
dell precision_3520_firmware *
dell latitude_3520_firmware *
dell latitude_3580_firmware *
dell xps_15_9520_firmware *
dell inspiron_5409_firmware *
dell inspiron_3020_firmware *
dell inspiron_7700_all-in-one_firmware *
dell g7_15_7500_firmware *
dell latitude_7480_firmware *
dell xps_15_9530_firmware *
dell alienware_x14_firmware *
dell latitude_3490_firmware *
dell precision_3630_tower_firmware *
dell precision_7820_tower_firmware *
dell inspiron_7591_firmware *
dell optiplex_7490_all-in-one_firmware *
dell g5_15_5590_firmware *
dell latitude_9510_firmware *
dell optiplex_5060_firmware *
dell inspiron_7610_firmware *
dell g7_15_7590_firmware *
dell precision_3430_tower_firmware *
dell alienware_x15_r1_firmware *
dell optiplex_5260_all-in-one_firmware *
dell latitude_9410_firmware *
dell precision_3240_compact_firmware *
dell precision_5530_firmware *
dell vostro_3070_firmware *
dell inspiron_5300_firmware *
dell optiplex_3050_firmware *
dell alienware_m15_r6_firmware *
dell precision_3571_firmware *
dell latitude_5491_firmware *
dell vostro_5502_firmware *
dell precision_5760_firmware *
dell inspiron_3781_firmware *
dell precision_5820_tower_firmware *
dell inspiron_7510_firmware *
dell vostro_5501_firmware *
dell latitude_7389_firmware *
dell g3_3500_firmware *
dell inspiron_7420_firmware *
dell inspiron_16_7620_2-in-1_firmware *
dell vostro_3580_firmware *
dell inspiron_7500_2-in-1_black_firmware *
dell latitude_rugged_7220_firmware *
dell inspiron_3880_firmware *
dell inspiron_3482_firmware *
dell vostro_3400_firmware *
dell inspiron_7500_2-in-1_silver_firmware *
dell latitude_7380_firmware *
dell alienware_m17_r2_firmware *
dell latitude_rugged_7330_firmware *
dell xps_17_9710_firmware *
dell optiplex_3090_ultra_firmware *
dell precision_3551_firmware *
dell alienware_x15_r2_firmware *
dell xps_15_9510_firmware *
dell g3_3779_firmware *
dell alienware_m17_r4_firmware *
dell optiplex_7070_firmware *
dell precision_7740_firmware *
dell vostro_3890_firmware *
dell xps_15_9500_firmware *
dell precision_7560_firmware *
dell precision_7760_firmware *
dell vostro_3470_firmware *
dell inspiron_5493_firmware *
dell precision_3650_tower_firmware *
dell latitude_9520_firmware *
dell latitude_rugged_5430_firmware *
dell inspiron_7506_2-in-1_firmware *
dell wyse_5470_all-in-one_firmware *
dell precision_5530_2-in-1_firmware *
dell latitude_7300_firmware *
dell latitude_3320_firmware *
dell xps_13_9380_firmware *
dell precision_3420_tower_firmware *
dell vostro_5300_firmware *
dell inspiron_3790_firmware *
dell vostro_3670_firmware *
dell inspiron_3671_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell latitude_5320_firmware *
dell xps_17_9700_firmware *
dell latitude_5290_firmware *
dell latitude_rugged_7220ex_firmware *
dell precision_3560_firmware *
dell latitude_7320_detachable_firmware *
dell latitude_3510_firmware *
dell g15_5511_firmware *
dell inspiron_7306_2-in-1_firmware *
dell optiplex_7000_firmware *
dell xps_13_9315_firmware *
dell vostro_3020_t_firmware *
dell inspiron_3470_firmware *
dell vostro_5510_firmware *
dell latitude_14_rugged_5414_firmware *
dell inspiron_3582_firmware *
dell inspiron_7000_firmware *
dell vostro_3690_firmware *
dell latitude_5510_firmware *
dell vostro_3471_firmware *
dell xps_17_9720_firmware *
dell latitude_9420_firmware *
dell precision_3450_firmware *
dell latitude_7400_2-in-1_firmware *
dell optiplex_3000_thin_client_firmware *
dell latitude_7280_firmware *
dell latitude_7290_firmware *
dell latitude_5300_firmware *
dell inspiron_5420_firmware *
dell optiplex_3000_firmware *
dell precision_5560_firmware *
dell xps_13_9310_2-in-1_firmware *
dell inspiron_3583_firmware *
dell optiplex_7071_firmware *
dell inspiron_5481_2-in-1_firmware *
dell precision_5570_firmware *
dell optiplex_7780_all-in-one_firmware *
dell vostro_5491_firmware *
dell alienware_aurora_r15_firmware *
dell inspiron_3590_firmware *
dell vostro_3420_firmware *
dell vostro_3582_firmware *
dell precision_3431_tower_firmware *
dell latitude_5530_firmware *
dell latitude_7530_firmware *
dell vostro_5591_firmware *
dell inspiron_5502_firmware *
dell optiplex_5050_firmware *
dell vostro_3481_firmware *
dell vostro_3490_firmware *
dell alienware_m15_r4_firmware *
dell inspiron_5406_2-in-1_firmware *
dell latitude_5290_2-in-1_firmware *
dell precision_3440_firmware *
dell precision_7510_firmware *
dell chengming_3980_firmware *
dell inspiron_3280_firmware *
dell xps_13_9310_firmware *
dell xps_13_9320_firmware *
dell precision_7865_tower_firmware *
dell precision_7710_firmware *
dell latitude_5580_firmware *
dell latitude_3120_firmware *
dell latitude_7410_firmware *
dell xps_13_9315_2-in-1_firmware *
dell inspiron_5598_firmware *
dell latitude_3189_firmware *
dell inspiron_7791_firmware *
dell precision_3460_small_form_factor_firmware *
dell precision_5750_firmware *
dell vostro_3681_firmware *
dell vostro_5320_firmware *
dell inspiron_5491_2-in-1_firmware *
dell vostro_7620_firmware *
dell inspiron_15_3511_firmware *
dell latitude_9330_firmware *
dell optiplex_3080_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell latitude_3590_firmware *
dell g16_7620_firmware *
dell inspiron_5402_firmware *
dell precision_7520_firmware *
dell latitude_3400_firmware *
dell latitude_5531_firmware *
dell latitude_3180_firmware *
dell g5_15_5500_firmware *
dell vostro_5620_firmware *
dell latitude_5500_firmware *
dell latitude_5330_firmware *
dell inspiron_5391_firmware *
dell inspiron_5501_firmware *
dell optiplex_5000_firmware *
dell g7_17_7700_firmware *
dell wyse_5070_firmware *
dell inspiron_5594_firmware *
dell chengming_3990_firmware *
dell inspiron_5301_firmware *
dell alienware_x17_r2_firmware *
dell precision_3660_firmware *
dell vostro_3584_firmware *
dell inspiron_3881_firmware *
dell vostro_5090_firmware *
dell optiplex_7460_all-in-one_firmware *
dell alienware_aurora_r12_firmware *
dell g3_15_3590_firmware *
dell optiplex_7090_ultra_firmware *
dell inspiron_14_plus_7420_firmware *
dell inspiron_5570_firmware *
dell precision_3550_firmware *
dell vostro_5410_firmware *
dell inspiron_7300_2-in-1_firmware *
dell optiplex_3280_all-in-one_firmware *
dell optiplex_5480_all-in-one_firmware *
dell precision_5470_firmware *
dell latitude_3530_firmware *
dell latitude_7330_firmware *
dell precision_3930_rack_firmware *
dell xps_15_7590_firmware *
dell inspiron_3490_firmware *
dell optiplex_7760_all-in-one_firmware *
dell inspiron_15_5518_firmware *
dell g5_5000_firmware *
dell precision_7540_firmware *
dell latitude_5289_firmware *
dell chengming_3988_firmware *
dell latitude_5280_firmware *
dell inspiron_5410_firmware *
dell vostro_3510_firmware *
dell xps_13_9305_firmware *
dell optiplex_7770_all-in-one_firmware *
dell inspiron_5408_firmware *
dell inspiron_3502_firmware *
dell inspiron_7590_firmware *
dell inspiron_5620_firmware *
dell latitude_7490_firmware *
dell inspiron_3493_firmware *
dell alienware_m16_firmware *
dell latitude_3480_firmware *
dell latitude_3310_2-in-1_firmware *
dell vostro_3590_firmware *
dell inspiron_7710_firmware *
dell optiplex_5250_firmware *
dell inspiron_3510_firmware *
dell latitude_5410_firmware *
dell vostro_5391_firmware *
dell optiplex_7400_firmware *
dell optiplex_7410_all-in-one_firmware *
dell latitude_3430_firmware *
dell inspiron_5401_firmware *
dell optiplex_7470_all-in-one_firmware *
dell optiplex_3050_all-in-one_firmware *
dell alienware_m15_r2_firmware *
dell latitude_5411_firmware *
dell g5_5090_firmware *
dell optiplex_3060_firmware *
dell inspiron_3581_firmware *
dell optiplex_xe3_firmware *
dell precision_3570_firmware *
dell inspiron_5590_firmware *
dell precision_5540_firmware *
dell embedded_box_pc_5000_firmware *
dell precision_7730_firmware *
dell inspiron_7501_firmware *
dell vostro_7510_firmware *
dell latitude_5490_firmware *
dell precision_5720_aio_firmware *
dell latitude_5520_firmware *
dell precision_3561_firmware *
dell inspiron_5508_firmware *
dell vostro_3881_firmware *
dell inspiron_5509_firmware *
dell inspiron_16_7630_2-in-1_firmware *
dell latitude_5521_firmware *
dell vostro_5401_firmware *
dell inspiron_3020s_firmware *
dell vostro_3500_firmware *
dell vostro_3501_firmware *
dell optiplex_5080_firmware *
dell latitude_5420_firmware *
dell alienware_aurora_r11_firmware *
dell inspiron_7490_firmware *
dell inspiron_5400_2-in-1_firmware *
dell inspiron_14_5410_firmware *
dell inspiron_3891_firmware *
dell latitude_7200_2-in-1_firmware *
dell inspiron_3910_firmware *
dell inspiron_14_5430_firmware *
dell precision_3620_tower_firmware *
dell precision_7770_firmware *
dell latitude_5288_firmware *
dell latitude_3300_firmware *
dell vostro_3667_firmware *
dell inspiron_5494_firmware *
dell vostro_3020_sff_firmware *
dell optiplex_5070_firmware *
dell inspiron_3520_firmware *
dell inspiron_3480_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_7212_rugged_extreme_tablet_firmware *
dell latitude_5501_firmware *
dell vostro_3910_firmware *
dell inspiron_5320_firmware *
dell latitude_7390_firmware *
dell vostro_3520_firmware *
dell inspiron_16_5630_firmware *
dell inspiron_5490_aio_firmware *
dell inspiron_7300_firmware *
dell optiplex_7070_ultra_firmware *
dell optiplex_7080_firmware *
dell inspiron_7400_firmware *
dell inspiron_24_5420_all-in-one_firmware *
dell latitude_3420_firmware *
dell inspiron_5770_firmware *
dell inspiron_3793_firmware *
dell optiplex_7090_firmware *
dell inspiron_7790_firmware *
dell latitude_7230_rugged_extreme_tablet_firmware *
dell alienware_area_51m_r2_firmware *
dell latitude_3190_firmware *
dell chengming_3991_firmware *
dell xps_13_9300_firmware *
dell alienware_x17_r1_firmware *
dell latitude_5424_rugged_firmware *
dell precision_5550_firmware *
dell inspiron_7706_2-in-1_firmware *
dell latitude_5300_2-in-1_firmware *
dell vostro_5880_firmware *
dell alienware_m15_r7_firmware *
dell inspiron_5401_aio_firmware *
dell latitude_5400_firmware *
dell latitude_5310_firmware *
dell g7_17_7790_firmware *
dell optiplex_7060_firmware *
dell vostro_3268_firmware *
dell inspiron_14_5418_firmware *
dell vostro_3583_firmware *
dell precision_3540_firmware *
dell chengming_3900_firmware *
dell latitude_3140_firmware *
dell vostro_16_5630_firmware *
dell vostro_3480_firmware *
dell xps_8950_firmware *
dell optiplex_5270_all-in-one_firmware *
dell latitude_5430_firmware *
dell inspiron_5491_aio_firmware *
dell precision_7670_firmware *
dell inspiron_3782_firmware *
dell optiplex_small_form_factor_plus_7010_firmware *
dell precision_7920_tower_firmware *
dell inspiron_14_7430_2-in-1_firmware *
dell inspiron_3670_firmware *
dell chengming_3910_firmware *
dell latitude_5285_2-in-1_firmware *
dell inspiron_16_plus_7620_firmware *
dell inspiron_3471_firmware *
dell chengming_3901_firmware *
dell vostro_5301_firmware *
dell latitude_3190_2-in-1_firmware *
dell precision_3541_firmware *
dell precision_5770_firmware *
dell g3_3579_firmware *
dell latitude_5480_firmware *
dell precision_7720_firmware *
dell optiplex_5400_firmware *
dell latitude_3500_firmware *
dell vostro_3267_firmware *
dell inspiron_24_5421_all-in-one_firmware *
dell latitude_5421_firmware *
dell inspiron_3780_firmware *
dell vostro_3671_firmware *
dell vostro_5890_firmware *
dell xps_13_7390_2-in-1_firmware *
dell optiplex_7000_oem_firmware *
dell inspiron_3521_firmware *
dell precision_3640_tower_firmware *
dell xps_15_9575_2-in-1_firmware *
dell optiplex_5490_all-in-one_firmware *
dell latitude_7310_firmware *
dell vostro_5590_firmware *
dell g15_5530_firmware *
dell alienware_area_51m_r1_firmware *
dell latitude_13_3380_firmware *
dell latitude_12_rugged_extreme_7214_firmware *
dell vostro_5310_firmware *
dell optiplex_3070_firmware *
dell chengming_3911_firmware *
dell latitude_9430_firmware *
dell latitude_7285_2-in-1_firmware *
dell precision_7530_firmware *
dell precision_5520_firmware *
dell latitude_7400_firmware *
dell wyse_5470_firmware *
dell vostro_5402_firmware *
dell vostro_3581_firmware *
dell latitude_7430_firmware *
dell alienware_m17_r3_firmware *
dell latitude_5591_firmware *
dell vostro_7500_firmware *
dell vostro_7590_firmware *
dell inspiron_3580_firmware *
dell inspiron_5490_firmware *
dell latitude_3390_2-in-1_firmware *
dell latitude_5420_rugged_firmware *
dell xps_8960_firmware *
dell latitude_5488_firmware *
dell latitude_3330_firmware *
dell vostro_3401_firmware *
dell latitude_5511_firmware *
dell precision_3530_firmware *
dell inspiron_3501_firmware *
dell g15_5510_firmware *
dell alienware_aurora_r13_firmware *
dell latitude_5590_firmware *
dell optiplex_5090_firmware *
dell optiplex_7050_firmware *
dell xps_13_7390_firmware *
dell inspiron_7391_firmware *
dell wyse_7040_thin_client_firmware *
dell vostro_3668_firmware *
dell inspiron_3511_firmware *
dell optiplex_7450_firmware *
dell inspiron_3584_firmware *
dell xps_8940_firmware *
dell inspiron_7500_firmware *
dell inspiron_15_5510_firmware *
dell optiplex_tower_plus_7010_firmware *
dell alienware_m15_r3_firmware *
dell vostro_3669_firmware *
dell inspiron_3481_firmware *
dell inspiron_5498_firmware *
dell inspiron_27_7720_all-in-one_firmware *
dell vostro_5490_firmware *
dell g15_5520_firmware *
dell inspiron_13_5330_firmware *
dell latitude_3310_firmware *
dell latitude_3301_firmware *
CVE-2023-28042

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L 0.8 4.2

Products Affected

Vendor Product Version
dell inspiron_5310_firmware *
dell inspiron_5591_2-in-1_firmware *
dell optiplex_3090_firmware *
dell xps_17_9730_firmware *
dell optiplex_7480_all-in-one_firmware *
dell inspiron_3593_firmware *
dell inspiron_24_5410_all-in-one_firmware *
dell inspiron_5593_firmware *
dell vostro_3710_firmware *
dell latitude_7414_rugged_extreme_firmware *
dell latitude_3410_firmware *
dell latitude_7390_2-in-1_firmware *
dell inspiron_5400_firmware *
dell latitude_7210_2-in-1_firmware *
dell precision_3520_firmware *
dell latitude_3520_firmware *
dell latitude_3580_firmware *
dell xps_15_9520_firmware *
dell inspiron_5409_firmware *
dell inspiron_3020_firmware *
dell inspiron_7700_all-in-one_firmware *
dell g7_15_7500_firmware *
dell latitude_7480_firmware *
dell xps_15_9530_firmware *
dell alienware_x14_firmware *
dell latitude_3490_firmware *
dell precision_3630_tower_firmware *
dell precision_7820_tower_firmware *
dell inspiron_7591_firmware *
dell optiplex_7490_all-in-one_firmware *
dell g5_15_5590_firmware *
dell latitude_9510_firmware *
dell optiplex_5060_firmware *
dell inspiron_7610_firmware *
dell g7_15_7590_firmware *
dell precision_3430_tower_firmware *
dell alienware_x15_r1_firmware *
dell optiplex_5260_all-in-one_firmware *
dell latitude_9410_firmware *
dell precision_3240_compact_firmware *
dell precision_5530_firmware *
dell vostro_3070_firmware *
dell inspiron_5300_firmware *
dell optiplex_3050_firmware *
dell alienware_m15_r6_firmware *
dell precision_3571_firmware *
dell latitude_5491_firmware *
dell vostro_5502_firmware *
dell precision_5760_firmware *
dell inspiron_3781_firmware *
dell precision_5820_tower_firmware *
dell inspiron_7510_firmware *
dell vostro_5501_firmware *
dell latitude_7389_firmware *
dell g3_3500_firmware *
dell inspiron_7420_firmware *
dell inspiron_16_7620_2-in-1_firmware *
dell vostro_3580_firmware *
dell inspiron_7500_2-in-1_black_firmware *
dell latitude_rugged_7220_firmware *
dell inspiron_3880_firmware *
dell inspiron_3482_firmware *
dell vostro_3400_firmware *
dell inspiron_7500_2-in-1_silver_firmware *
dell latitude_7380_firmware *
dell alienware_m17_r2_firmware *
dell latitude_rugged_7330_firmware *
dell xps_17_9710_firmware *
dell optiplex_3090_ultra_firmware *
dell precision_3551_firmware *
dell alienware_x15_r2_firmware *
dell xps_15_9510_firmware *
dell g3_3779_firmware *
dell alienware_m17_r4_firmware *
dell optiplex_7070_firmware *
dell precision_7740_firmware *
dell vostro_3890_firmware *
dell xps_15_9500_firmware *
dell precision_7560_firmware *
dell precision_7760_firmware *
dell vostro_3470_firmware *
dell inspiron_5493_firmware *
dell precision_3650_tower_firmware *
dell latitude_9520_firmware *
dell latitude_rugged_5430_firmware *
dell inspiron_7506_2-in-1_firmware *
dell wyse_5470_all-in-one_firmware *
dell precision_5530_2-in-1_firmware *
dell latitude_7300_firmware *
dell latitude_3320_firmware *
dell xps_13_9380_firmware *
dell precision_3420_tower_firmware *
dell vostro_5300_firmware *
dell inspiron_3790_firmware *
dell vostro_3670_firmware *
dell inspiron_3671_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell latitude_5320_firmware *
dell xps_17_9700_firmware *
dell latitude_5290_firmware *
dell latitude_rugged_7220ex_firmware *
dell precision_3560_firmware *
dell latitude_7320_detachable_firmware *
dell latitude_3510_firmware *
dell g15_5511_firmware *
dell inspiron_7306_2-in-1_firmware *
dell optiplex_7000_firmware *
dell xps_13_9315_firmware *
dell vostro_3020_t_firmware *
dell inspiron_3470_firmware *
dell vostro_5510_firmware *
dell latitude_14_rugged_5414_firmware *
dell inspiron_3582_firmware *
dell inspiron_7000_firmware *
dell vostro_3690_firmware *
dell latitude_5510_firmware *
dell vostro_3471_firmware *
dell xps_17_9720_firmware *
dell latitude_9420_firmware *
dell precision_3450_firmware *
dell latitude_7400_2-in-1_firmware *
dell optiplex_3000_thin_client_firmware *
dell latitude_7280_firmware *
dell latitude_7290_firmware *
dell latitude_5300_firmware *
dell inspiron_5420_firmware *
dell optiplex_3000_firmware *
dell precision_5560_firmware *
dell xps_13_9310_2-in-1_firmware *
dell inspiron_3583_firmware *
dell optiplex_7071_firmware *
dell inspiron_5481_2-in-1_firmware *
dell precision_5570_firmware *
dell optiplex_7780_all-in-one_firmware *
dell vostro_5491_firmware *
dell alienware_aurora_r15_firmware *
dell inspiron_3590_firmware *
dell vostro_3420_firmware *
dell vostro_3582_firmware *
dell precision_3431_tower_firmware *
dell latitude_5530_firmware *
dell latitude_7530_firmware *
dell vostro_5591_firmware *
dell inspiron_5502_firmware *
dell optiplex_5050_firmware *
dell vostro_3481_firmware *
dell vostro_3490_firmware *
dell alienware_m15_r4_firmware *
dell inspiron_5406_2-in-1_firmware *
dell latitude_5290_2-in-1_firmware *
dell precision_3440_firmware *
dell precision_7510_firmware *
dell chengming_3980_firmware *
dell inspiron_3280_firmware *
dell xps_13_9310_firmware *
dell xps_13_9320_firmware *
dell precision_7865_tower_firmware *
dell precision_7710_firmware *
dell latitude_5580_firmware *
dell latitude_3120_firmware *
dell latitude_7410_firmware *
dell xps_13_9315_2-in-1_firmware *
dell inspiron_5598_firmware *
dell latitude_3189_firmware *
dell inspiron_7791_firmware *
dell precision_3460_small_form_factor_firmware *
dell precision_5750_firmware *
dell vostro_3681_firmware *
dell vostro_5320_firmware *
dell inspiron_5491_2-in-1_firmware *
dell vostro_7620_firmware *
dell inspiron_15_3511_firmware *
dell latitude_9330_firmware *
dell optiplex_3080_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell latitude_3590_firmware *
dell g16_7620_firmware *
dell inspiron_5402_firmware *
dell precision_7520_firmware *
dell latitude_3400_firmware *
dell latitude_5531_firmware *
dell latitude_3180_firmware *
dell g5_15_5500_firmware *
dell vostro_5620_firmware *
dell latitude_5500_firmware *
dell latitude_5330_firmware *
dell inspiron_5391_firmware *
dell inspiron_5501_firmware *
dell optiplex_5000_firmware *
dell g7_17_7700_firmware *
dell wyse_5070_firmware *
dell inspiron_5594_firmware *
dell chengming_3990_firmware *
dell inspiron_5301_firmware *
dell alienware_x17_r2_firmware *
dell precision_3660_firmware *
dell vostro_3584_firmware *
dell inspiron_3881_firmware *
dell vostro_5090_firmware *
dell optiplex_7460_all-in-one_firmware *
dell alienware_aurora_r12_firmware *
dell g3_15_3590_firmware *
dell optiplex_7090_ultra_firmware *
dell inspiron_14_plus_7420_firmware *
dell inspiron_5570_firmware *
dell precision_3550_firmware *
dell vostro_5410_firmware *
dell inspiron_7300_2-in-1_firmware *
dell optiplex_3280_all-in-one_firmware *
dell optiplex_5480_all-in-one_firmware *
dell precision_5470_firmware *
dell latitude_3530_firmware *
dell latitude_7330_firmware *
dell precision_3930_rack_firmware *
dell xps_15_7590_firmware *
dell inspiron_3490_firmware *
dell optiplex_7760_all-in-one_firmware *
dell inspiron_15_5518_firmware *
dell g5_5000_firmware *
dell precision_7540_firmware *
dell latitude_5289_firmware *
dell chengming_3988_firmware *
dell latitude_5280_firmware *
dell inspiron_5410_firmware *
dell vostro_3510_firmware *
dell xps_13_9305_firmware *
dell optiplex_7770_all-in-one_firmware *
dell inspiron_5408_firmware *
dell inspiron_3502_firmware *
dell inspiron_7590_firmware *
dell inspiron_5620_firmware *
dell latitude_7490_firmware *
dell inspiron_3493_firmware *
dell alienware_m16_firmware *
dell latitude_3480_firmware *
dell latitude_3310_2-in-1_firmware *
dell vostro_3590_firmware *
dell inspiron_7710_firmware *
dell optiplex_5250_firmware *
dell inspiron_3510_firmware *
dell latitude_5410_firmware *
dell vostro_5391_firmware *
dell optiplex_7400_firmware *
dell optiplex_7410_all-in-one_firmware *
dell latitude_3430_firmware *
dell inspiron_5401_firmware *
dell optiplex_7470_all-in-one_firmware *
dell optiplex_3050_all-in-one_firmware *
dell alienware_m15_r2_firmware *
dell latitude_5411_firmware *
dell g5_5090_firmware *
dell optiplex_3060_firmware *
dell inspiron_3581_firmware *
dell optiplex_xe3_firmware *
dell precision_3570_firmware *
dell inspiron_5590_firmware *
dell precision_5540_firmware *
dell embedded_box_pc_5000_firmware *
dell precision_7730_firmware *
dell inspiron_7501_firmware *
dell vostro_7510_firmware *
dell latitude_5490_firmware *
dell precision_5720_aio_firmware *
dell latitude_5520_firmware *
dell precision_3561_firmware *
dell inspiron_5508_firmware *
dell vostro_3881_firmware *
dell inspiron_5509_firmware *
dell inspiron_16_7630_2-in-1_firmware *
dell latitude_5521_firmware *
dell vostro_5401_firmware *
dell inspiron_3020s_firmware *
dell vostro_3500_firmware *
dell vostro_3501_firmware *
dell optiplex_5080_firmware *
dell latitude_5420_firmware *
dell alienware_aurora_r11_firmware *
dell inspiron_7490_firmware *
dell inspiron_5400_2-in-1_firmware *
dell inspiron_14_5410_firmware *
dell inspiron_3891_firmware *
dell latitude_7200_2-in-1_firmware *
dell inspiron_3910_firmware *
dell inspiron_14_5430_firmware *
dell precision_3620_tower_firmware *
dell precision_7770_firmware *
dell latitude_5288_firmware *
dell latitude_3300_firmware *
dell vostro_3667_firmware *
dell inspiron_5494_firmware *
dell vostro_3020_sff_firmware *
dell optiplex_5070_firmware *
dell inspiron_3520_firmware *
dell inspiron_3480_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_7212_rugged_extreme_tablet_firmware *
dell latitude_5501_firmware *
dell vostro_3910_firmware *
dell inspiron_5320_firmware *
dell latitude_7390_firmware *
dell vostro_3520_firmware *
dell inspiron_16_5630_firmware *
dell inspiron_5490_aio_firmware *
dell inspiron_7300_firmware *
dell optiplex_7070_ultra_firmware *
dell optiplex_7080_firmware *
dell inspiron_7400_firmware *
dell inspiron_24_5420_all-in-one_firmware *
dell latitude_3420_firmware *
dell inspiron_5770_firmware *
dell inspiron_3793_firmware *
dell optiplex_7090_firmware *
dell inspiron_7790_firmware *
dell latitude_7230_rugged_extreme_tablet_firmware *
dell alienware_area_51m_r2_firmware *
dell latitude_3190_firmware *
dell chengming_3991_firmware *
dell xps_13_9300_firmware *
dell alienware_x17_r1_firmware *
dell latitude_5424_rugged_firmware *
dell precision_5550_firmware *
dell inspiron_7706_2-in-1_firmware *
dell latitude_5300_2-in-1_firmware *
dell vostro_5880_firmware *
dell alienware_m15_r7_firmware *
dell inspiron_5401_aio_firmware *
dell latitude_5400_firmware *
dell latitude_5310_firmware *
dell g7_17_7790_firmware *
dell optiplex_7060_firmware *
dell vostro_3268_firmware *
dell inspiron_14_5418_firmware *
dell vostro_3583_firmware *
dell precision_3540_firmware *
dell chengming_3900_firmware *
dell latitude_3140_firmware *
dell vostro_16_5630_firmware *
dell vostro_3480_firmware *
dell xps_8950_firmware *
dell optiplex_5270_all-in-one_firmware *
dell latitude_5430_firmware *
dell inspiron_5491_aio_firmware *
dell precision_7670_firmware *
dell inspiron_3782_firmware *
dell optiplex_small_form_factor_plus_7010_firmware *
dell precision_7920_tower_firmware *
dell inspiron_14_7430_2-in-1_firmware *
dell inspiron_3670_firmware *
dell chengming_3910_firmware *
dell latitude_5285_2-in-1_firmware *
dell inspiron_16_plus_7620_firmware *
dell inspiron_3471_firmware *
dell chengming_3901_firmware *
dell vostro_5301_firmware *
dell latitude_3190_2-in-1_firmware *
dell precision_3541_firmware *
dell precision_5770_firmware *
dell g3_3579_firmware *
dell latitude_5480_firmware *
dell precision_7720_firmware *
dell optiplex_5400_firmware *
dell latitude_3500_firmware *
dell vostro_3267_firmware *
dell inspiron_24_5421_all-in-one_firmware *
dell latitude_5421_firmware *
dell inspiron_3780_firmware *
dell vostro_3671_firmware *
dell vostro_5890_firmware *
dell xps_13_7390_2-in-1_firmware *
dell optiplex_7000_oem_firmware *
dell inspiron_3521_firmware *
dell precision_3640_tower_firmware *
dell xps_15_9575_2-in-1_firmware *
dell optiplex_5490_all-in-one_firmware *
dell latitude_7310_firmware *
dell vostro_5590_firmware *
dell g15_5530_firmware *
dell alienware_area_51m_r1_firmware *
dell latitude_13_3380_firmware *
dell latitude_12_rugged_extreme_7214_firmware *
dell vostro_5310_firmware *
dell optiplex_3070_firmware *
dell chengming_3911_firmware *
dell latitude_9430_firmware *
dell latitude_7285_2-in-1_firmware *
dell precision_7530_firmware *
dell precision_5520_firmware *
dell latitude_7400_firmware *
dell wyse_5470_firmware *
dell vostro_5402_firmware *
dell vostro_3581_firmware *
dell latitude_7430_firmware *
dell alienware_m17_r3_firmware *
dell latitude_5591_firmware *
dell vostro_7500_firmware *
dell vostro_7590_firmware *
dell inspiron_3580_firmware *
dell inspiron_5490_firmware *
dell latitude_3390_2-in-1_firmware *
dell latitude_5420_rugged_firmware *
dell xps_8960_firmware *
dell latitude_5488_firmware *
dell latitude_3330_firmware *
dell vostro_3401_firmware *
dell latitude_5511_firmware *
dell precision_3530_firmware *
dell inspiron_3501_firmware *
dell g15_5510_firmware *
dell alienware_aurora_r13_firmware *
dell latitude_5590_firmware *
dell optiplex_5090_firmware *
dell optiplex_7050_firmware *
dell xps_13_7390_firmware *
dell inspiron_7391_firmware *
dell wyse_7040_thin_client_firmware *
dell vostro_3668_firmware *
dell inspiron_3511_firmware *
dell optiplex_7450_firmware *
dell inspiron_3584_firmware *
dell xps_8940_firmware *
dell inspiron_7500_firmware *
dell inspiron_15_5510_firmware *
dell optiplex_tower_plus_7010_firmware *
dell alienware_m15_r3_firmware *
dell vostro_3669_firmware *
dell inspiron_3481_firmware *
dell inspiron_5498_firmware *
dell inspiron_27_7720_all-in-one_firmware *
dell vostro_5490_firmware *
dell g15_5520_firmware *
dell inspiron_13_5330_firmware *
dell latitude_3310_firmware *
dell latitude_3301_firmware *
CVE-2023-28043

Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2.8 3.4

Products Affected

Vendor Product Version
dell secure_connect_gateway 5.14.00.16
CVE-2023-28044

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L 0.8 4.2

Products Affected

Vendor Product Version
dell inspiron_5310_firmware *
dell inspiron_5591_2-in-1_firmware *
dell optiplex_3090_firmware *
dell xps_17_9730_firmware *
dell optiplex_7480_all-in-one_firmware *
dell inspiron_3593_firmware *
dell inspiron_24_5410_all-in-one_firmware *
dell inspiron_5593_firmware *
dell vostro_3710_firmware *
dell latitude_7414_rugged_extreme_firmware *
dell latitude_3410_firmware *
dell latitude_7390_2-in-1_firmware *
dell inspiron_5400_firmware *
dell latitude_7210_2-in-1_firmware *
dell precision_3520_firmware *
dell latitude_3520_firmware *
dell latitude_3580_firmware *
dell xps_15_9520_firmware *
dell inspiron_5409_firmware *
dell inspiron_3020_firmware *
dell inspiron_7700_all-in-one_firmware *
dell g7_15_7500_firmware *
dell latitude_7480_firmware *
dell xps_15_9530_firmware *
dell alienware_x14_firmware *
dell latitude_3490_firmware *
dell precision_3630_tower_firmware *
dell precision_7820_tower_firmware *
dell inspiron_7591_firmware *
dell optiplex_7490_all-in-one_firmware *
dell g5_15_5590_firmware *
dell latitude_9510_firmware *
dell optiplex_5060_firmware *
dell inspiron_7610_firmware *
dell g7_15_7590_firmware *
dell precision_3430_tower_firmware *
dell alienware_x15_r1_firmware *
dell optiplex_5260_all-in-one_firmware *
dell latitude_9410_firmware *
dell precision_3240_compact_firmware *
dell precision_5530_firmware *
dell vostro_3070_firmware *
dell inspiron_5300_firmware *
dell optiplex_3050_firmware *
dell alienware_m15_r6_firmware *
dell precision_3571_firmware *
dell latitude_5491_firmware *
dell vostro_5502_firmware *
dell precision_5760_firmware *
dell inspiron_3781_firmware *
dell precision_5820_tower_firmware *
dell inspiron_7510_firmware *
dell vostro_5501_firmware *
dell latitude_7389_firmware *
dell g3_3500_firmware *
dell inspiron_7420_firmware *
dell inspiron_16_7620_2-in-1_firmware *
dell vostro_3580_firmware *
dell inspiron_7500_2-in-1_black_firmware *
dell latitude_rugged_7220_firmware *
dell inspiron_3880_firmware *
dell inspiron_3482_firmware *
dell vostro_3400_firmware *
dell inspiron_7500_2-in-1_silver_firmware *
dell latitude_7380_firmware *
dell alienware_m17_r2_firmware *
dell latitude_rugged_7330_firmware *
dell xps_17_9710_firmware *
dell optiplex_3090_ultra_firmware *
dell precision_3551_firmware *
dell alienware_x15_r2_firmware *
dell xps_15_9510_firmware *
dell g3_3779_firmware *
dell alienware_m17_r4_firmware *
dell optiplex_7070_firmware *
dell precision_7740_firmware *
dell vostro_3890_firmware *
dell xps_15_9500_firmware *
dell precision_7560_firmware *
dell precision_7760_firmware *
dell vostro_3470_firmware *
dell inspiron_5493_firmware *
dell precision_3650_tower_firmware *
dell latitude_9520_firmware *
dell latitude_rugged_5430_firmware *
dell inspiron_7506_2-in-1_firmware *
dell wyse_5470_all-in-one_firmware *
dell precision_5530_2-in-1_firmware *
dell latitude_7300_firmware *
dell latitude_3320_firmware *
dell xps_13_9380_firmware *
dell precision_3420_tower_firmware *
dell vostro_5300_firmware *
dell inspiron_3790_firmware *
dell vostro_3670_firmware *
dell inspiron_3671_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell latitude_5320_firmware *
dell xps_17_9700_firmware *
dell latitude_5290_firmware *
dell latitude_rugged_7220ex_firmware *
dell precision_3560_firmware *
dell latitude_7320_detachable_firmware *
dell latitude_3510_firmware *
dell g15_5511_firmware *
dell inspiron_7306_2-in-1_firmware *
dell optiplex_7000_firmware *
dell xps_13_9315_firmware *
dell vostro_3020_t_firmware *
dell inspiron_3470_firmware *
dell vostro_5510_firmware *
dell latitude_14_rugged_5414_firmware *
dell inspiron_3582_firmware *
dell inspiron_7000_firmware *
dell vostro_3690_firmware *
dell latitude_5510_firmware *
dell vostro_3471_firmware *
dell xps_17_9720_firmware *
dell latitude_9420_firmware *
dell precision_3450_firmware *
dell latitude_7400_2-in-1_firmware *
dell optiplex_3000_thin_client_firmware *
dell latitude_7280_firmware *
dell latitude_7290_firmware *
dell latitude_5300_firmware *
dell inspiron_5420_firmware *
dell optiplex_3000_firmware *
dell precision_5560_firmware *
dell xps_13_9310_2-in-1_firmware *
dell inspiron_3583_firmware *
dell optiplex_7071_firmware *
dell inspiron_5481_2-in-1_firmware *
dell precision_5570_firmware *
dell optiplex_7780_all-in-one_firmware *
dell vostro_5491_firmware *
dell alienware_aurora_r15_firmware *
dell inspiron_3590_firmware *
dell vostro_3420_firmware *
dell vostro_3582_firmware *
dell precision_3431_tower_firmware *
dell latitude_5530_firmware *
dell latitude_7530_firmware *
dell vostro_5591_firmware *
dell inspiron_5502_firmware *
dell optiplex_5050_firmware *
dell vostro_3481_firmware *
dell vostro_3490_firmware *
dell alienware_m15_r4_firmware *
dell inspiron_5406_2-in-1_firmware *
dell latitude_5290_2-in-1_firmware *
dell precision_3440_firmware *
dell precision_7510_firmware *
dell chengming_3980_firmware *
dell inspiron_3280_firmware *
dell xps_13_9310_firmware *
dell xps_13_9320_firmware *
dell precision_7865_tower_firmware *
dell precision_7710_firmware *
dell latitude_5580_firmware *
dell latitude_3120_firmware *
dell latitude_7410_firmware *
dell xps_13_9315_2-in-1_firmware *
dell inspiron_5598_firmware *
dell latitude_3189_firmware *
dell inspiron_7791_firmware *
dell precision_3460_small_form_factor_firmware *
dell precision_5750_firmware *
dell vostro_3681_firmware *
dell vostro_5320_firmware *
dell inspiron_5491_2-in-1_firmware *
dell vostro_7620_firmware *
dell inspiron_15_3511_firmware *
dell latitude_9330_firmware *
dell optiplex_3080_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell latitude_3590_firmware *
dell g16_7620_firmware *
dell inspiron_5402_firmware *
dell precision_7520_firmware *
dell latitude_3400_firmware *
dell latitude_5531_firmware *
dell latitude_3180_firmware *
dell g5_15_5500_firmware *
dell vostro_5620_firmware *
dell latitude_5500_firmware *
dell latitude_5330_firmware *
dell inspiron_5391_firmware *
dell inspiron_5501_firmware *
dell optiplex_5000_firmware *
dell g7_17_7700_firmware *
dell wyse_5070_firmware *
dell inspiron_5594_firmware *
dell chengming_3990_firmware *
dell inspiron_5301_firmware *
dell alienware_x17_r2_firmware *
dell precision_3660_firmware *
dell vostro_3584_firmware *
dell inspiron_3881_firmware *
dell vostro_5090_firmware *
dell optiplex_7460_all-in-one_firmware *
dell alienware_aurora_r12_firmware *
dell g3_15_3590_firmware *
dell optiplex_7090_ultra_firmware *
dell inspiron_14_plus_7420_firmware *
dell inspiron_5570_firmware *
dell precision_3550_firmware *
dell vostro_5410_firmware *
dell inspiron_7300_2-in-1_firmware *
dell optiplex_3280_all-in-one_firmware *
dell optiplex_5480_all-in-one_firmware *
dell precision_5470_firmware *
dell latitude_3530_firmware *
dell latitude_7330_firmware *
dell precision_3930_rack_firmware *
dell xps_15_7590_firmware *
dell inspiron_3490_firmware *
dell optiplex_7760_all-in-one_firmware *
dell inspiron_15_5518_firmware *
dell g5_5000_firmware *
dell precision_7540_firmware *
dell latitude_5289_firmware *
dell chengming_3988_firmware *
dell latitude_5280_firmware *
dell inspiron_5410_firmware *
dell vostro_3510_firmware *
dell xps_13_9305_firmware *
dell optiplex_7770_all-in-one_firmware *
dell inspiron_5408_firmware *
dell inspiron_3502_firmware *
dell inspiron_7590_firmware *
dell inspiron_5620_firmware *
dell latitude_7490_firmware *
dell inspiron_3493_firmware *
dell alienware_m16_firmware *
dell latitude_3480_firmware *
dell latitude_3310_2-in-1_firmware *
dell vostro_3590_firmware *
dell inspiron_7710_firmware *
dell optiplex_5250_firmware *
dell inspiron_3510_firmware *
dell latitude_5410_firmware *
dell vostro_5391_firmware *
dell optiplex_7400_firmware *
dell optiplex_7410_all-in-one_firmware *
dell latitude_3430_firmware *
dell inspiron_5401_firmware *
dell optiplex_7470_all-in-one_firmware *
dell optiplex_3050_all-in-one_firmware *
dell alienware_m15_r2_firmware *
dell latitude_5411_firmware *
dell g5_5090_firmware *
dell optiplex_3060_firmware *
dell inspiron_3581_firmware *
dell optiplex_xe3_firmware *
dell precision_3570_firmware *
dell inspiron_5590_firmware *
dell precision_5540_firmware *
dell embedded_box_pc_5000_firmware *
dell precision_7730_firmware *
dell inspiron_7501_firmware *
dell vostro_7510_firmware *
dell latitude_5490_firmware *
dell precision_5720_aio_firmware *
dell latitude_5520_firmware *
dell precision_3561_firmware *
dell inspiron_5508_firmware *
dell vostro_3881_firmware *
dell inspiron_5509_firmware *
dell inspiron_16_7630_2-in-1_firmware *
dell latitude_5521_firmware *
dell vostro_5401_firmware *
dell inspiron_3020s_firmware *
dell vostro_3500_firmware *
dell vostro_3501_firmware *
dell optiplex_5080_firmware *
dell latitude_5420_firmware *
dell alienware_aurora_r11_firmware *
dell inspiron_7490_firmware *
dell inspiron_5400_2-in-1_firmware *
dell inspiron_14_5410_firmware *
dell inspiron_3891_firmware *
dell latitude_7200_2-in-1_firmware *
dell inspiron_3910_firmware *
dell inspiron_14_5430_firmware *
dell precision_3620_tower_firmware *
dell precision_7770_firmware *
dell latitude_5288_firmware *
dell latitude_3300_firmware *
dell vostro_3667_firmware *
dell inspiron_5494_firmware *
dell vostro_3020_sff_firmware *
dell optiplex_5070_firmware *
dell inspiron_3520_firmware *
dell inspiron_3480_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_7212_rugged_extreme_tablet_firmware *
dell latitude_5501_firmware *
dell vostro_3910_firmware *
dell inspiron_5320_firmware *
dell latitude_7390_firmware *
dell vostro_3520_firmware *
dell inspiron_16_5630_firmware *
dell inspiron_5490_aio_firmware *
dell inspiron_7300_firmware *
dell optiplex_7070_ultra_firmware *
dell optiplex_7080_firmware *
dell inspiron_7400_firmware *
dell inspiron_24_5420_all-in-one_firmware *
dell latitude_3420_firmware *
dell inspiron_5770_firmware *
dell inspiron_3793_firmware *
dell optiplex_7090_firmware *
dell inspiron_7790_firmware *
dell latitude_7230_rugged_extreme_tablet_firmware *
dell alienware_area_51m_r2_firmware *
dell latitude_3190_firmware *
dell chengming_3991_firmware *
dell xps_13_9300_firmware *
dell alienware_x17_r1_firmware *
dell latitude_5424_rugged_firmware *
dell precision_5550_firmware *
dell inspiron_7706_2-in-1_firmware *
dell latitude_5300_2-in-1_firmware *
dell vostro_5880_firmware *
dell alienware_m15_r7_firmware *
dell inspiron_5401_aio_firmware *
dell latitude_5400_firmware *
dell latitude_5310_firmware *
dell g7_17_7790_firmware *
dell optiplex_7060_firmware *
dell vostro_3268_firmware *
dell inspiron_14_5418_firmware *
dell vostro_3583_firmware *
dell precision_3540_firmware *
dell chengming_3900_firmware *
dell latitude_3140_firmware *
dell vostro_16_5630_firmware *
dell vostro_3480_firmware *
dell xps_8950_firmware *
dell optiplex_5270_all-in-one_firmware *
dell latitude_5430_firmware *
dell inspiron_5491_aio_firmware *
dell precision_7670_firmware *
dell inspiron_3782_firmware *
dell optiplex_small_form_factor_plus_7010_firmware *
dell precision_7920_tower_firmware *
dell inspiron_14_7430_2-in-1_firmware *
dell inspiron_3670_firmware *
dell chengming_3910_firmware *
dell latitude_5285_2-in-1_firmware *
dell inspiron_16_plus_7620_firmware *
dell inspiron_3471_firmware *
dell chengming_3901_firmware *
dell vostro_5301_firmware *
dell latitude_3190_2-in-1_firmware *
dell precision_3541_firmware *
dell precision_5770_firmware *
dell g3_3579_firmware *
dell latitude_5480_firmware *
dell precision_7720_firmware *
dell optiplex_5400_firmware *
dell latitude_3500_firmware *
dell vostro_3267_firmware *
dell inspiron_24_5421_all-in-one_firmware *
dell latitude_5421_firmware *
dell inspiron_3780_firmware *
dell vostro_3671_firmware *
dell vostro_5890_firmware *
dell xps_13_7390_2-in-1_firmware *
dell optiplex_7000_oem_firmware *
dell inspiron_3521_firmware *
dell precision_3640_tower_firmware *
dell xps_15_9575_2-in-1_firmware *
dell optiplex_5490_all-in-one_firmware *
dell latitude_7310_firmware *
dell vostro_5590_firmware *
dell g15_5530_firmware *
dell alienware_area_51m_r1_firmware *
dell latitude_13_3380_firmware *
dell latitude_12_rugged_extreme_7214_firmware *
dell vostro_5310_firmware *
dell optiplex_3070_firmware *
dell chengming_3911_firmware *
dell latitude_9430_firmware *
dell latitude_7285_2-in-1_firmware *
dell precision_7530_firmware *
dell precision_5520_firmware *
dell latitude_7400_firmware *
dell wyse_5470_firmware *
dell vostro_5402_firmware *
dell vostro_3581_firmware *
dell latitude_7430_firmware *
dell alienware_m17_r3_firmware *
dell latitude_5591_firmware *
dell vostro_7500_firmware *
dell vostro_7590_firmware *
dell inspiron_3580_firmware *
dell inspiron_5490_firmware *
dell latitude_3390_2-in-1_firmware *
dell latitude_5420_rugged_firmware *
dell xps_8960_firmware *
dell latitude_5488_firmware *
dell latitude_3330_firmware *
dell vostro_3401_firmware *
dell latitude_5511_firmware *
dell precision_3530_firmware *
dell inspiron_3501_firmware *
dell g15_5510_firmware *
dell alienware_aurora_r13_firmware *
dell latitude_5590_firmware *
dell optiplex_5090_firmware *
dell optiplex_7050_firmware *
dell xps_13_7390_firmware *
dell inspiron_7391_firmware *
dell wyse_7040_thin_client_firmware *
dell vostro_3668_firmware *
dell inspiron_3511_firmware *
dell optiplex_7450_firmware *
dell inspiron_3584_firmware *
dell xps_8940_firmware *
dell inspiron_7500_firmware *
dell inspiron_15_5510_firmware *
dell optiplex_tower_plus_7010_firmware *
dell alienware_m15_r3_firmware *
dell vostro_3669_firmware *
dell inspiron_3481_firmware *
dell inspiron_5498_firmware *
dell inspiron_27_7720_all-in-one_firmware *
dell vostro_5490_firmware *
dell g15_5520_firmware *
dell inspiron_13_5330_firmware *
dell latitude_3310_firmware *
dell latitude_3301_firmware *
CVE-2023-28045

Dell CloudIQ Collector version 1.10.2 contains a missing encryption of sensitive data vulnerability. An attacker with low privileges could potentially exploit this vulnerability, leading to gain access to unauthorized data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N 2.1 4.2

Products Affected

Vendor Product Version
dell cloudiq_collector *
CVE-2023-28046

Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder deletion vulnerability during uninstallation A local low privilege attacker could potentially exploit this vulnerability, leading to the deletion of arbitrary files on the operating system with high privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2
security_alert@emc.com 6.6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H 1.3 5.2

Products Affected

Vendor Product Version
dell display_manager *
CVE-2023-28047

Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder creation vulnerability during installation. A local low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code on the operating system with high privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

Products Affected

Vendor Product Version
dell display_manager *
CVE-2023-28049

Dell Command | Monitor, versions prior to 10.9, contain an arbitrary folder deletion vulnerability. A locally authenticated malicious user may exploit this vulnerability in order to perform a privileged arbitrary file delete.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 1.0 3.6
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

Products Affected

Vendor Product Version
dell command_|_monitor *
CVE-2023-28050

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L 0.8 4.2

Products Affected

Vendor Product Version
dell inspiron_5310_firmware *
dell inspiron_5591_2-in-1_firmware *
dell optiplex_3090_firmware *
dell xps_17_9730_firmware *
dell optiplex_7480_all-in-one_firmware *
dell inspiron_3593_firmware *
dell inspiron_24_5410_all-in-one_firmware *
dell inspiron_5593_firmware *
dell vostro_3710_firmware *
dell latitude_7414_rugged_extreme_firmware *
dell latitude_3410_firmware *
dell latitude_7390_2-in-1_firmware *
dell inspiron_5400_firmware *
dell latitude_7210_2-in-1_firmware *
dell precision_3520_firmware *
dell latitude_3520_firmware *
dell latitude_3580_firmware *
dell xps_15_9520_firmware *
dell inspiron_5409_firmware *
dell inspiron_3020_firmware *
dell inspiron_7700_all-in-one_firmware *
dell g7_15_7500_firmware *
dell latitude_7480_firmware *
dell xps_15_9530_firmware *
dell alienware_x14_firmware *
dell latitude_3490_firmware *
dell precision_3630_tower_firmware *
dell precision_7820_tower_firmware *
dell inspiron_7591_firmware *
dell optiplex_7490_all-in-one_firmware *
dell g5_15_5590_firmware *
dell latitude_9510_firmware *
dell optiplex_5060_firmware *
dell inspiron_7610_firmware *
dell g7_15_7590_firmware *
dell precision_3430_tower_firmware *
dell alienware_x15_r1_firmware *
dell optiplex_5260_all-in-one_firmware *
dell latitude_9410_firmware *
dell precision_3240_compact_firmware *
dell precision_5530_firmware *
dell vostro_3070_firmware *
dell inspiron_5300_firmware *
dell optiplex_3050_firmware *
dell alienware_m15_r6_firmware *
dell precision_3571_firmware *
dell latitude_5491_firmware *
dell vostro_5502_firmware *
dell precision_5760_firmware *
dell inspiron_3781_firmware *
dell precision_5820_tower_firmware *
dell inspiron_7510_firmware *
dell vostro_5501_firmware *
dell latitude_7389_firmware *
dell g3_3500_firmware *
dell inspiron_7420_firmware *
dell inspiron_16_7620_2-in-1_firmware *
dell vostro_3580_firmware *
dell inspiron_7500_2-in-1_black_firmware *
dell latitude_rugged_7220_firmware *
dell inspiron_3880_firmware *
dell inspiron_3482_firmware *
dell vostro_3400_firmware *
dell inspiron_7500_2-in-1_silver_firmware *
dell latitude_7380_firmware *
dell alienware_m17_r2_firmware *
dell latitude_rugged_7330_firmware *
dell xps_17_9710_firmware *
dell optiplex_3090_ultra_firmware *
dell precision_3551_firmware *
dell alienware_x15_r2_firmware *
dell xps_15_9510_firmware *
dell g3_3779_firmware *
dell alienware_m17_r4_firmware *
dell optiplex_7070_firmware *
dell precision_7740_firmware *
dell vostro_3890_firmware *
dell xps_15_9500_firmware *
dell precision_7560_firmware *
dell precision_7760_firmware *
dell vostro_3470_firmware *
dell inspiron_5493_firmware *
dell precision_3650_tower_firmware *
dell latitude_9520_firmware *
dell latitude_rugged_5430_firmware *
dell inspiron_7506_2-in-1_firmware *
dell wyse_5470_all-in-one_firmware *
dell precision_5530_2-in-1_firmware *
dell latitude_7300_firmware *
dell latitude_3320_firmware *
dell xps_13_9380_firmware *
dell precision_3420_tower_firmware *
dell vostro_5300_firmware *
dell inspiron_3790_firmware *
dell vostro_3670_firmware *
dell inspiron_3671_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell latitude_5320_firmware *
dell xps_17_9700_firmware *
dell latitude_5290_firmware *
dell latitude_rugged_7220ex_firmware *
dell precision_3560_firmware *
dell latitude_7320_detachable_firmware *
dell latitude_3510_firmware *
dell g15_5511_firmware *
dell inspiron_7306_2-in-1_firmware *
dell optiplex_7000_firmware *
dell xps_13_9315_firmware *
dell vostro_3020_t_firmware *
dell inspiron_3470_firmware *
dell vostro_5510_firmware *
dell latitude_14_rugged_5414_firmware *
dell inspiron_3582_firmware *
dell inspiron_7000_firmware *
dell vostro_3690_firmware *
dell latitude_5510_firmware *
dell vostro_3471_firmware *
dell xps_17_9720_firmware *
dell latitude_9420_firmware *
dell precision_3450_firmware *
dell latitude_7400_2-in-1_firmware *
dell optiplex_3000_thin_client_firmware *
dell latitude_7280_firmware *
dell latitude_7290_firmware *
dell latitude_5300_firmware *
dell inspiron_5420_firmware *
dell optiplex_3000_firmware *
dell precision_5560_firmware *
dell xps_13_9310_2-in-1_firmware *
dell inspiron_3583_firmware *
dell optiplex_7071_firmware *
dell inspiron_5481_2-in-1_firmware *
dell precision_5570_firmware *
dell optiplex_7780_all-in-one_firmware *
dell vostro_5491_firmware *
dell alienware_aurora_r15_firmware *
dell inspiron_3590_firmware *
dell vostro_3420_firmware *
dell vostro_3582_firmware *
dell precision_3431_tower_firmware *
dell latitude_5530_firmware *
dell latitude_7530_firmware *
dell vostro_5591_firmware *
dell inspiron_5502_firmware *
dell optiplex_5050_firmware *
dell vostro_3481_firmware *
dell vostro_3490_firmware *
dell alienware_m15_r4_firmware *
dell inspiron_5406_2-in-1_firmware *
dell latitude_5290_2-in-1_firmware *
dell precision_3440_firmware *
dell precision_7510_firmware *
dell chengming_3980_firmware *
dell inspiron_3280_firmware *
dell xps_13_9310_firmware *
dell xps_13_9320_firmware *
dell precision_7865_tower_firmware *
dell precision_7710_firmware *
dell latitude_5580_firmware *
dell latitude_3120_firmware *
dell latitude_7410_firmware *
dell xps_13_9315_2-in-1_firmware *
dell inspiron_5598_firmware *
dell latitude_3189_firmware *
dell inspiron_7791_firmware *
dell precision_3460_small_form_factor_firmware *
dell precision_5750_firmware *
dell vostro_3681_firmware *
dell vostro_5320_firmware *
dell inspiron_5491_2-in-1_firmware *
dell vostro_7620_firmware *
dell inspiron_15_3511_firmware *
dell latitude_9330_firmware *
dell optiplex_3080_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell latitude_3590_firmware *
dell g16_7620_firmware *
dell inspiron_5402_firmware *
dell precision_7520_firmware *
dell latitude_3400_firmware *
dell latitude_5531_firmware *
dell latitude_3180_firmware *
dell g5_15_5500_firmware *
dell vostro_5620_firmware *
dell latitude_5500_firmware *
dell latitude_5330_firmware *
dell inspiron_5391_firmware *
dell inspiron_5501_firmware *
dell optiplex_5000_firmware *
dell g7_17_7700_firmware *
dell wyse_5070_firmware *
dell inspiron_5594_firmware *
dell chengming_3990_firmware *
dell inspiron_5301_firmware *
dell alienware_x17_r2_firmware *
dell precision_3660_firmware *
dell vostro_3584_firmware *
dell inspiron_3881_firmware *
dell vostro_5090_firmware *
dell optiplex_7460_all-in-one_firmware *
dell alienware_aurora_r12_firmware *
dell g3_15_3590_firmware *
dell optiplex_7090_ultra_firmware *
dell inspiron_14_plus_7420_firmware *
dell inspiron_5570_firmware *
dell precision_3550_firmware *
dell vostro_5410_firmware *
dell inspiron_7300_2-in-1_firmware *
dell optiplex_3280_all-in-one_firmware *
dell optiplex_5480_all-in-one_firmware *
dell precision_5470_firmware *
dell latitude_3530_firmware *
dell latitude_7330_firmware *
dell precision_3930_rack_firmware *
dell xps_15_7590_firmware *
dell inspiron_3490_firmware *
dell optiplex_7760_all-in-one_firmware *
dell inspiron_15_5518_firmware *
dell g5_5000_firmware *
dell precision_7540_firmware *
dell latitude_5289_firmware *
dell chengming_3988_firmware *
dell latitude_5280_firmware *
dell inspiron_5410_firmware *
dell vostro_3510_firmware *
dell xps_13_9305_firmware *
dell optiplex_7770_all-in-one_firmware *
dell inspiron_5408_firmware *
dell inspiron_3502_firmware *
dell inspiron_7590_firmware *
dell inspiron_5620_firmware *
dell latitude_7490_firmware *
dell inspiron_3493_firmware *
dell alienware_m16_firmware *
dell latitude_3480_firmware *
dell latitude_3310_2-in-1_firmware *
dell vostro_3590_firmware *
dell inspiron_7710_firmware *
dell optiplex_5250_firmware *
dell inspiron_3510_firmware *
dell latitude_5410_firmware *
dell vostro_5391_firmware *
dell optiplex_7400_firmware *
dell optiplex_7410_all-in-one_firmware *
dell latitude_3430_firmware *
dell inspiron_5401_firmware *
dell optiplex_7470_all-in-one_firmware *
dell optiplex_3050_all-in-one_firmware *
dell alienware_m15_r2_firmware *
dell latitude_5411_firmware *
dell g5_5090_firmware *
dell optiplex_3060_firmware *
dell inspiron_3581_firmware *
dell optiplex_xe3_firmware *
dell precision_3570_firmware *
dell inspiron_5590_firmware *
dell precision_5540_firmware *
dell embedded_box_pc_5000_firmware *
dell precision_7730_firmware *
dell inspiron_7501_firmware *
dell vostro_7510_firmware *
dell latitude_5490_firmware *
dell precision_5720_aio_firmware *
dell latitude_5520_firmware *
dell precision_3561_firmware *
dell inspiron_5508_firmware *
dell vostro_3881_firmware *
dell inspiron_5509_firmware *
dell inspiron_16_7630_2-in-1_firmware *
dell latitude_5521_firmware *
dell vostro_5401_firmware *
dell inspiron_3020s_firmware *
dell vostro_3500_firmware *
dell vostro_3501_firmware *
dell optiplex_5080_firmware *
dell latitude_5420_firmware *
dell alienware_aurora_r11_firmware *
dell inspiron_7490_firmware *
dell inspiron_5400_2-in-1_firmware *
dell inspiron_14_5410_firmware *
dell inspiron_3891_firmware *
dell latitude_7200_2-in-1_firmware *
dell inspiron_3910_firmware *
dell inspiron_14_5430_firmware *
dell precision_3620_tower_firmware *
dell precision_7770_firmware *
dell latitude_5288_firmware *
dell latitude_3300_firmware *
dell vostro_3667_firmware *
dell inspiron_5494_firmware *
dell vostro_3020_sff_firmware *
dell optiplex_5070_firmware *
dell inspiron_3520_firmware *
dell inspiron_3480_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_7212_rugged_extreme_tablet_firmware *
dell latitude_5501_firmware *
dell vostro_3910_firmware *
dell inspiron_5320_firmware *
dell latitude_7390_firmware *
dell vostro_3520_firmware *
dell inspiron_16_5630_firmware *
dell inspiron_5490_aio_firmware *
dell inspiron_7300_firmware *
dell optiplex_7070_ultra_firmware *
dell optiplex_7080_firmware *
dell inspiron_7400_firmware *
dell inspiron_24_5420_all-in-one_firmware *
dell latitude_3420_firmware *
dell inspiron_5770_firmware *
dell inspiron_3793_firmware *
dell optiplex_7090_firmware *
dell inspiron_7790_firmware *
dell latitude_7230_rugged_extreme_tablet_firmware *
dell alienware_area_51m_r2_firmware *
dell latitude_3190_firmware *
dell chengming_3991_firmware *
dell xps_13_9300_firmware *
dell alienware_x17_r1_firmware *
dell latitude_5424_rugged_firmware *
dell precision_5550_firmware *
dell inspiron_7706_2-in-1_firmware *
dell latitude_5300_2-in-1_firmware *
dell vostro_5880_firmware *
dell alienware_m15_r7_firmware *
dell inspiron_5401_aio_firmware *
dell latitude_5400_firmware *
dell latitude_5310_firmware *
dell g7_17_7790_firmware *
dell optiplex_7060_firmware *
dell vostro_3268_firmware *
dell inspiron_14_5418_firmware *
dell vostro_3583_firmware *
dell precision_3540_firmware *
dell chengming_3900_firmware *
dell latitude_3140_firmware *
dell vostro_16_5630_firmware *
dell vostro_3480_firmware *
dell xps_8950_firmware *
dell optiplex_5270_all-in-one_firmware *
dell latitude_5430_firmware *
dell inspiron_5491_aio_firmware *
dell precision_7670_firmware *
dell inspiron_3782_firmware *
dell optiplex_small_form_factor_plus_7010_firmware *
dell precision_7920_tower_firmware *
dell inspiron_14_7430_2-in-1_firmware *
dell inspiron_3670_firmware *
dell chengming_3910_firmware *
dell latitude_5285_2-in-1_firmware *
dell inspiron_16_plus_7620_firmware *
dell inspiron_3471_firmware *
dell chengming_3901_firmware *
dell vostro_5301_firmware *
dell latitude_3190_2-in-1_firmware *
dell precision_3541_firmware *
dell precision_5770_firmware *
dell g3_3579_firmware *
dell latitude_5480_firmware *
dell precision_7720_firmware *
dell optiplex_5400_firmware *
dell latitude_3500_firmware *
dell vostro_3267_firmware *
dell inspiron_24_5421_all-in-one_firmware *
dell latitude_5421_firmware *
dell inspiron_3780_firmware *
dell vostro_3671_firmware *
dell vostro_5890_firmware *
dell xps_13_7390_2-in-1_firmware *
dell optiplex_7000_oem_firmware *
dell inspiron_3521_firmware *
dell precision_3640_tower_firmware *
dell xps_15_9575_2-in-1_firmware *
dell optiplex_5490_all-in-one_firmware *
dell latitude_7310_firmware *
dell vostro_5590_firmware *
dell g15_5530_firmware *
dell alienware_area_51m_r1_firmware *
dell latitude_13_3380_firmware *
dell latitude_12_rugged_extreme_7214_firmware *
dell vostro_5310_firmware *
dell optiplex_3070_firmware *
dell chengming_3911_firmware *
dell latitude_9430_firmware *
dell latitude_7285_2-in-1_firmware *
dell precision_7530_firmware *
dell precision_5520_firmware *
dell latitude_7400_firmware *
dell wyse_5470_firmware *
dell vostro_5402_firmware *
dell vostro_3581_firmware *
dell latitude_7430_firmware *
dell alienware_m17_r3_firmware *
dell latitude_5591_firmware *
dell vostro_7500_firmware *
dell vostro_7590_firmware *
dell inspiron_3580_firmware *
dell inspiron_5490_firmware *
dell latitude_3390_2-in-1_firmware *
dell latitude_5420_rugged_firmware *
dell xps_8960_firmware *
dell latitude_5488_firmware *
dell latitude_3330_firmware *
dell vostro_3401_firmware *
dell latitude_5511_firmware *
dell precision_3530_firmware *
dell inspiron_3501_firmware *
dell g15_5510_firmware *
dell alienware_aurora_r13_firmware *
dell latitude_5590_firmware *
dell optiplex_5090_firmware *
dell optiplex_7050_firmware *
dell xps_13_7390_firmware *
dell inspiron_7391_firmware *
dell wyse_7040_thin_client_firmware *
dell vostro_3668_firmware *
dell inspiron_3511_firmware *
dell optiplex_7450_firmware *
dell inspiron_3584_firmware *
dell xps_8940_firmware *
dell inspiron_7500_firmware *
dell inspiron_15_5510_firmware *
dell optiplex_tower_plus_7010_firmware *
dell alienware_m15_r3_firmware *
dell vostro_3669_firmware *
dell inspiron_3481_firmware *
dell inspiron_5498_firmware *
dell inspiron_27_7720_all-in-one_firmware *
dell vostro_5490_firmware *
dell g15_5520_firmware *
dell inspiron_13_5330_firmware *
dell latitude_3310_firmware *
dell latitude_3301_firmware *
CVE-2023-28051

Dell Power Manager, versions 3.10 and prior, contains an Improper Access Control vulnerability. A low-privileged attacker could potentially exploit this vulnerability to elevate privileges on the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell power_manager *
CVE-2023-28052

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L 0.8 4.2

Products Affected

Vendor Product Version
dell inspiron_5310_firmware *
dell inspiron_5591_2-in-1_firmware *
dell optiplex_3090_firmware *
dell xps_17_9730_firmware *
dell optiplex_7480_all-in-one_firmware *
dell inspiron_3593_firmware *
dell inspiron_24_5410_all-in-one_firmware *
dell inspiron_5593_firmware *
dell vostro_3710_firmware *
dell latitude_7414_rugged_extreme_firmware *
dell latitude_3410_firmware *
dell latitude_7390_2-in-1_firmware *
dell inspiron_5400_firmware *
dell latitude_7210_2-in-1_firmware *
dell precision_3520_firmware *
dell latitude_3520_firmware *
dell latitude_3580_firmware *
dell xps_15_9520_firmware *
dell inspiron_5409_firmware *
dell inspiron_3020_firmware *
dell inspiron_7700_all-in-one_firmware *
dell g7_15_7500_firmware *
dell latitude_7480_firmware *
dell xps_15_9530_firmware *
dell alienware_x14_firmware *
dell latitude_3490_firmware *
dell precision_3630_tower_firmware *
dell precision_7820_tower_firmware *
dell inspiron_7591_firmware *
dell optiplex_7490_all-in-one_firmware *
dell g5_15_5590_firmware *
dell latitude_9510_firmware *
dell optiplex_5060_firmware *
dell inspiron_7610_firmware *
dell g7_15_7590_firmware *
dell precision_3430_tower_firmware *
dell alienware_x15_r1_firmware *
dell optiplex_5260_all-in-one_firmware *
dell latitude_9410_firmware *
dell precision_3240_compact_firmware *
dell precision_5530_firmware *
dell vostro_3070_firmware *
dell inspiron_5300_firmware *
dell optiplex_3050_firmware *
dell alienware_m15_r6_firmware *
dell precision_3571_firmware *
dell latitude_5491_firmware *
dell vostro_5502_firmware *
dell precision_5760_firmware *
dell inspiron_3781_firmware *
dell precision_5820_tower_firmware *
dell inspiron_7510_firmware *
dell vostro_5501_firmware *
dell latitude_7389_firmware *
dell g3_3500_firmware *
dell inspiron_7420_firmware *
dell inspiron_16_7620_2-in-1_firmware *
dell vostro_3580_firmware *
dell inspiron_7500_2-in-1_black_firmware *
dell latitude_rugged_7220_firmware *
dell inspiron_3880_firmware *
dell inspiron_3482_firmware *
dell vostro_3400_firmware *
dell inspiron_7500_2-in-1_silver_firmware *
dell latitude_7380_firmware *
dell alienware_m17_r2_firmware *
dell latitude_rugged_7330_firmware *
dell xps_17_9710_firmware *
dell optiplex_3090_ultra_firmware *
dell precision_3551_firmware *
dell alienware_x15_r2_firmware *
dell xps_15_9510_firmware *
dell g3_3779_firmware *
dell alienware_m17_r4_firmware *
dell optiplex_7070_firmware *
dell precision_7740_firmware *
dell vostro_3890_firmware *
dell xps_15_9500_firmware *
dell precision_7560_firmware *
dell precision_7760_firmware *
dell vostro_3470_firmware *
dell inspiron_5493_firmware *
dell precision_3650_tower_firmware *
dell latitude_9520_firmware *
dell latitude_rugged_5430_firmware *
dell inspiron_7506_2-in-1_firmware *
dell wyse_5470_all-in-one_firmware *
dell precision_5530_2-in-1_firmware *
dell latitude_7300_firmware *
dell latitude_3320_firmware *
dell xps_13_9380_firmware *
dell precision_3420_tower_firmware *
dell vostro_5300_firmware *
dell inspiron_3790_firmware *
dell vostro_3670_firmware *
dell inspiron_3671_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell latitude_5320_firmware *
dell xps_17_9700_firmware *
dell latitude_5290_firmware *
dell latitude_rugged_7220ex_firmware *
dell precision_3560_firmware *
dell latitude_7320_detachable_firmware *
dell latitude_3510_firmware *
dell g15_5511_firmware *
dell inspiron_7306_2-in-1_firmware *
dell optiplex_7000_firmware *
dell xps_13_9315_firmware *
dell vostro_3020_t_firmware *
dell inspiron_3470_firmware *
dell vostro_5510_firmware *
dell latitude_14_rugged_5414_firmware *
dell inspiron_3582_firmware *
dell inspiron_7000_firmware *
dell vostro_3690_firmware *
dell latitude_5510_firmware *
dell vostro_3471_firmware *
dell xps_17_9720_firmware *
dell latitude_9420_firmware *
dell precision_3450_firmware *
dell latitude_7400_2-in-1_firmware *
dell optiplex_3000_thin_client_firmware *
dell latitude_7280_firmware *
dell latitude_7290_firmware *
dell latitude_5300_firmware *
dell inspiron_5420_firmware *
dell optiplex_3000_firmware *
dell precision_5560_firmware *
dell xps_13_9310_2-in-1_firmware *
dell inspiron_3583_firmware *
dell optiplex_7071_firmware *
dell inspiron_5481_2-in-1_firmware *
dell precision_5570_firmware *
dell optiplex_7780_all-in-one_firmware *
dell vostro_5491_firmware *
dell alienware_aurora_r15_firmware *
dell inspiron_3590_firmware *
dell vostro_3420_firmware *
dell vostro_3582_firmware *
dell precision_3431_tower_firmware *
dell latitude_5530_firmware *
dell latitude_7530_firmware *
dell vostro_5591_firmware *
dell inspiron_5502_firmware *
dell optiplex_5050_firmware *
dell vostro_3481_firmware *
dell vostro_3490_firmware *
dell alienware_m15_r4_firmware *
dell inspiron_5406_2-in-1_firmware *
dell latitude_5290_2-in-1_firmware *
dell precision_3440_firmware *
dell precision_7510_firmware *
dell chengming_3980_firmware *
dell inspiron_3280_firmware *
dell xps_13_9310_firmware *
dell xps_13_9320_firmware *
dell precision_7865_tower_firmware *
dell precision_7710_firmware *
dell latitude_5580_firmware *
dell latitude_3120_firmware *
dell latitude_7410_firmware *
dell xps_13_9315_2-in-1_firmware *
dell inspiron_5598_firmware *
dell latitude_3189_firmware *
dell inspiron_7791_firmware *
dell precision_3460_small_form_factor_firmware *
dell precision_5750_firmware *
dell vostro_3681_firmware *
dell vostro_5320_firmware *
dell inspiron_5491_2-in-1_firmware *
dell vostro_7620_firmware *
dell inspiron_15_3511_firmware *
dell latitude_9330_firmware *
dell optiplex_3080_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell latitude_3590_firmware *
dell g16_7620_firmware *
dell inspiron_5402_firmware *
dell precision_7520_firmware *
dell latitude_3400_firmware *
dell latitude_5531_firmware *
dell latitude_3180_firmware *
dell g5_15_5500_firmware *
dell vostro_5620_firmware *
dell latitude_5500_firmware *
dell latitude_5330_firmware *
dell inspiron_5391_firmware *
dell inspiron_5501_firmware *
dell optiplex_5000_firmware *
dell g7_17_7700_firmware *
dell wyse_5070_firmware *
dell inspiron_5594_firmware *
dell chengming_3990_firmware *
dell inspiron_5301_firmware *
dell alienware_x17_r2_firmware *
dell precision_3660_firmware *
dell vostro_3584_firmware *
dell inspiron_3881_firmware *
dell vostro_5090_firmware *
dell optiplex_7460_all-in-one_firmware *
dell alienware_aurora_r12_firmware *
dell g3_15_3590_firmware *
dell optiplex_7090_ultra_firmware *
dell inspiron_14_plus_7420_firmware *
dell inspiron_5570_firmware *
dell precision_3550_firmware *
dell vostro_5410_firmware *
dell inspiron_7300_2-in-1_firmware *
dell optiplex_3280_all-in-one_firmware *
dell optiplex_5480_all-in-one_firmware *
dell precision_5470_firmware *
dell latitude_3530_firmware *
dell latitude_7330_firmware *
dell precision_3930_rack_firmware *
dell xps_15_7590_firmware *
dell inspiron_3490_firmware *
dell optiplex_7760_all-in-one_firmware *
dell inspiron_15_5518_firmware *
dell g5_5000_firmware *
dell precision_7540_firmware *
dell latitude_5289_firmware *
dell chengming_3988_firmware *
dell latitude_5280_firmware *
dell inspiron_5410_firmware *
dell vostro_3510_firmware *
dell xps_13_9305_firmware *
dell optiplex_7770_all-in-one_firmware *
dell inspiron_5408_firmware *
dell inspiron_3502_firmware *
dell inspiron_7590_firmware *
dell inspiron_5620_firmware *
dell latitude_7490_firmware *
dell inspiron_3493_firmware *
dell alienware_m16_firmware *
dell latitude_3480_firmware *
dell latitude_3310_2-in-1_firmware *
dell vostro_3590_firmware *
dell inspiron_7710_firmware *
dell optiplex_5250_firmware *
dell inspiron_3510_firmware *
dell latitude_5410_firmware *
dell vostro_5391_firmware *
dell optiplex_7400_firmware *
dell optiplex_7410_all-in-one_firmware *
dell latitude_3430_firmware *
dell inspiron_5401_firmware *
dell optiplex_7470_all-in-one_firmware *
dell optiplex_3050_all-in-one_firmware *
dell alienware_m15_r2_firmware *
dell latitude_5411_firmware *
dell g5_5090_firmware *
dell optiplex_3060_firmware *
dell inspiron_3581_firmware *
dell optiplex_xe3_firmware *
dell precision_3570_firmware *
dell inspiron_5590_firmware *
dell precision_5540_firmware *
dell embedded_box_pc_5000_firmware *
dell precision_7730_firmware *
dell inspiron_7501_firmware *
dell vostro_7510_firmware *
dell latitude_5490_firmware *
dell precision_5720_aio_firmware *
dell latitude_5520_firmware *
dell precision_3561_firmware *
dell inspiron_5508_firmware *
dell vostro_3881_firmware *
dell inspiron_5509_firmware *
dell inspiron_16_7630_2-in-1_firmware *
dell latitude_5521_firmware *
dell vostro_5401_firmware *
dell inspiron_3020s_firmware *
dell vostro_3500_firmware *
dell vostro_3501_firmware *
dell optiplex_5080_firmware *
dell latitude_5420_firmware *
dell alienware_aurora_r11_firmware *
dell inspiron_7490_firmware *
dell inspiron_5400_2-in-1_firmware *
dell inspiron_14_5410_firmware *
dell inspiron_3891_firmware *
dell latitude_7200_2-in-1_firmware *
dell inspiron_3910_firmware *
dell inspiron_14_5430_firmware *
dell precision_3620_tower_firmware *
dell precision_7770_firmware *
dell latitude_5288_firmware *
dell latitude_3300_firmware *
dell vostro_3667_firmware *
dell inspiron_5494_firmware *
dell vostro_3020_sff_firmware *
dell optiplex_5070_firmware *
dell inspiron_3520_firmware *
dell inspiron_3480_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_7212_rugged_extreme_tablet_firmware *
dell latitude_5501_firmware *
dell vostro_3910_firmware *
dell inspiron_5320_firmware *
dell latitude_7390_firmware *
dell vostro_3520_firmware *
dell inspiron_16_5630_firmware *
dell inspiron_5490_aio_firmware *
dell inspiron_7300_firmware *
dell optiplex_7070_ultra_firmware *
dell optiplex_7080_firmware *
dell inspiron_7400_firmware *
dell inspiron_24_5420_all-in-one_firmware *
dell latitude_3420_firmware *
dell inspiron_5770_firmware *
dell inspiron_3793_firmware *
dell optiplex_7090_firmware *
dell inspiron_7790_firmware *
dell latitude_7230_rugged_extreme_tablet_firmware *
dell alienware_area_51m_r2_firmware *
dell latitude_3190_firmware *
dell chengming_3991_firmware *
dell xps_13_9300_firmware *
dell alienware_x17_r1_firmware *
dell latitude_5424_rugged_firmware *
dell precision_5550_firmware *
dell inspiron_7706_2-in-1_firmware *
dell latitude_5300_2-in-1_firmware *
dell vostro_5880_firmware *
dell alienware_m15_r7_firmware *
dell inspiron_5401_aio_firmware *
dell latitude_5400_firmware *
dell latitude_5310_firmware *
dell g7_17_7790_firmware *
dell optiplex_7060_firmware *
dell vostro_3268_firmware *
dell inspiron_14_5418_firmware *
dell vostro_3583_firmware *
dell precision_3540_firmware *
dell chengming_3900_firmware *
dell latitude_3140_firmware *
dell vostro_16_5630_firmware *
dell vostro_3480_firmware *
dell xps_8950_firmware *
dell optiplex_5270_all-in-one_firmware *
dell latitude_5430_firmware *
dell inspiron_5491_aio_firmware *
dell precision_7670_firmware *
dell inspiron_3782_firmware *
dell optiplex_small_form_factor_plus_7010_firmware *
dell precision_7920_tower_firmware *
dell inspiron_14_7430_2-in-1_firmware *
dell inspiron_3670_firmware *
dell chengming_3910_firmware *
dell latitude_5285_2-in-1_firmware *
dell inspiron_16_plus_7620_firmware *
dell inspiron_3471_firmware *
dell chengming_3901_firmware *
dell vostro_5301_firmware *
dell latitude_3190_2-in-1_firmware *
dell precision_3541_firmware *
dell precision_5770_firmware *
dell g3_3579_firmware *
dell latitude_5480_firmware *
dell precision_7720_firmware *
dell optiplex_5400_firmware *
dell latitude_3500_firmware *
dell vostro_3267_firmware *
dell inspiron_24_5421_all-in-one_firmware *
dell latitude_5421_firmware *
dell inspiron_3780_firmware *
dell vostro_3671_firmware *
dell vostro_5890_firmware *
dell xps_13_7390_2-in-1_firmware *
dell optiplex_7000_oem_firmware *
dell inspiron_3521_firmware *
dell precision_3640_tower_firmware *
dell xps_15_9575_2-in-1_firmware *
dell optiplex_5490_all-in-one_firmware *
dell latitude_7310_firmware *
dell vostro_5590_firmware *
dell g15_5530_firmware *
dell alienware_area_51m_r1_firmware *
dell latitude_13_3380_firmware *
dell latitude_12_rugged_extreme_7214_firmware *
dell vostro_5310_firmware *
dell optiplex_3070_firmware *
dell chengming_3911_firmware *
dell latitude_9430_firmware *
dell latitude_7285_2-in-1_firmware *
dell precision_7530_firmware *
dell precision_5520_firmware *
dell latitude_7400_firmware *
dell wyse_5470_firmware *
dell vostro_5402_firmware *
dell vostro_3581_firmware *
dell latitude_7430_firmware *
dell alienware_m17_r3_firmware *
dell latitude_5591_firmware *
dell vostro_7500_firmware *
dell vostro_7590_firmware *
dell inspiron_3580_firmware *
dell inspiron_5490_firmware *
dell latitude_3390_2-in-1_firmware *
dell latitude_5420_rugged_firmware *
dell xps_8960_firmware *
dell latitude_5488_firmware *
dell latitude_3330_firmware *
dell vostro_3401_firmware *
dell latitude_5511_firmware *
dell precision_3530_firmware *
dell inspiron_3501_firmware *
dell g15_5510_firmware *
dell alienware_aurora_r13_firmware *
dell latitude_5590_firmware *
dell optiplex_5090_firmware *
dell optiplex_7050_firmware *
dell xps_13_7390_firmware *
dell inspiron_7391_firmware *
dell wyse_7040_thin_client_firmware *
dell vostro_3668_firmware *
dell inspiron_3511_firmware *
dell optiplex_7450_firmware *
dell inspiron_3584_firmware *
dell xps_8940_firmware *
dell inspiron_7500_firmware *
dell inspiron_15_5510_firmware *
dell optiplex_tower_plus_7010_firmware *
dell alienware_m15_r3_firmware *
dell vostro_3669_firmware *
dell inspiron_3481_firmware *
dell inspiron_5498_firmware *
dell inspiron_27_7720_all-in-one_firmware *
dell vostro_5490_firmware *
dell g15_5520_firmware *
dell inspiron_13_5330_firmware *
dell latitude_3310_firmware *
dell latitude_3301_firmware *
CVE-2023-28053

Dell NetWorker Virtual Edition versions 19.8 and below contain the use of deprecated cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to some information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
security_alert@emc.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
dell emc_networker *
CVE-2023-28054

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L 0.8 4.2

Products Affected

Vendor Product Version
dell inspiron_5310_firmware *
dell inspiron_5591_2-in-1_firmware *
dell optiplex_3090_firmware *
dell xps_17_9730_firmware *
dell optiplex_7480_all-in-one_firmware *
dell inspiron_3593_firmware *
dell inspiron_24_5410_all-in-one_firmware *
dell inspiron_5593_firmware *
dell vostro_3710_firmware *
dell latitude_7414_rugged_extreme_firmware *
dell latitude_3410_firmware *
dell latitude_7390_2-in-1_firmware *
dell inspiron_5400_firmware *
dell latitude_7210_2-in-1_firmware *
dell precision_3520_firmware *
dell latitude_3520_firmware *
dell latitude_3580_firmware *
dell xps_15_9520_firmware *
dell inspiron_5409_firmware *
dell inspiron_3020_firmware *
dell inspiron_7700_all-in-one_firmware *
dell g7_15_7500_firmware *
dell latitude_7480_firmware *
dell xps_15_9530_firmware *
dell alienware_x14_firmware *
dell latitude_3490_firmware *
dell precision_3630_tower_firmware *
dell precision_7820_tower_firmware *
dell inspiron_7591_firmware *
dell optiplex_7490_all-in-one_firmware *
dell g5_15_5590_firmware *
dell latitude_9510_firmware *
dell optiplex_5060_firmware *
dell inspiron_7610_firmware *
dell g7_15_7590_firmware *
dell precision_3430_tower_firmware *
dell alienware_x15_r1_firmware *
dell optiplex_5260_all-in-one_firmware *
dell latitude_9410_firmware *
dell precision_3240_compact_firmware *
dell precision_5530_firmware *
dell vostro_3070_firmware *
dell inspiron_5300_firmware *
dell optiplex_3050_firmware *
dell alienware_m15_r6_firmware *
dell precision_3571_firmware *
dell latitude_5491_firmware *
dell vostro_5502_firmware *
dell precision_5760_firmware *
dell inspiron_3781_firmware *
dell precision_5820_tower_firmware *
dell inspiron_7510_firmware *
dell vostro_5501_firmware *
dell latitude_7389_firmware *
dell g3_3500_firmware *
dell inspiron_7420_firmware *
dell inspiron_16_7620_2-in-1_firmware *
dell vostro_3580_firmware *
dell inspiron_7500_2-in-1_black_firmware *
dell latitude_rugged_7220_firmware *
dell inspiron_3880_firmware *
dell inspiron_3482_firmware *
dell vostro_3400_firmware *
dell inspiron_7500_2-in-1_silver_firmware *
dell latitude_7380_firmware *
dell alienware_m17_r2_firmware *
dell latitude_rugged_7330_firmware *
dell xps_17_9710_firmware *
dell optiplex_3090_ultra_firmware *
dell precision_3551_firmware *
dell alienware_x15_r2_firmware *
dell xps_15_9510_firmware *
dell g3_3779_firmware *
dell alienware_m17_r4_firmware *
dell optiplex_7070_firmware *
dell precision_7740_firmware *
dell vostro_3890_firmware *
dell xps_15_9500_firmware *
dell precision_7560_firmware *
dell precision_7760_firmware *
dell vostro_3470_firmware *
dell inspiron_5493_firmware *
dell precision_3650_tower_firmware *
dell latitude_9520_firmware *
dell latitude_rugged_5430_firmware *
dell inspiron_7506_2-in-1_firmware *
dell wyse_5470_all-in-one_firmware *
dell precision_5530_2-in-1_firmware *
dell latitude_7300_firmware *
dell latitude_3320_firmware *
dell xps_13_9380_firmware *
dell precision_3420_tower_firmware *
dell vostro_5300_firmware *
dell inspiron_3790_firmware *
dell vostro_3670_firmware *
dell inspiron_3671_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell latitude_5320_firmware *
dell xps_17_9700_firmware *
dell latitude_5290_firmware *
dell latitude_rugged_7220ex_firmware *
dell precision_3560_firmware *
dell latitude_7320_detachable_firmware *
dell latitude_3510_firmware *
dell g15_5511_firmware *
dell inspiron_7306_2-in-1_firmware *
dell optiplex_7000_firmware *
dell xps_13_9315_firmware *
dell vostro_3020_t_firmware *
dell inspiron_3470_firmware *
dell vostro_5510_firmware *
dell latitude_14_rugged_5414_firmware *
dell inspiron_3582_firmware *
dell inspiron_7000_firmware *
dell vostro_3690_firmware *
dell latitude_5510_firmware *
dell vostro_3471_firmware *
dell xps_17_9720_firmware *
dell latitude_9420_firmware *
dell precision_3450_firmware *
dell latitude_7400_2-in-1_firmware *
dell optiplex_3000_thin_client_firmware *
dell latitude_7280_firmware *
dell latitude_7290_firmware *
dell latitude_5300_firmware *
dell inspiron_5420_firmware *
dell optiplex_3000_firmware *
dell precision_5560_firmware *
dell xps_13_9310_2-in-1_firmware *
dell inspiron_3583_firmware *
dell optiplex_7071_firmware *
dell inspiron_5481_2-in-1_firmware *
dell precision_5570_firmware *
dell optiplex_7780_all-in-one_firmware *
dell vostro_5491_firmware *
dell alienware_aurora_r15_firmware *
dell inspiron_3590_firmware *
dell vostro_3420_firmware *
dell vostro_3582_firmware *
dell precision_3431_tower_firmware *
dell latitude_5530_firmware *
dell latitude_7530_firmware *
dell vostro_5591_firmware *
dell inspiron_5502_firmware *
dell optiplex_5050_firmware *
dell vostro_3481_firmware *
dell vostro_3490_firmware *
dell alienware_m15_r4_firmware *
dell inspiron_5406_2-in-1_firmware *
dell latitude_5290_2-in-1_firmware *
dell precision_3440_firmware *
dell precision_7510_firmware *
dell chengming_3980_firmware *
dell inspiron_3280_firmware *
dell xps_13_9310_firmware *
dell xps_13_9320_firmware *
dell precision_7865_tower_firmware *
dell precision_7710_firmware *
dell latitude_5580_firmware *
dell latitude_3120_firmware *
dell latitude_7410_firmware *
dell xps_13_9315_2-in-1_firmware *
dell inspiron_5598_firmware *
dell latitude_3189_firmware *
dell inspiron_7791_firmware *
dell precision_3460_small_form_factor_firmware *
dell precision_5750_firmware *
dell vostro_3681_firmware *
dell vostro_5320_firmware *
dell inspiron_5491_2-in-1_firmware *
dell vostro_7620_firmware *
dell inspiron_15_3511_firmware *
dell latitude_9330_firmware *
dell optiplex_3080_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell latitude_3590_firmware *
dell g16_7620_firmware *
dell inspiron_5402_firmware *
dell precision_7520_firmware *
dell latitude_3400_firmware *
dell latitude_5531_firmware *
dell latitude_3180_firmware *
dell g5_15_5500_firmware *
dell vostro_5620_firmware *
dell latitude_5500_firmware *
dell latitude_5330_firmware *
dell inspiron_5391_firmware *
dell inspiron_5501_firmware *
dell optiplex_5000_firmware *
dell g7_17_7700_firmware *
dell wyse_5070_firmware *
dell inspiron_5594_firmware *
dell chengming_3990_firmware *
dell inspiron_5301_firmware *
dell alienware_x17_r2_firmware *
dell precision_3660_firmware *
dell vostro_3584_firmware *
dell inspiron_3881_firmware *
dell vostro_5090_firmware *
dell optiplex_7460_all-in-one_firmware *
dell alienware_aurora_r12_firmware *
dell g3_15_3590_firmware *
dell optiplex_7090_ultra_firmware *
dell inspiron_14_plus_7420_firmware *
dell inspiron_5570_firmware *
dell precision_3550_firmware *
dell vostro_5410_firmware *
dell inspiron_7300_2-in-1_firmware *
dell optiplex_3280_all-in-one_firmware *
dell optiplex_5480_all-in-one_firmware *
dell precision_5470_firmware *
dell latitude_3530_firmware *
dell latitude_7330_firmware *
dell precision_3930_rack_firmware *
dell xps_15_7590_firmware *
dell inspiron_3490_firmware *
dell optiplex_7760_all-in-one_firmware *
dell inspiron_15_5518_firmware *
dell g5_5000_firmware *
dell precision_7540_firmware *
dell latitude_5289_firmware *
dell chengming_3988_firmware *
dell latitude_5280_firmware *
dell inspiron_5410_firmware *
dell vostro_3510_firmware *
dell xps_13_9305_firmware *
dell optiplex_7770_all-in-one_firmware *
dell inspiron_5408_firmware *
dell inspiron_3502_firmware *
dell inspiron_7590_firmware *
dell inspiron_5620_firmware *
dell latitude_7490_firmware *
dell inspiron_3493_firmware *
dell alienware_m16_firmware *
dell latitude_3480_firmware *
dell latitude_3310_2-in-1_firmware *
dell vostro_3590_firmware *
dell inspiron_7710_firmware *
dell optiplex_5250_firmware *
dell inspiron_3510_firmware *
dell latitude_5410_firmware *
dell vostro_5391_firmware *
dell optiplex_7400_firmware *
dell optiplex_7410_all-in-one_firmware *
dell latitude_3430_firmware *
dell inspiron_5401_firmware *
dell optiplex_7470_all-in-one_firmware *
dell optiplex_3050_all-in-one_firmware *
dell alienware_m15_r2_firmware *
dell latitude_5411_firmware *
dell g5_5090_firmware *
dell optiplex_3060_firmware *
dell inspiron_3581_firmware *
dell optiplex_xe3_firmware *
dell precision_3570_firmware *
dell inspiron_5590_firmware *
dell precision_5540_firmware *
dell embedded_box_pc_5000_firmware *
dell precision_7730_firmware *
dell inspiron_7501_firmware *
dell vostro_7510_firmware *
dell latitude_5490_firmware *
dell precision_5720_aio_firmware *
dell latitude_5520_firmware *
dell precision_3561_firmware *
dell inspiron_5508_firmware *
dell vostro_3881_firmware *
dell inspiron_5509_firmware *
dell inspiron_16_7630_2-in-1_firmware *
dell latitude_5521_firmware *
dell vostro_5401_firmware *
dell inspiron_3020s_firmware *
dell vostro_3500_firmware *
dell vostro_3501_firmware *
dell optiplex_5080_firmware *
dell latitude_5420_firmware *
dell alienware_aurora_r11_firmware *
dell inspiron_7490_firmware *
dell inspiron_5400_2-in-1_firmware *
dell inspiron_14_5410_firmware *
dell inspiron_3891_firmware *
dell latitude_7200_2-in-1_firmware *
dell inspiron_3910_firmware *
dell inspiron_14_5430_firmware *
dell precision_3620_tower_firmware *
dell precision_7770_firmware *
dell latitude_5288_firmware *
dell latitude_3300_firmware *
dell vostro_3667_firmware *
dell inspiron_5494_firmware *
dell vostro_3020_sff_firmware *
dell optiplex_5070_firmware *
dell inspiron_3520_firmware *
dell inspiron_3480_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_7212_rugged_extreme_tablet_firmware *
dell latitude_5501_firmware *
dell vostro_3910_firmware *
dell inspiron_5320_firmware *
dell latitude_7390_firmware *
dell vostro_3520_firmware *
dell inspiron_16_5630_firmware *
dell inspiron_5490_aio_firmware *
dell inspiron_7300_firmware *
dell optiplex_7070_ultra_firmware *
dell optiplex_7080_firmware *
dell inspiron_7400_firmware *
dell inspiron_24_5420_all-in-one_firmware *
dell latitude_3420_firmware *
dell inspiron_5770_firmware *
dell inspiron_3793_firmware *
dell optiplex_7090_firmware *
dell inspiron_7790_firmware *
dell latitude_7230_rugged_extreme_tablet_firmware *
dell alienware_area_51m_r2_firmware *
dell latitude_3190_firmware *
dell chengming_3991_firmware *
dell xps_13_9300_firmware *
dell alienware_x17_r1_firmware *
dell latitude_5424_rugged_firmware *
dell precision_5550_firmware *
dell inspiron_7706_2-in-1_firmware *
dell latitude_5300_2-in-1_firmware *
dell vostro_5880_firmware *
dell alienware_m15_r7_firmware *
dell inspiron_5401_aio_firmware *
dell latitude_5400_firmware *
dell latitude_5310_firmware *
dell g7_17_7790_firmware *
dell optiplex_7060_firmware *
dell vostro_3268_firmware *
dell inspiron_14_5418_firmware *
dell vostro_3583_firmware *
dell precision_3540_firmware *
dell chengming_3900_firmware *
dell latitude_3140_firmware *
dell vostro_16_5630_firmware *
dell vostro_3480_firmware *
dell xps_8950_firmware *
dell optiplex_5270_all-in-one_firmware *
dell latitude_5430_firmware *
dell inspiron_5491_aio_firmware *
dell precision_7670_firmware *
dell inspiron_3782_firmware *
dell optiplex_small_form_factor_plus_7010_firmware *
dell precision_7920_tower_firmware *
dell inspiron_14_7430_2-in-1_firmware *
dell inspiron_3670_firmware *
dell chengming_3910_firmware *
dell latitude_5285_2-in-1_firmware *
dell inspiron_16_plus_7620_firmware *
dell inspiron_3471_firmware *
dell chengming_3901_firmware *
dell vostro_5301_firmware *
dell latitude_3190_2-in-1_firmware *
dell precision_3541_firmware *
dell precision_5770_firmware *
dell g3_3579_firmware *
dell latitude_5480_firmware *
dell precision_7720_firmware *
dell optiplex_5400_firmware *
dell latitude_3500_firmware *
dell vostro_3267_firmware *
dell inspiron_24_5421_all-in-one_firmware *
dell latitude_5421_firmware *
dell inspiron_3780_firmware *
dell vostro_3671_firmware *
dell vostro_5890_firmware *
dell xps_13_7390_2-in-1_firmware *
dell optiplex_7000_oem_firmware *
dell inspiron_3521_firmware *
dell precision_3640_tower_firmware *
dell xps_15_9575_2-in-1_firmware *
dell optiplex_5490_all-in-one_firmware *
dell latitude_7310_firmware *
dell vostro_5590_firmware *
dell g15_5530_firmware *
dell alienware_area_51m_r1_firmware *
dell latitude_13_3380_firmware *
dell latitude_12_rugged_extreme_7214_firmware *
dell vostro_5310_firmware *
dell optiplex_3070_firmware *
dell chengming_3911_firmware *
dell latitude_9430_firmware *
dell latitude_7285_2-in-1_firmware *
dell precision_7530_firmware *
dell precision_5520_firmware *
dell latitude_7400_firmware *
dell wyse_5470_firmware *
dell vostro_5402_firmware *
dell vostro_3581_firmware *
dell latitude_7430_firmware *
dell alienware_m17_r3_firmware *
dell latitude_5591_firmware *
dell vostro_7500_firmware *
dell vostro_7590_firmware *
dell inspiron_3580_firmware *
dell inspiron_5490_firmware *
dell latitude_3390_2-in-1_firmware *
dell latitude_5420_rugged_firmware *
dell xps_8960_firmware *
dell latitude_5488_firmware *
dell latitude_3330_firmware *
dell vostro_3401_firmware *
dell latitude_5511_firmware *
dell precision_3530_firmware *
dell inspiron_3501_firmware *
dell g15_5510_firmware *
dell alienware_aurora_r13_firmware *
dell latitude_5590_firmware *
dell optiplex_5090_firmware *
dell optiplex_7050_firmware *
dell xps_13_7390_firmware *
dell inspiron_7391_firmware *
dell wyse_7040_thin_client_firmware *
dell vostro_3668_firmware *
dell inspiron_3511_firmware *
dell optiplex_7450_firmware *
dell inspiron_3584_firmware *
dell xps_8940_firmware *
dell inspiron_7500_firmware *
dell inspiron_15_5510_firmware *
dell optiplex_tower_plus_7010_firmware *
dell alienware_m15_r3_firmware *
dell vostro_3669_firmware *
dell inspiron_3481_firmware *
dell inspiron_5498_firmware *
dell inspiron_27_7720_all-in-one_firmware *
dell vostro_5490_firmware *
dell g15_5520_firmware *
dell inspiron_13_5330_firmware *
dell latitude_3310_firmware *
dell latitude_3301_firmware *
CVE-2023-28055

Dell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. An unauthenticated attacker within the same network could potentially exploit this by manipulating a command leading to gain of complete access to the server file further resulting in information leaks, denial of service, and arbitrary code execution. Dell recommends customers to upgrade at the earliest opportunity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
dell networker *
dell networker 19.7.1
CVE-2023-28056

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L 0.8 4.2

Products Affected

Vendor Product Version
dell inspiron_5310_firmware *
dell inspiron_5591_2-in-1_firmware *
dell optiplex_3090_firmware *
dell xps_17_9730_firmware *
dell optiplex_7480_all-in-one_firmware *
dell inspiron_3593_firmware *
dell inspiron_24_5410_all-in-one_firmware *
dell inspiron_5593_firmware *
dell vostro_3710_firmware *
dell latitude_7414_rugged_extreme_firmware *
dell latitude_3410_firmware *
dell latitude_7390_2-in-1_firmware *
dell inspiron_5400_firmware *
dell latitude_7210_2-in-1_firmware *
dell precision_3520_firmware *
dell latitude_3520_firmware *
dell latitude_3580_firmware *
dell xps_15_9520_firmware *
dell inspiron_5409_firmware *
dell inspiron_3020_firmware *
dell inspiron_7700_all-in-one_firmware *
dell g7_15_7500_firmware *
dell latitude_7480_firmware *
dell xps_15_9530_firmware *
dell alienware_x14_firmware *
dell latitude_3490_firmware *
dell precision_3630_tower_firmware *
dell precision_7820_tower_firmware *
dell inspiron_7591_firmware *
dell optiplex_7490_all-in-one_firmware *
dell g5_15_5590_firmware *
dell latitude_9510_firmware *
dell optiplex_5060_firmware *
dell inspiron_7610_firmware *
dell g7_15_7590_firmware *
dell precision_3430_tower_firmware *
dell alienware_x15_r1_firmware *
dell optiplex_5260_all-in-one_firmware *
dell latitude_9410_firmware *
dell precision_3240_compact_firmware *
dell precision_5530_firmware *
dell vostro_3070_firmware *
dell inspiron_5300_firmware *
dell optiplex_3050_firmware *
dell alienware_m15_r6_firmware *
dell precision_3571_firmware *
dell latitude_5491_firmware *
dell vostro_5502_firmware *
dell precision_5760_firmware *
dell inspiron_3781_firmware *
dell precision_5820_tower_firmware *
dell inspiron_7510_firmware *
dell vostro_5501_firmware *
dell latitude_7389_firmware *
dell g3_3500_firmware *
dell inspiron_7420_firmware *
dell inspiron_16_7620_2-in-1_firmware *
dell vostro_3580_firmware *
dell inspiron_7500_2-in-1_black_firmware *
dell latitude_rugged_7220_firmware *
dell inspiron_3880_firmware *
dell inspiron_3482_firmware *
dell vostro_3400_firmware *
dell inspiron_7500_2-in-1_silver_firmware *
dell latitude_7380_firmware *
dell alienware_m17_r2_firmware *
dell latitude_rugged_7330_firmware *
dell xps_17_9710_firmware *
dell optiplex_3090_ultra_firmware *
dell precision_3551_firmware *
dell alienware_x15_r2_firmware *
dell xps_15_9510_firmware *
dell g3_3779_firmware *
dell alienware_m17_r4_firmware *
dell optiplex_7070_firmware *
dell precision_7740_firmware *
dell vostro_3890_firmware *
dell xps_15_9500_firmware *
dell precision_7560_firmware *
dell precision_7760_firmware *
dell vostro_3470_firmware *
dell inspiron_5493_firmware *
dell precision_3650_tower_firmware *
dell latitude_9520_firmware *
dell latitude_rugged_5430_firmware *
dell inspiron_7506_2-in-1_firmware *
dell wyse_5470_all-in-one_firmware *
dell precision_5530_2-in-1_firmware *
dell latitude_7300_firmware *
dell latitude_3320_firmware *
dell xps_13_9380_firmware *
dell precision_3420_tower_firmware *
dell vostro_5300_firmware *
dell inspiron_3790_firmware *
dell vostro_3670_firmware *
dell inspiron_3671_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell latitude_5320_firmware *
dell xps_17_9700_firmware *
dell latitude_5290_firmware *
dell latitude_rugged_7220ex_firmware *
dell precision_3560_firmware *
dell latitude_7320_detachable_firmware *
dell latitude_3510_firmware *
dell g15_5511_firmware *
dell inspiron_7306_2-in-1_firmware *
dell optiplex_7000_firmware *
dell xps_13_9315_firmware *
dell vostro_3020_t_firmware *
dell inspiron_3470_firmware *
dell vostro_5510_firmware *
dell latitude_14_rugged_5414_firmware *
dell inspiron_3582_firmware *
dell inspiron_7000_firmware *
dell vostro_3690_firmware *
dell latitude_5510_firmware *
dell vostro_3471_firmware *
dell xps_17_9720_firmware *
dell latitude_9420_firmware *
dell precision_3450_firmware *
dell latitude_7400_2-in-1_firmware *
dell optiplex_3000_thin_client_firmware *
dell latitude_7280_firmware *
dell latitude_7290_firmware *
dell latitude_5300_firmware *
dell inspiron_5420_firmware *
dell optiplex_3000_firmware *
dell precision_5560_firmware *
dell xps_13_9310_2-in-1_firmware *
dell inspiron_3583_firmware *
dell optiplex_7071_firmware *
dell inspiron_5481_2-in-1_firmware *
dell precision_5570_firmware *
dell optiplex_7780_all-in-one_firmware *
dell vostro_5491_firmware *
dell alienware_aurora_r15_firmware *
dell inspiron_3590_firmware *
dell vostro_3420_firmware *
dell vostro_3582_firmware *
dell precision_3431_tower_firmware *
dell latitude_5530_firmware *
dell latitude_7530_firmware *
dell vostro_5591_firmware *
dell inspiron_5502_firmware *
dell optiplex_5050_firmware *
dell vostro_3481_firmware *
dell vostro_3490_firmware *
dell alienware_m15_r4_firmware *
dell inspiron_5406_2-in-1_firmware *
dell latitude_5290_2-in-1_firmware *
dell precision_3440_firmware *
dell precision_7510_firmware *
dell chengming_3980_firmware *
dell inspiron_3280_firmware *
dell xps_13_9310_firmware *
dell xps_13_9320_firmware *
dell precision_7865_tower_firmware *
dell precision_7710_firmware *
dell latitude_5580_firmware *
dell latitude_3120_firmware *
dell latitude_7410_firmware *
dell xps_13_9315_2-in-1_firmware *
dell inspiron_5598_firmware *
dell latitude_3189_firmware *
dell inspiron_7791_firmware *
dell precision_3460_small_form_factor_firmware *
dell precision_5750_firmware *
dell vostro_3681_firmware *
dell vostro_5320_firmware *
dell inspiron_5491_2-in-1_firmware *
dell vostro_7620_firmware *
dell inspiron_15_3511_firmware *
dell latitude_9330_firmware *
dell optiplex_3080_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell latitude_3590_firmware *
dell g16_7620_firmware *
dell inspiron_5402_firmware *
dell precision_7520_firmware *
dell latitude_3400_firmware *
dell latitude_5531_firmware *
dell latitude_3180_firmware *
dell g5_15_5500_firmware *
dell vostro_5620_firmware *
dell latitude_5500_firmware *
dell latitude_5330_firmware *
dell inspiron_5391_firmware *
dell inspiron_5501_firmware *
dell optiplex_5000_firmware *
dell g7_17_7700_firmware *
dell wyse_5070_firmware *
dell inspiron_5594_firmware *
dell chengming_3990_firmware *
dell inspiron_5301_firmware *
dell alienware_x17_r2_firmware *
dell precision_3660_firmware *
dell vostro_3584_firmware *
dell inspiron_3881_firmware *
dell vostro_5090_firmware *
dell optiplex_7460_all-in-one_firmware *
dell alienware_aurora_r12_firmware *
dell g3_15_3590_firmware *
dell optiplex_7090_ultra_firmware *
dell inspiron_14_plus_7420_firmware *
dell inspiron_5570_firmware *
dell precision_3550_firmware *
dell vostro_5410_firmware *
dell inspiron_7300_2-in-1_firmware *
dell optiplex_3280_all-in-one_firmware *
dell optiplex_5480_all-in-one_firmware *
dell precision_5470_firmware *
dell latitude_3530_firmware *
dell latitude_7330_firmware *
dell precision_3930_rack_firmware *
dell xps_15_7590_firmware *
dell inspiron_3490_firmware *
dell optiplex_7760_all-in-one_firmware *
dell inspiron_15_5518_firmware *
dell g5_5000_firmware *
dell precision_7540_firmware *
dell latitude_5289_firmware *
dell chengming_3988_firmware *
dell latitude_5280_firmware *
dell inspiron_5410_firmware *
dell vostro_3510_firmware *
dell xps_13_9305_firmware *
dell optiplex_7770_all-in-one_firmware *
dell inspiron_5408_firmware *
dell inspiron_3502_firmware *
dell inspiron_7590_firmware *
dell inspiron_5620_firmware *
dell latitude_7490_firmware *
dell inspiron_3493_firmware *
dell alienware_m16_firmware *
dell latitude_3480_firmware *
dell latitude_3310_2-in-1_firmware *
dell vostro_3590_firmware *
dell inspiron_7710_firmware *
dell optiplex_5250_firmware *
dell inspiron_3510_firmware *
dell latitude_5410_firmware *
dell vostro_5391_firmware *
dell optiplex_7400_firmware *
dell optiplex_7410_all-in-one_firmware *
dell latitude_3430_firmware *
dell inspiron_5401_firmware *
dell optiplex_7470_all-in-one_firmware *
dell optiplex_3050_all-in-one_firmware *
dell alienware_m15_r2_firmware *
dell latitude_5411_firmware *
dell g5_5090_firmware *
dell optiplex_3060_firmware *
dell inspiron_3581_firmware *
dell optiplex_xe3_firmware *
dell precision_3570_firmware *
dell inspiron_5590_firmware *
dell precision_5540_firmware *
dell embedded_box_pc_5000_firmware *
dell precision_7730_firmware *
dell inspiron_7501_firmware *
dell vostro_7510_firmware *
dell latitude_5490_firmware *
dell precision_5720_aio_firmware *
dell latitude_5520_firmware *
dell precision_3561_firmware *
dell inspiron_5508_firmware *
dell vostro_3881_firmware *
dell inspiron_5509_firmware *
dell inspiron_16_7630_2-in-1_firmware *
dell latitude_5521_firmware *
dell vostro_5401_firmware *
dell inspiron_3020s_firmware *
dell vostro_3500_firmware *
dell vostro_3501_firmware *
dell optiplex_5080_firmware *
dell latitude_5420_firmware *
dell alienware_aurora_r11_firmware *
dell inspiron_7490_firmware *
dell inspiron_5400_2-in-1_firmware *
dell inspiron_14_5410_firmware *
dell inspiron_3891_firmware *
dell latitude_7200_2-in-1_firmware *
dell inspiron_3910_firmware *
dell inspiron_14_5430_firmware *
dell precision_3620_tower_firmware *
dell precision_7770_firmware *
dell latitude_5288_firmware *
dell latitude_3300_firmware *
dell vostro_3667_firmware *
dell inspiron_5494_firmware *
dell vostro_3020_sff_firmware *
dell optiplex_5070_firmware *
dell inspiron_3520_firmware *
dell inspiron_3480_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_7212_rugged_extreme_tablet_firmware *
dell latitude_5501_firmware *
dell vostro_3910_firmware *
dell inspiron_5320_firmware *
dell latitude_7390_firmware *
dell vostro_3520_firmware *
dell inspiron_16_5630_firmware *
dell inspiron_5490_aio_firmware *
dell inspiron_7300_firmware *
dell optiplex_7070_ultra_firmware *
dell optiplex_7080_firmware *
dell inspiron_7400_firmware *
dell inspiron_24_5420_all-in-one_firmware *
dell latitude_3420_firmware *
dell inspiron_5770_firmware *
dell inspiron_3793_firmware *
dell optiplex_7090_firmware *
dell inspiron_7790_firmware *
dell latitude_7230_rugged_extreme_tablet_firmware *
dell alienware_area_51m_r2_firmware *
dell latitude_3190_firmware *
dell chengming_3991_firmware *
dell xps_13_9300_firmware *
dell alienware_x17_r1_firmware *
dell latitude_5424_rugged_firmware *
dell precision_5550_firmware *
dell inspiron_7706_2-in-1_firmware *
dell latitude_5300_2-in-1_firmware *
dell vostro_5880_firmware *
dell alienware_m15_r7_firmware *
dell inspiron_5401_aio_firmware *
dell latitude_5400_firmware *
dell latitude_5310_firmware *
dell g7_17_7790_firmware *
dell optiplex_7060_firmware *
dell vostro_3268_firmware *
dell inspiron_14_5418_firmware *
dell vostro_3583_firmware *
dell precision_3540_firmware *
dell chengming_3900_firmware *
dell latitude_3140_firmware *
dell vostro_16_5630_firmware *
dell vostro_3480_firmware *
dell xps_8950_firmware *
dell optiplex_5270_all-in-one_firmware *
dell latitude_5430_firmware *
dell inspiron_5491_aio_firmware *
dell precision_7670_firmware *
dell inspiron_3782_firmware *
dell optiplex_small_form_factor_plus_7010_firmware *
dell precision_7920_tower_firmware *
dell inspiron_14_7430_2-in-1_firmware *
dell inspiron_3670_firmware *
dell chengming_3910_firmware *
dell latitude_5285_2-in-1_firmware *
dell inspiron_16_plus_7620_firmware *
dell inspiron_3471_firmware *
dell chengming_3901_firmware *
dell vostro_5301_firmware *
dell latitude_3190_2-in-1_firmware *
dell precision_3541_firmware *
dell precision_5770_firmware *
dell g3_3579_firmware *
dell latitude_5480_firmware *
dell precision_7720_firmware *
dell optiplex_5400_firmware *
dell latitude_3500_firmware *
dell vostro_3267_firmware *
dell inspiron_24_5421_all-in-one_firmware *
dell latitude_5421_firmware *
dell inspiron_3780_firmware *
dell vostro_3671_firmware *
dell vostro_5890_firmware *
dell xps_13_7390_2-in-1_firmware *
dell optiplex_7000_oem_firmware *
dell inspiron_3521_firmware *
dell precision_3640_tower_firmware *
dell xps_15_9575_2-in-1_firmware *
dell optiplex_5490_all-in-one_firmware *
dell latitude_7310_firmware *
dell vostro_5590_firmware *
dell g15_5530_firmware *
dell alienware_area_51m_r1_firmware *
dell latitude_13_3380_firmware *
dell latitude_12_rugged_extreme_7214_firmware *
dell vostro_5310_firmware *
dell optiplex_3070_firmware *
dell chengming_3911_firmware *
dell latitude_9430_firmware *
dell latitude_7285_2-in-1_firmware *
dell precision_7530_firmware *
dell precision_5520_firmware *
dell latitude_7400_firmware *
dell wyse_5470_firmware *
dell vostro_5402_firmware *
dell vostro_3581_firmware *
dell latitude_7430_firmware *
dell alienware_m17_r3_firmware *
dell latitude_5591_firmware *
dell vostro_7500_firmware *
dell vostro_7590_firmware *
dell inspiron_3580_firmware *
dell inspiron_5490_firmware *
dell latitude_3390_2-in-1_firmware *
dell latitude_5420_rugged_firmware *
dell xps_8960_firmware *
dell latitude_5488_firmware *
dell latitude_3330_firmware *
dell vostro_3401_firmware *
dell latitude_5511_firmware *
dell precision_3530_firmware *
dell inspiron_3501_firmware *
dell g15_5510_firmware *
dell alienware_aurora_r13_firmware *
dell latitude_5590_firmware *
dell optiplex_5090_firmware *
dell optiplex_7050_firmware *
dell xps_13_7390_firmware *
dell inspiron_7391_firmware *
dell wyse_7040_thin_client_firmware *
dell vostro_3668_firmware *
dell inspiron_3511_firmware *
dell optiplex_7450_firmware *
dell inspiron_3584_firmware *
dell xps_8940_firmware *
dell inspiron_7500_firmware *
dell inspiron_15_5510_firmware *
dell optiplex_tower_plus_7010_firmware *
dell alienware_m15_r3_firmware *
dell vostro_3669_firmware *
dell inspiron_3481_firmware *
dell inspiron_5498_firmware *
dell inspiron_27_7720_all-in-one_firmware *
dell vostro_5490_firmware *
dell g15_5520_firmware *
dell inspiron_13_5330_firmware *
dell latitude_3310_firmware *
dell latitude_3301_firmware *
CVE-2023-28058

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L 0.8 4.2

Products Affected

Vendor Product Version
dell inspiron_5310_firmware *
dell inspiron_5591_2-in-1_firmware *
dell optiplex_3090_firmware *
dell xps_17_9730_firmware *
dell optiplex_7480_all-in-one_firmware *
dell inspiron_3593_firmware *
dell inspiron_24_5410_all-in-one_firmware *
dell inspiron_5593_firmware *
dell vostro_3710_firmware *
dell latitude_7414_rugged_extreme_firmware *
dell latitude_3410_firmware *
dell latitude_7390_2-in-1_firmware *
dell inspiron_5400_firmware *
dell latitude_7210_2-in-1_firmware *
dell precision_3520_firmware *
dell latitude_3520_firmware *
dell latitude_3580_firmware *
dell xps_15_9520_firmware *
dell inspiron_5409_firmware *
dell inspiron_3020_firmware *
dell inspiron_7700_all-in-one_firmware *
dell g7_15_7500_firmware *
dell latitude_7480_firmware *
dell xps_15_9530_firmware *
dell alienware_x14_firmware *
dell latitude_3490_firmware *
dell precision_3630_tower_firmware *
dell precision_7820_tower_firmware *
dell inspiron_7591_firmware *
dell optiplex_7490_all-in-one_firmware *
dell g5_15_5590_firmware *
dell latitude_9510_firmware *
dell optiplex_5060_firmware *
dell inspiron_7610_firmware *
dell g7_15_7590_firmware *
dell precision_3430_tower_firmware *
dell alienware_x15_r1_firmware *
dell optiplex_5260_all-in-one_firmware *
dell latitude_9410_firmware *
dell precision_3240_compact_firmware *
dell precision_5530_firmware *
dell vostro_3070_firmware *
dell inspiron_5300_firmware *
dell optiplex_3050_firmware *
dell alienware_m15_r6_firmware *
dell precision_3571_firmware *
dell latitude_5491_firmware *
dell vostro_5502_firmware *
dell precision_5760_firmware *
dell inspiron_3781_firmware *
dell precision_5820_tower_firmware *
dell inspiron_7510_firmware *
dell vostro_5501_firmware *
dell latitude_7389_firmware *
dell g3_3500_firmware *
dell inspiron_7420_firmware *
dell inspiron_16_7620_2-in-1_firmware *
dell vostro_3580_firmware *
dell inspiron_7500_2-in-1_black_firmware *
dell latitude_rugged_7220_firmware *
dell inspiron_3880_firmware *
dell inspiron_3482_firmware *
dell vostro_3400_firmware *
dell inspiron_7500_2-in-1_silver_firmware *
dell latitude_7380_firmware *
dell alienware_m17_r2_firmware *
dell latitude_rugged_7330_firmware *
dell xps_17_9710_firmware *
dell optiplex_3090_ultra_firmware *
dell precision_3551_firmware *
dell alienware_x15_r2_firmware *
dell xps_15_9510_firmware *
dell g3_3779_firmware *
dell alienware_m17_r4_firmware *
dell optiplex_7070_firmware *
dell precision_7740_firmware *
dell vostro_3890_firmware *
dell xps_15_9500_firmware *
dell precision_7560_firmware *
dell precision_7760_firmware *
dell vostro_3470_firmware *
dell inspiron_5493_firmware *
dell precision_3650_tower_firmware *
dell latitude_9520_firmware *
dell latitude_rugged_5430_firmware *
dell inspiron_7506_2-in-1_firmware *
dell wyse_5470_all-in-one_firmware *
dell precision_5530_2-in-1_firmware *
dell latitude_7300_firmware *
dell latitude_3320_firmware *
dell xps_13_9380_firmware *
dell precision_3420_tower_firmware *
dell vostro_5300_firmware *
dell inspiron_3790_firmware *
dell vostro_3670_firmware *
dell inspiron_3671_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell latitude_5320_firmware *
dell xps_17_9700_firmware *
dell latitude_5290_firmware *
dell latitude_rugged_7220ex_firmware *
dell precision_3560_firmware *
dell latitude_7320_detachable_firmware *
dell latitude_3510_firmware *
dell g15_5511_firmware *
dell inspiron_7306_2-in-1_firmware *
dell optiplex_7000_firmware *
dell xps_13_9315_firmware *
dell vostro_3020_t_firmware *
dell inspiron_3470_firmware *
dell vostro_5510_firmware *
dell latitude_14_rugged_5414_firmware *
dell inspiron_3582_firmware *
dell inspiron_7000_firmware *
dell vostro_3690_firmware *
dell latitude_5510_firmware *
dell vostro_3471_firmware *
dell xps_17_9720_firmware *
dell latitude_9420_firmware *
dell precision_3450_firmware *
dell latitude_7400_2-in-1_firmware *
dell optiplex_3000_thin_client_firmware *
dell latitude_7280_firmware *
dell latitude_7290_firmware *
dell latitude_5300_firmware *
dell inspiron_5420_firmware *
dell optiplex_3000_firmware *
dell precision_5560_firmware *
dell xps_13_9310_2-in-1_firmware *
dell inspiron_3583_firmware *
dell optiplex_7071_firmware *
dell inspiron_5481_2-in-1_firmware *
dell precision_5570_firmware *
dell optiplex_7780_all-in-one_firmware *
dell vostro_5491_firmware *
dell alienware_aurora_r15_firmware *
dell inspiron_3590_firmware *
dell vostro_3420_firmware *
dell vostro_3582_firmware *
dell precision_3431_tower_firmware *
dell latitude_5530_firmware *
dell latitude_7530_firmware *
dell vostro_5591_firmware *
dell inspiron_5502_firmware *
dell optiplex_5050_firmware *
dell vostro_3481_firmware *
dell vostro_3490_firmware *
dell alienware_m15_r4_firmware *
dell inspiron_5406_2-in-1_firmware *
dell latitude_5290_2-in-1_firmware *
dell precision_3440_firmware *
dell precision_7510_firmware *
dell chengming_3980_firmware *
dell inspiron_3280_firmware *
dell xps_13_9310_firmware *
dell xps_13_9320_firmware *
dell precision_7865_tower_firmware *
dell precision_7710_firmware *
dell latitude_5580_firmware *
dell latitude_3120_firmware *
dell latitude_7410_firmware *
dell xps_13_9315_2-in-1_firmware *
dell inspiron_5598_firmware *
dell latitude_3189_firmware *
dell inspiron_7791_firmware *
dell precision_3460_small_form_factor_firmware *
dell precision_5750_firmware *
dell vostro_3681_firmware *
dell vostro_5320_firmware *
dell inspiron_5491_2-in-1_firmware *
dell vostro_7620_firmware *
dell inspiron_15_3511_firmware *
dell latitude_9330_firmware *
dell optiplex_3080_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell latitude_3590_firmware *
dell g16_7620_firmware *
dell inspiron_5402_firmware *
dell precision_7520_firmware *
dell latitude_3400_firmware *
dell latitude_5531_firmware *
dell latitude_3180_firmware *
dell g5_15_5500_firmware *
dell vostro_5620_firmware *
dell latitude_5500_firmware *
dell latitude_5330_firmware *
dell inspiron_5391_firmware *
dell inspiron_5501_firmware *
dell optiplex_5000_firmware *
dell g7_17_7700_firmware *
dell wyse_5070_firmware *
dell inspiron_5594_firmware *
dell chengming_3990_firmware *
dell inspiron_5301_firmware *
dell alienware_x17_r2_firmware *
dell precision_3660_firmware *
dell vostro_3584_firmware *
dell inspiron_3881_firmware *
dell vostro_5090_firmware *
dell optiplex_7460_all-in-one_firmware *
dell alienware_aurora_r12_firmware *
dell g3_15_3590_firmware *
dell optiplex_7090_ultra_firmware *
dell inspiron_14_plus_7420_firmware *
dell inspiron_5570_firmware *
dell precision_3550_firmware *
dell vostro_5410_firmware *
dell inspiron_7300_2-in-1_firmware *
dell optiplex_3280_all-in-one_firmware *
dell optiplex_5480_all-in-one_firmware *
dell precision_5470_firmware *
dell latitude_3530_firmware *
dell latitude_7330_firmware *
dell precision_3930_rack_firmware *
dell xps_15_7590_firmware *
dell inspiron_3490_firmware *
dell optiplex_7760_all-in-one_firmware *
dell inspiron_15_5518_firmware *
dell g5_5000_firmware *
dell precision_7540_firmware *
dell latitude_5289_firmware *
dell chengming_3988_firmware *
dell latitude_5280_firmware *
dell inspiron_5410_firmware *
dell vostro_3510_firmware *
dell xps_13_9305_firmware *
dell optiplex_7770_all-in-one_firmware *
dell inspiron_5408_firmware *
dell inspiron_3502_firmware *
dell inspiron_7590_firmware *
dell inspiron_5620_firmware *
dell latitude_7490_firmware *
dell inspiron_3493_firmware *
dell alienware_m16_firmware *
dell latitude_3480_firmware *
dell latitude_3310_2-in-1_firmware *
dell vostro_3590_firmware *
dell inspiron_7710_firmware *
dell optiplex_5250_firmware *
dell inspiron_3510_firmware *
dell latitude_5410_firmware *
dell vostro_5391_firmware *
dell optiplex_7400_firmware *
dell optiplex_7410_all-in-one_firmware *
dell latitude_3430_firmware *
dell inspiron_5401_firmware *
dell optiplex_7470_all-in-one_firmware *
dell optiplex_3050_all-in-one_firmware *
dell alienware_m15_r2_firmware *
dell latitude_5411_firmware *
dell g5_5090_firmware *
dell optiplex_3060_firmware *
dell inspiron_3581_firmware *
dell optiplex_xe3_firmware *
dell precision_3570_firmware *
dell inspiron_5590_firmware *
dell precision_5540_firmware *
dell embedded_box_pc_5000_firmware *
dell precision_7730_firmware *
dell inspiron_7501_firmware *
dell vostro_7510_firmware *
dell latitude_5490_firmware *
dell precision_5720_aio_firmware *
dell latitude_5520_firmware *
dell precision_3561_firmware *
dell inspiron_5508_firmware *
dell vostro_3881_firmware *
dell inspiron_5509_firmware *
dell inspiron_16_7630_2-in-1_firmware *
dell latitude_5521_firmware *
dell vostro_5401_firmware *
dell inspiron_3020s_firmware *
dell vostro_3500_firmware *
dell vostro_3501_firmware *
dell optiplex_5080_firmware *
dell latitude_5420_firmware *
dell alienware_aurora_r11_firmware *
dell inspiron_7490_firmware *
dell inspiron_5400_2-in-1_firmware *
dell inspiron_14_5410_firmware *
dell inspiron_3891_firmware *
dell latitude_7200_2-in-1_firmware *
dell inspiron_3910_firmware *
dell inspiron_14_5430_firmware *
dell precision_3620_tower_firmware *
dell precision_7770_firmware *
dell latitude_5288_firmware *
dell latitude_3300_firmware *
dell vostro_3667_firmware *
dell inspiron_5494_firmware *
dell vostro_3020_sff_firmware *
dell optiplex_5070_firmware *
dell inspiron_3520_firmware *
dell inspiron_3480_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_7212_rugged_extreme_tablet_firmware *
dell latitude_5501_firmware *
dell vostro_3910_firmware *
dell inspiron_5320_firmware *
dell latitude_7390_firmware *
dell vostro_3520_firmware *
dell inspiron_16_5630_firmware *
dell inspiron_5490_aio_firmware *
dell inspiron_7300_firmware *
dell optiplex_7070_ultra_firmware *
dell optiplex_7080_firmware *
dell inspiron_7400_firmware *
dell inspiron_24_5420_all-in-one_firmware *
dell latitude_3420_firmware *
dell inspiron_5770_firmware *
dell inspiron_3793_firmware *
dell optiplex_7090_firmware *
dell inspiron_7790_firmware *
dell latitude_7230_rugged_extreme_tablet_firmware *
dell alienware_area_51m_r2_firmware *
dell latitude_3190_firmware *
dell chengming_3991_firmware *
dell xps_13_9300_firmware *
dell alienware_x17_r1_firmware *
dell latitude_5424_rugged_firmware *
dell precision_5550_firmware *
dell inspiron_7706_2-in-1_firmware *
dell latitude_5300_2-in-1_firmware *
dell vostro_5880_firmware *
dell alienware_m15_r7_firmware *
dell inspiron_5401_aio_firmware *
dell latitude_5400_firmware *
dell latitude_5310_firmware *
dell g7_17_7790_firmware *
dell optiplex_7060_firmware *
dell vostro_3268_firmware *
dell inspiron_14_5418_firmware *
dell vostro_3583_firmware *
dell precision_3540_firmware *
dell chengming_3900_firmware *
dell latitude_3140_firmware *
dell vostro_16_5630_firmware *
dell vostro_3480_firmware *
dell xps_8950_firmware *
dell optiplex_5270_all-in-one_firmware *
dell latitude_5430_firmware *
dell inspiron_5491_aio_firmware *
dell precision_7670_firmware *
dell inspiron_3782_firmware *
dell optiplex_small_form_factor_plus_7010_firmware *
dell precision_7920_tower_firmware *
dell inspiron_14_7430_2-in-1_firmware *
dell inspiron_3670_firmware *
dell chengming_3910_firmware *
dell latitude_5285_2-in-1_firmware *
dell inspiron_16_plus_7620_firmware *
dell inspiron_3471_firmware *
dell chengming_3901_firmware *
dell vostro_5301_firmware *
dell latitude_3190_2-in-1_firmware *
dell precision_3541_firmware *
dell precision_5770_firmware *
dell g3_3579_firmware *
dell latitude_5480_firmware *
dell precision_7720_firmware *
dell optiplex_5400_firmware *
dell latitude_3500_firmware *
dell vostro_3267_firmware *
dell inspiron_24_5421_all-in-one_firmware *
dell latitude_5421_firmware *
dell inspiron_3780_firmware *
dell vostro_3671_firmware *
dell vostro_5890_firmware *
dell xps_13_7390_2-in-1_firmware *
dell optiplex_7000_oem_firmware *
dell inspiron_3521_firmware *
dell precision_3640_tower_firmware *
dell xps_15_9575_2-in-1_firmware *
dell optiplex_5490_all-in-one_firmware *
dell latitude_7310_firmware *
dell vostro_5590_firmware *
dell g15_5530_firmware *
dell alienware_area_51m_r1_firmware *
dell latitude_13_3380_firmware *
dell latitude_12_rugged_extreme_7214_firmware *
dell vostro_5310_firmware *
dell optiplex_3070_firmware *
dell chengming_3911_firmware *
dell latitude_9430_firmware *
dell latitude_7285_2-in-1_firmware *
dell precision_7530_firmware *
dell precision_5520_firmware *
dell latitude_7400_firmware *
dell wyse_5470_firmware *
dell vostro_5402_firmware *
dell vostro_3581_firmware *
dell latitude_7430_firmware *
dell alienware_m17_r3_firmware *
dell latitude_5591_firmware *
dell vostro_7500_firmware *
dell vostro_7590_firmware *
dell inspiron_3580_firmware *
dell inspiron_5490_firmware *
dell latitude_3390_2-in-1_firmware *
dell latitude_5420_rugged_firmware *
dell xps_8960_firmware *
dell latitude_5488_firmware *
dell latitude_3330_firmware *
dell vostro_3401_firmware *
dell latitude_5511_firmware *
dell precision_3530_firmware *
dell inspiron_3501_firmware *
dell g15_5510_firmware *
dell alienware_aurora_r13_firmware *
dell latitude_5590_firmware *
dell optiplex_5090_firmware *
dell optiplex_7050_firmware *
dell xps_13_7390_firmware *
dell inspiron_7391_firmware *
dell wyse_7040_thin_client_firmware *
dell vostro_3668_firmware *
dell inspiron_3511_firmware *
dell optiplex_7450_firmware *
dell inspiron_3584_firmware *
dell xps_8940_firmware *
dell inspiron_7500_firmware *
dell inspiron_15_5510_firmware *
dell optiplex_tower_plus_7010_firmware *
dell alienware_m15_r3_firmware *
dell vostro_3669_firmware *
dell inspiron_3481_firmware *
dell inspiron_5498_firmware *
dell inspiron_27_7720_all-in-one_firmware *
dell vostro_5490_firmware *
dell g15_5520_firmware *
dell inspiron_13_5330_firmware *
dell latitude_3310_firmware *
dell latitude_3301_firmware *
CVE-2023-28059

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L 0.8 4.2

Products Affected

Vendor Product Version
dell inspiron_5310_firmware *
dell inspiron_5591_2-in-1_firmware *
dell optiplex_3090_firmware *
dell xps_17_9730_firmware *
dell optiplex_7480_all-in-one_firmware *
dell inspiron_3593_firmware *
dell inspiron_24_5410_all-in-one_firmware *
dell inspiron_5593_firmware *
dell vostro_3710_firmware *
dell latitude_7414_rugged_extreme_firmware *
dell latitude_3410_firmware *
dell latitude_7390_2-in-1_firmware *
dell inspiron_5400_firmware *
dell latitude_7210_2-in-1_firmware *
dell precision_3520_firmware *
dell latitude_3520_firmware *
dell latitude_3580_firmware *
dell xps_15_9520_firmware *
dell inspiron_5409_firmware *
dell inspiron_3020_firmware *
dell inspiron_7700_all-in-one_firmware *
dell g7_15_7500_firmware *
dell latitude_7480_firmware *
dell xps_15_9530_firmware *
dell alienware_x14_firmware *
dell latitude_3490_firmware *
dell precision_3630_tower_firmware *
dell precision_7820_tower_firmware *
dell inspiron_7591_firmware *
dell optiplex_7490_all-in-one_firmware *
dell g5_15_5590_firmware *
dell latitude_9510_firmware *
dell optiplex_5060_firmware *
dell inspiron_7610_firmware *
dell g7_15_7590_firmware *
dell precision_3430_tower_firmware *
dell alienware_x15_r1_firmware *
dell optiplex_5260_all-in-one_firmware *
dell latitude_9410_firmware *
dell precision_3240_compact_firmware *
dell precision_5530_firmware *
dell vostro_3070_firmware *
dell inspiron_5300_firmware *
dell optiplex_3050_firmware *
dell alienware_m15_r6_firmware *
dell precision_3571_firmware *
dell latitude_5491_firmware *
dell vostro_5502_firmware *
dell precision_5760_firmware *
dell inspiron_3781_firmware *
dell precision_5820_tower_firmware *
dell inspiron_7510_firmware *
dell vostro_5501_firmware *
dell latitude_7389_firmware *
dell g3_3500_firmware *
dell inspiron_7420_firmware *
dell inspiron_16_7620_2-in-1_firmware *
dell vostro_3580_firmware *
dell inspiron_7500_2-in-1_black_firmware *
dell latitude_rugged_7220_firmware *
dell inspiron_3880_firmware *
dell inspiron_3482_firmware *
dell vostro_3400_firmware *
dell inspiron_7500_2-in-1_silver_firmware *
dell latitude_7380_firmware *
dell alienware_m17_r2_firmware *
dell latitude_rugged_7330_firmware *
dell xps_17_9710_firmware *
dell optiplex_3090_ultra_firmware *
dell precision_3551_firmware *
dell alienware_x15_r2_firmware *
dell xps_15_9510_firmware *
dell g3_3779_firmware *
dell alienware_m17_r4_firmware *
dell optiplex_7070_firmware *
dell precision_7740_firmware *
dell vostro_3890_firmware *
dell xps_15_9500_firmware *
dell precision_7560_firmware *
dell precision_7760_firmware *
dell vostro_3470_firmware *
dell inspiron_5493_firmware *
dell precision_3650_tower_firmware *
dell latitude_9520_firmware *
dell latitude_rugged_5430_firmware *
dell inspiron_7506_2-in-1_firmware *
dell wyse_5470_all-in-one_firmware *
dell precision_5530_2-in-1_firmware *
dell latitude_7300_firmware *
dell latitude_3320_firmware *
dell xps_13_9380_firmware *
dell precision_3420_tower_firmware *
dell vostro_5300_firmware *
dell inspiron_3790_firmware *
dell vostro_3670_firmware *
dell inspiron_3671_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell latitude_5320_firmware *
dell xps_17_9700_firmware *
dell latitude_5290_firmware *
dell latitude_rugged_7220ex_firmware *
dell precision_3560_firmware *
dell latitude_7320_detachable_firmware *
dell latitude_3510_firmware *
dell g15_5511_firmware *
dell inspiron_7306_2-in-1_firmware *
dell optiplex_7000_firmware *
dell xps_13_9315_firmware *
dell vostro_3020_t_firmware *
dell inspiron_3470_firmware *
dell vostro_5510_firmware *
dell latitude_14_rugged_5414_firmware *
dell inspiron_3582_firmware *
dell inspiron_7000_firmware *
dell vostro_3690_firmware *
dell latitude_5510_firmware *
dell vostro_3471_firmware *
dell xps_17_9720_firmware *
dell latitude_9420_firmware *
dell precision_3450_firmware *
dell latitude_7400_2-in-1_firmware *
dell optiplex_3000_thin_client_firmware *
dell latitude_7280_firmware *
dell latitude_7290_firmware *
dell latitude_5300_firmware *
dell inspiron_5420_firmware *
dell optiplex_3000_firmware *
dell precision_5560_firmware *
dell xps_13_9310_2-in-1_firmware *
dell inspiron_3583_firmware *
dell optiplex_7071_firmware *
dell inspiron_5481_2-in-1_firmware *
dell precision_5570_firmware *
dell optiplex_7780_all-in-one_firmware *
dell vostro_5491_firmware *
dell alienware_aurora_r15_firmware *
dell inspiron_3590_firmware *
dell vostro_3420_firmware *
dell vostro_3582_firmware *
dell precision_3431_tower_firmware *
dell latitude_5530_firmware *
dell latitude_7530_firmware *
dell vostro_5591_firmware *
dell inspiron_5502_firmware *
dell optiplex_5050_firmware *
dell vostro_3481_firmware *
dell vostro_3490_firmware *
dell alienware_m15_r4_firmware *
dell inspiron_5406_2-in-1_firmware *
dell latitude_5290_2-in-1_firmware *
dell precision_3440_firmware *
dell precision_7510_firmware *
dell chengming_3980_firmware *
dell inspiron_3280_firmware *
dell xps_13_9310_firmware *
dell xps_13_9320_firmware *
dell precision_7865_tower_firmware *
dell precision_7710_firmware *
dell latitude_5580_firmware *
dell latitude_3120_firmware *
dell latitude_7410_firmware *
dell xps_13_9315_2-in-1_firmware *
dell inspiron_5598_firmware *
dell latitude_3189_firmware *
dell inspiron_7791_firmware *
dell precision_3460_small_form_factor_firmware *
dell precision_5750_firmware *
dell vostro_3681_firmware *
dell vostro_5320_firmware *
dell inspiron_5491_2-in-1_firmware *
dell vostro_7620_firmware *
dell inspiron_15_3511_firmware *
dell latitude_9330_firmware *
dell optiplex_3080_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell latitude_3590_firmware *
dell g16_7620_firmware *
dell inspiron_5402_firmware *
dell precision_7520_firmware *
dell latitude_3400_firmware *
dell latitude_5531_firmware *
dell latitude_3180_firmware *
dell g5_15_5500_firmware *
dell vostro_5620_firmware *
dell latitude_5500_firmware *
dell latitude_5330_firmware *
dell inspiron_5391_firmware *
dell inspiron_5501_firmware *
dell optiplex_5000_firmware *
dell g7_17_7700_firmware *
dell wyse_5070_firmware *
dell inspiron_5594_firmware *
dell chengming_3990_firmware *
dell inspiron_5301_firmware *
dell alienware_x17_r2_firmware *
dell precision_3660_firmware *
dell vostro_3584_firmware *
dell inspiron_3881_firmware *
dell vostro_5090_firmware *
dell optiplex_7460_all-in-one_firmware *
dell alienware_aurora_r12_firmware *
dell g3_15_3590_firmware *
dell optiplex_7090_ultra_firmware *
dell inspiron_14_plus_7420_firmware *
dell inspiron_5570_firmware *
dell precision_3550_firmware *
dell vostro_5410_firmware *
dell inspiron_7300_2-in-1_firmware *
dell optiplex_3280_all-in-one_firmware *
dell optiplex_5480_all-in-one_firmware *
dell precision_5470_firmware *
dell latitude_3530_firmware *
dell latitude_7330_firmware *
dell precision_3930_rack_firmware *
dell xps_15_7590_firmware *
dell inspiron_3490_firmware *
dell optiplex_7760_all-in-one_firmware *
dell inspiron_15_5518_firmware *
dell g5_5000_firmware *
dell precision_7540_firmware *
dell latitude_5289_firmware *
dell chengming_3988_firmware *
dell latitude_5280_firmware *
dell inspiron_5410_firmware *
dell vostro_3510_firmware *
dell xps_13_9305_firmware *
dell optiplex_7770_all-in-one_firmware *
dell inspiron_5408_firmware *
dell inspiron_3502_firmware *
dell inspiron_7590_firmware *
dell inspiron_5620_firmware *
dell latitude_7490_firmware *
dell inspiron_3493_firmware *
dell alienware_m16_firmware *
dell latitude_3480_firmware *
dell latitude_3310_2-in-1_firmware *
dell vostro_3590_firmware *
dell inspiron_7710_firmware *
dell optiplex_5250_firmware *
dell inspiron_3510_firmware *
dell latitude_5410_firmware *
dell vostro_5391_firmware *
dell optiplex_7400_firmware *
dell optiplex_7410_all-in-one_firmware *
dell latitude_3430_firmware *
dell inspiron_5401_firmware *
dell optiplex_7470_all-in-one_firmware *
dell optiplex_3050_all-in-one_firmware *
dell alienware_m15_r2_firmware *
dell latitude_5411_firmware *
dell g5_5090_firmware *
dell optiplex_3060_firmware *
dell inspiron_3581_firmware *
dell optiplex_xe3_firmware *
dell precision_3570_firmware *
dell inspiron_5590_firmware *
dell precision_5540_firmware *
dell embedded_box_pc_5000_firmware *
dell precision_7730_firmware *
dell inspiron_7501_firmware *
dell vostro_7510_firmware *
dell latitude_5490_firmware *
dell precision_5720_aio_firmware *
dell latitude_5520_firmware *
dell precision_3561_firmware *
dell inspiron_5508_firmware *
dell vostro_3881_firmware *
dell inspiron_5509_firmware *
dell inspiron_16_7630_2-in-1_firmware *
dell latitude_5521_firmware *
dell vostro_5401_firmware *
dell inspiron_3020s_firmware *
dell vostro_3500_firmware *
dell vostro_3501_firmware *
dell optiplex_5080_firmware *
dell latitude_5420_firmware *
dell alienware_aurora_r11_firmware *
dell inspiron_7490_firmware *
dell inspiron_5400_2-in-1_firmware *
dell inspiron_14_5410_firmware *
dell inspiron_3891_firmware *
dell latitude_7200_2-in-1_firmware *
dell inspiron_3910_firmware *
dell inspiron_14_5430_firmware *
dell precision_3620_tower_firmware *
dell precision_7770_firmware *
dell latitude_5288_firmware *
dell latitude_3300_firmware *
dell vostro_3667_firmware *
dell inspiron_5494_firmware *
dell vostro_3020_sff_firmware *
dell optiplex_5070_firmware *
dell inspiron_3520_firmware *
dell inspiron_3480_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_7212_rugged_extreme_tablet_firmware *
dell latitude_5501_firmware *
dell vostro_3910_firmware *
dell inspiron_5320_firmware *
dell latitude_7390_firmware *
dell vostro_3520_firmware *
dell inspiron_16_5630_firmware *
dell inspiron_5490_aio_firmware *
dell inspiron_7300_firmware *
dell optiplex_7070_ultra_firmware *
dell optiplex_7080_firmware *
dell inspiron_7400_firmware *
dell inspiron_24_5420_all-in-one_firmware *
dell latitude_3420_firmware *
dell inspiron_5770_firmware *
dell inspiron_3793_firmware *
dell optiplex_7090_firmware *
dell inspiron_7790_firmware *
dell latitude_7230_rugged_extreme_tablet_firmware *
dell alienware_area_51m_r2_firmware *
dell latitude_3190_firmware *
dell chengming_3991_firmware *
dell xps_13_9300_firmware *
dell alienware_x17_r1_firmware *
dell latitude_5424_rugged_firmware *
dell precision_5550_firmware *
dell inspiron_7706_2-in-1_firmware *
dell latitude_5300_2-in-1_firmware *
dell vostro_5880_firmware *
dell alienware_m15_r7_firmware *
dell inspiron_5401_aio_firmware *
dell latitude_5400_firmware *
dell latitude_5310_firmware *
dell g7_17_7790_firmware *
dell optiplex_7060_firmware *
dell vostro_3268_firmware *
dell inspiron_14_5418_firmware *
dell vostro_3583_firmware *
dell precision_3540_firmware *
dell chengming_3900_firmware *
dell latitude_3140_firmware *
dell vostro_16_5630_firmware *
dell vostro_3480_firmware *
dell xps_8950_firmware *
dell optiplex_5270_all-in-one_firmware *
dell latitude_5430_firmware *
dell inspiron_5491_aio_firmware *
dell precision_7670_firmware *
dell inspiron_3782_firmware *
dell optiplex_small_form_factor_plus_7010_firmware *
dell precision_7920_tower_firmware *
dell inspiron_14_7430_2-in-1_firmware *
dell inspiron_3670_firmware *
dell chengming_3910_firmware *
dell latitude_5285_2-in-1_firmware *
dell inspiron_16_plus_7620_firmware *
dell inspiron_3471_firmware *
dell chengming_3901_firmware *
dell vostro_5301_firmware *
dell latitude_3190_2-in-1_firmware *
dell precision_3541_firmware *
dell precision_5770_firmware *
dell g3_3579_firmware *
dell latitude_5480_firmware *
dell precision_7720_firmware *
dell optiplex_5400_firmware *
dell latitude_3500_firmware *
dell vostro_3267_firmware *
dell inspiron_24_5421_all-in-one_firmware *
dell latitude_5421_firmware *
dell inspiron_3780_firmware *
dell vostro_3671_firmware *
dell vostro_5890_firmware *
dell xps_13_7390_2-in-1_firmware *
dell optiplex_7000_oem_firmware *
dell inspiron_3521_firmware *
dell precision_3640_tower_firmware *
dell xps_15_9575_2-in-1_firmware *
dell optiplex_5490_all-in-one_firmware *
dell latitude_7310_firmware *
dell vostro_5590_firmware *
dell g15_5530_firmware *
dell alienware_area_51m_r1_firmware *
dell latitude_13_3380_firmware *
dell latitude_12_rugged_extreme_7214_firmware *
dell vostro_5310_firmware *
dell optiplex_3070_firmware *
dell chengming_3911_firmware *
dell latitude_9430_firmware *
dell latitude_7285_2-in-1_firmware *
dell precision_7530_firmware *
dell precision_5520_firmware *
dell latitude_7400_firmware *
dell wyse_5470_firmware *
dell vostro_5402_firmware *
dell vostro_3581_firmware *
dell latitude_7430_firmware *
dell alienware_m17_r3_firmware *
dell latitude_5591_firmware *
dell vostro_7500_firmware *
dell vostro_7590_firmware *
dell inspiron_3580_firmware *
dell inspiron_5490_firmware *
dell latitude_3390_2-in-1_firmware *
dell latitude_5420_rugged_firmware *
dell xps_8960_firmware *
dell latitude_5488_firmware *
dell latitude_3330_firmware *
dell vostro_3401_firmware *
dell latitude_5511_firmware *
dell precision_3530_firmware *
dell inspiron_3501_firmware *
dell g15_5510_firmware *
dell alienware_aurora_r13_firmware *
dell latitude_5590_firmware *
dell optiplex_5090_firmware *
dell optiplex_7050_firmware *
dell xps_13_7390_firmware *
dell inspiron_7391_firmware *
dell wyse_7040_thin_client_firmware *
dell vostro_3668_firmware *
dell inspiron_3511_firmware *
dell optiplex_7450_firmware *
dell inspiron_3584_firmware *
dell xps_8940_firmware *
dell inspiron_7500_firmware *
dell inspiron_15_5510_firmware *
dell optiplex_tower_plus_7010_firmware *
dell alienware_m15_r3_firmware *
dell vostro_3669_firmware *
dell inspiron_3481_firmware *
dell inspiron_5498_firmware *
dell inspiron_27_7720_all-in-one_firmware *
dell vostro_5490_firmware *
dell g15_5520_firmware *
dell inspiron_13_5330_firmware *
dell latitude_3310_firmware *
dell latitude_3301_firmware *
CVE-2023-28060

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L 0.8 4.2

Products Affected

Vendor Product Version
dell inspiron_5310_firmware *
dell inspiron_5591_2-in-1_firmware *
dell optiplex_3090_firmware *
dell xps_17_9730_firmware *
dell optiplex_7480_all-in-one_firmware *
dell inspiron_3593_firmware *
dell inspiron_24_5410_all-in-one_firmware *
dell inspiron_5593_firmware *
dell vostro_3710_firmware *
dell latitude_7414_rugged_extreme_firmware *
dell latitude_3410_firmware *
dell latitude_7390_2-in-1_firmware *
dell inspiron_5400_firmware *
dell latitude_7210_2-in-1_firmware *
dell precision_3520_firmware *
dell latitude_3520_firmware *
dell latitude_3580_firmware *
dell xps_15_9520_firmware *
dell inspiron_5409_firmware *
dell inspiron_3020_firmware *
dell inspiron_7700_all-in-one_firmware *
dell g7_15_7500_firmware *
dell latitude_7480_firmware *
dell xps_15_9530_firmware *
dell alienware_x14_firmware *
dell latitude_3490_firmware *
dell precision_3630_tower_firmware *
dell precision_7820_tower_firmware *
dell inspiron_7591_firmware *
dell optiplex_7490_all-in-one_firmware *
dell g5_15_5590_firmware *
dell latitude_9510_firmware *
dell optiplex_5060_firmware *
dell inspiron_7610_firmware *
dell g7_15_7590_firmware *
dell precision_3430_tower_firmware *
dell alienware_x15_r1_firmware *
dell optiplex_5260_all-in-one_firmware *
dell latitude_9410_firmware *
dell precision_3240_compact_firmware *
dell precision_5530_firmware *
dell vostro_3070_firmware *
dell inspiron_5300_firmware *
dell optiplex_3050_firmware *
dell alienware_m15_r6_firmware *
dell precision_3571_firmware *
dell latitude_5491_firmware *
dell vostro_5502_firmware *
dell precision_5760_firmware *
dell inspiron_3781_firmware *
dell precision_5820_tower_firmware *
dell inspiron_7510_firmware *
dell vostro_5501_firmware *
dell latitude_7389_firmware *
dell g3_3500_firmware *
dell inspiron_7420_firmware *
dell inspiron_16_7620_2-in-1_firmware *
dell vostro_3580_firmware *
dell inspiron_7500_2-in-1_black_firmware *
dell latitude_rugged_7220_firmware *
dell inspiron_3880_firmware *
dell inspiron_3482_firmware *
dell vostro_3400_firmware *
dell inspiron_7500_2-in-1_silver_firmware *
dell latitude_7380_firmware *
dell alienware_m17_r2_firmware *
dell latitude_rugged_7330_firmware *
dell xps_17_9710_firmware *
dell optiplex_3090_ultra_firmware *
dell precision_3551_firmware *
dell alienware_x15_r2_firmware *
dell xps_15_9510_firmware *
dell g3_3779_firmware *
dell alienware_m17_r4_firmware *
dell optiplex_7070_firmware *
dell precision_7740_firmware *
dell vostro_3890_firmware *
dell xps_15_9500_firmware *
dell precision_7560_firmware *
dell precision_7760_firmware *
dell vostro_3470_firmware *
dell inspiron_5493_firmware *
dell precision_3650_tower_firmware *
dell latitude_9520_firmware *
dell latitude_rugged_5430_firmware *
dell inspiron_7506_2-in-1_firmware *
dell wyse_5470_all-in-one_firmware *
dell precision_5530_2-in-1_firmware *
dell latitude_7300_firmware *
dell latitude_3320_firmware *
dell xps_13_9380_firmware *
dell precision_3420_tower_firmware *
dell vostro_5300_firmware *
dell inspiron_3790_firmware *
dell vostro_3670_firmware *
dell inspiron_3671_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell latitude_5320_firmware *
dell xps_17_9700_firmware *
dell latitude_5290_firmware *
dell latitude_rugged_7220ex_firmware *
dell precision_3560_firmware *
dell latitude_7320_detachable_firmware *
dell latitude_3510_firmware *
dell g15_5511_firmware *
dell inspiron_7306_2-in-1_firmware *
dell optiplex_7000_firmware *
dell xps_13_9315_firmware *
dell vostro_3020_t_firmware *
dell inspiron_3470_firmware *
dell vostro_5510_firmware *
dell latitude_14_rugged_5414_firmware *
dell inspiron_3582_firmware *
dell inspiron_7000_firmware *
dell vostro_3690_firmware *
dell latitude_5510_firmware *
dell vostro_3471_firmware *
dell xps_17_9720_firmware *
dell latitude_9420_firmware *
dell precision_3450_firmware *
dell latitude_7400_2-in-1_firmware *
dell optiplex_3000_thin_client_firmware *
dell latitude_7280_firmware *
dell latitude_7290_firmware *
dell latitude_5300_firmware *
dell inspiron_5420_firmware *
dell optiplex_3000_firmware *
dell precision_5560_firmware *
dell xps_13_9310_2-in-1_firmware *
dell inspiron_3583_firmware *
dell optiplex_7071_firmware *
dell inspiron_5481_2-in-1_firmware *
dell precision_5570_firmware *
dell optiplex_7780_all-in-one_firmware *
dell vostro_5491_firmware *
dell alienware_aurora_r15_firmware *
dell inspiron_3590_firmware *
dell vostro_3420_firmware *
dell vostro_3582_firmware *
dell precision_3431_tower_firmware *
dell latitude_5530_firmware *
dell latitude_7530_firmware *
dell vostro_5591_firmware *
dell inspiron_5502_firmware *
dell optiplex_5050_firmware *
dell vostro_3481_firmware *
dell vostro_3490_firmware *
dell alienware_m15_r4_firmware *
dell inspiron_5406_2-in-1_firmware *
dell latitude_5290_2-in-1_firmware *
dell precision_3440_firmware *
dell precision_7510_firmware *
dell chengming_3980_firmware *
dell inspiron_3280_firmware *
dell xps_13_9310_firmware *
dell xps_13_9320_firmware *
dell precision_7865_tower_firmware *
dell precision_7710_firmware *
dell latitude_5580_firmware *
dell latitude_3120_firmware *
dell latitude_7410_firmware *
dell xps_13_9315_2-in-1_firmware *
dell inspiron_5598_firmware *
dell latitude_3189_firmware *
dell inspiron_7791_firmware *
dell precision_3460_small_form_factor_firmware *
dell precision_5750_firmware *
dell vostro_3681_firmware *
dell vostro_5320_firmware *
dell inspiron_5491_2-in-1_firmware *
dell vostro_7620_firmware *
dell inspiron_15_3511_firmware *
dell latitude_9330_firmware *
dell optiplex_3080_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell latitude_3590_firmware *
dell g16_7620_firmware *
dell inspiron_5402_firmware *
dell precision_7520_firmware *
dell latitude_3400_firmware *
dell latitude_5531_firmware *
dell latitude_3180_firmware *
dell g5_15_5500_firmware *
dell vostro_5620_firmware *
dell latitude_5500_firmware *
dell latitude_5330_firmware *
dell inspiron_5391_firmware *
dell inspiron_5501_firmware *
dell optiplex_5000_firmware *
dell g7_17_7700_firmware *
dell wyse_5070_firmware *
dell inspiron_5594_firmware *
dell chengming_3990_firmware *
dell inspiron_5301_firmware *
dell alienware_x17_r2_firmware *
dell precision_3660_firmware *
dell vostro_3584_firmware *
dell inspiron_3881_firmware *
dell vostro_5090_firmware *
dell optiplex_7460_all-in-one_firmware *
dell alienware_aurora_r12_firmware *
dell g3_15_3590_firmware *
dell optiplex_7090_ultra_firmware *
dell inspiron_14_plus_7420_firmware *
dell inspiron_5570_firmware *
dell precision_3550_firmware *
dell vostro_5410_firmware *
dell inspiron_7300_2-in-1_firmware *
dell optiplex_3280_all-in-one_firmware *
dell optiplex_5480_all-in-one_firmware *
dell precision_5470_firmware *
dell latitude_3530_firmware *
dell latitude_7330_firmware *
dell precision_3930_rack_firmware *
dell xps_15_7590_firmware *
dell inspiron_3490_firmware *
dell optiplex_7760_all-in-one_firmware *
dell inspiron_15_5518_firmware *
dell g5_5000_firmware *
dell precision_7540_firmware *
dell latitude_5289_firmware *
dell chengming_3988_firmware *
dell latitude_5280_firmware *
dell inspiron_5410_firmware *
dell vostro_3510_firmware *
dell xps_13_9305_firmware *
dell optiplex_7770_all-in-one_firmware *
dell inspiron_5408_firmware *
dell inspiron_3502_firmware *
dell inspiron_7590_firmware *
dell inspiron_5620_firmware *
dell latitude_7490_firmware *
dell inspiron_3493_firmware *
dell alienware_m16_firmware *
dell latitude_3480_firmware *
dell latitude_3310_2-in-1_firmware *
dell vostro_3590_firmware *
dell inspiron_7710_firmware *
dell optiplex_5250_firmware *
dell inspiron_3510_firmware *
dell latitude_5410_firmware *
dell vostro_5391_firmware *
dell optiplex_7400_firmware *
dell optiplex_7410_all-in-one_firmware *
dell latitude_3430_firmware *
dell inspiron_5401_firmware *
dell optiplex_7470_all-in-one_firmware *
dell optiplex_3050_all-in-one_firmware *
dell alienware_m15_r2_firmware *
dell latitude_5411_firmware *
dell g5_5090_firmware *
dell optiplex_3060_firmware *
dell inspiron_3581_firmware *
dell optiplex_xe3_firmware *
dell precision_3570_firmware *
dell inspiron_5590_firmware *
dell precision_5540_firmware *
dell embedded_box_pc_5000_firmware *
dell precision_7730_firmware *
dell inspiron_7501_firmware *
dell vostro_7510_firmware *
dell latitude_5490_firmware *
dell precision_5720_aio_firmware *
dell latitude_5520_firmware *
dell precision_3561_firmware *
dell inspiron_5508_firmware *
dell vostro_3881_firmware *
dell inspiron_5509_firmware *
dell inspiron_16_7630_2-in-1_firmware *
dell latitude_5521_firmware *
dell vostro_5401_firmware *
dell inspiron_3020s_firmware *
dell vostro_3500_firmware *
dell vostro_3501_firmware *
dell optiplex_5080_firmware *
dell latitude_5420_firmware *
dell alienware_aurora_r11_firmware *
dell inspiron_7490_firmware *
dell inspiron_5400_2-in-1_firmware *
dell inspiron_14_5410_firmware *
dell inspiron_3891_firmware *
dell latitude_7200_2-in-1_firmware *
dell inspiron_3910_firmware *
dell inspiron_14_5430_firmware *
dell precision_3620_tower_firmware *
dell precision_7770_firmware *
dell latitude_5288_firmware *
dell latitude_3300_firmware *
dell vostro_3667_firmware *
dell inspiron_5494_firmware *
dell vostro_3020_sff_firmware *
dell optiplex_5070_firmware *
dell inspiron_3520_firmware *
dell inspiron_3480_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_7212_rugged_extreme_tablet_firmware *
dell latitude_5501_firmware *
dell vostro_3910_firmware *
dell inspiron_5320_firmware *
dell latitude_7390_firmware *
dell vostro_3520_firmware *
dell inspiron_16_5630_firmware *
dell inspiron_5490_aio_firmware *
dell inspiron_7300_firmware *
dell optiplex_7070_ultra_firmware *
dell optiplex_7080_firmware *
dell inspiron_7400_firmware *
dell inspiron_24_5420_all-in-one_firmware *
dell latitude_3420_firmware *
dell inspiron_5770_firmware *
dell inspiron_3793_firmware *
dell optiplex_7090_firmware *
dell inspiron_7790_firmware *
dell latitude_7230_rugged_extreme_tablet_firmware *
dell alienware_area_51m_r2_firmware *
dell latitude_3190_firmware *
dell chengming_3991_firmware *
dell xps_13_9300_firmware *
dell alienware_x17_r1_firmware *
dell latitude_5424_rugged_firmware *
dell precision_5550_firmware *
dell inspiron_7706_2-in-1_firmware *
dell latitude_5300_2-in-1_firmware *
dell vostro_5880_firmware *
dell alienware_m15_r7_firmware *
dell inspiron_5401_aio_firmware *
dell latitude_5400_firmware *
dell latitude_5310_firmware *
dell g7_17_7790_firmware *
dell optiplex_7060_firmware *
dell vostro_3268_firmware *
dell inspiron_14_5418_firmware *
dell vostro_3583_firmware *
dell precision_3540_firmware *
dell chengming_3900_firmware *
dell latitude_3140_firmware *
dell vostro_16_5630_firmware *
dell vostro_3480_firmware *
dell xps_8950_firmware *
dell optiplex_5270_all-in-one_firmware *
dell latitude_5430_firmware *
dell inspiron_5491_aio_firmware *
dell precision_7670_firmware *
dell inspiron_3782_firmware *
dell optiplex_small_form_factor_plus_7010_firmware *
dell precision_7920_tower_firmware *
dell inspiron_14_7430_2-in-1_firmware *
dell inspiron_3670_firmware *
dell chengming_3910_firmware *
dell latitude_5285_2-in-1_firmware *
dell inspiron_16_plus_7620_firmware *
dell inspiron_3471_firmware *
dell chengming_3901_firmware *
dell vostro_5301_firmware *
dell latitude_3190_2-in-1_firmware *
dell precision_3541_firmware *
dell precision_5770_firmware *
dell g3_3579_firmware *
dell latitude_5480_firmware *
dell precision_7720_firmware *
dell optiplex_5400_firmware *
dell latitude_3500_firmware *
dell vostro_3267_firmware *
dell inspiron_24_5421_all-in-one_firmware *
dell latitude_5421_firmware *
dell inspiron_3780_firmware *
dell vostro_3671_firmware *
dell vostro_5890_firmware *
dell xps_13_7390_2-in-1_firmware *
dell optiplex_7000_oem_firmware *
dell inspiron_3521_firmware *
dell precision_3640_tower_firmware *
dell xps_15_9575_2-in-1_firmware *
dell optiplex_5490_all-in-one_firmware *
dell latitude_7310_firmware *
dell vostro_5590_firmware *
dell g15_5530_firmware *
dell alienware_area_51m_r1_firmware *
dell latitude_13_3380_firmware *
dell latitude_12_rugged_extreme_7214_firmware *
dell vostro_5310_firmware *
dell optiplex_3070_firmware *
dell chengming_3911_firmware *
dell latitude_9430_firmware *
dell latitude_7285_2-in-1_firmware *
dell precision_7530_firmware *
dell precision_5520_firmware *
dell latitude_7400_firmware *
dell wyse_5470_firmware *
dell vostro_5402_firmware *
dell vostro_3581_firmware *
dell latitude_7430_firmware *
dell alienware_m17_r3_firmware *
dell latitude_5591_firmware *
dell vostro_7500_firmware *
dell vostro_7590_firmware *
dell inspiron_3580_firmware *
dell inspiron_5490_firmware *
dell latitude_3390_2-in-1_firmware *
dell latitude_5420_rugged_firmware *
dell xps_8960_firmware *
dell latitude_5488_firmware *
dell latitude_3330_firmware *
dell vostro_3401_firmware *
dell latitude_5511_firmware *
dell precision_3530_firmware *
dell inspiron_3501_firmware *
dell g15_5510_firmware *
dell alienware_aurora_r13_firmware *
dell latitude_5590_firmware *
dell optiplex_5090_firmware *
dell optiplex_7050_firmware *
dell xps_13_7390_firmware *
dell inspiron_7391_firmware *
dell wyse_7040_thin_client_firmware *
dell vostro_3668_firmware *
dell inspiron_3511_firmware *
dell optiplex_7450_firmware *
dell inspiron_3584_firmware *
dell xps_8940_firmware *
dell inspiron_7500_firmware *
dell inspiron_15_5510_firmware *
dell optiplex_tower_plus_7010_firmware *
dell alienware_m15_r3_firmware *
dell vostro_3669_firmware *
dell inspiron_3481_firmware *
dell inspiron_5498_firmware *
dell inspiron_27_7720_all-in-one_firmware *
dell vostro_5490_firmware *
dell g15_5520_firmware *
dell inspiron_13_5330_firmware *
dell latitude_3310_firmware *
dell latitude_3301_firmware *
CVE-2023-28061

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L 0.8 4.2

Products Affected

Vendor Product Version
dell inspiron_5310_firmware *
dell inspiron_5591_2-in-1_firmware *
dell optiplex_3090_firmware *
dell xps_17_9730_firmware *
dell optiplex_7480_all-in-one_firmware *
dell inspiron_3593_firmware *
dell inspiron_24_5410_all-in-one_firmware *
dell inspiron_5593_firmware *
dell vostro_3710_firmware *
dell latitude_7414_rugged_extreme_firmware *
dell latitude_3410_firmware *
dell latitude_7390_2-in-1_firmware *
dell inspiron_5400_firmware *
dell latitude_7210_2-in-1_firmware *
dell precision_3520_firmware *
dell latitude_3520_firmware *
dell latitude_3580_firmware *
dell xps_15_9520_firmware *
dell inspiron_5409_firmware *
dell inspiron_3020_firmware *
dell inspiron_7700_all-in-one_firmware *
dell g7_15_7500_firmware *
dell latitude_7480_firmware *
dell xps_15_9530_firmware *
dell alienware_x14_firmware *
dell latitude_3490_firmware *
dell precision_3630_tower_firmware *
dell precision_7820_tower_firmware *
dell inspiron_7591_firmware *
dell optiplex_7490_all-in-one_firmware *
dell g5_15_5590_firmware *
dell latitude_9510_firmware *
dell optiplex_5060_firmware *
dell inspiron_7610_firmware *
dell g7_15_7590_firmware *
dell precision_3430_tower_firmware *
dell alienware_x15_r1_firmware *
dell optiplex_5260_all-in-one_firmware *
dell latitude_9410_firmware *
dell precision_3240_compact_firmware *
dell precision_5530_firmware *
dell vostro_3070_firmware *
dell inspiron_5300_firmware *
dell optiplex_3050_firmware *
dell alienware_m15_r6_firmware *
dell precision_3571_firmware *
dell latitude_5491_firmware *
dell vostro_5502_firmware *
dell precision_5760_firmware *
dell inspiron_3781_firmware *
dell precision_5820_tower_firmware *
dell inspiron_7510_firmware *
dell vostro_5501_firmware *
dell latitude_7389_firmware *
dell g3_3500_firmware *
dell inspiron_7420_firmware *
dell inspiron_16_7620_2-in-1_firmware *
dell vostro_3580_firmware *
dell inspiron_7500_2-in-1_black_firmware *
dell latitude_rugged_7220_firmware *
dell inspiron_3880_firmware *
dell inspiron_3482_firmware *
dell vostro_3400_firmware *
dell inspiron_7500_2-in-1_silver_firmware *
dell latitude_7380_firmware *
dell alienware_m17_r2_firmware *
dell latitude_rugged_7330_firmware *
dell xps_17_9710_firmware *
dell optiplex_3090_ultra_firmware *
dell precision_3551_firmware *
dell alienware_x15_r2_firmware *
dell xps_15_9510_firmware *
dell g3_3779_firmware *
dell alienware_m17_r4_firmware *
dell optiplex_7070_firmware *
dell precision_7740_firmware *
dell vostro_3890_firmware *
dell xps_15_9500_firmware *
dell precision_7560_firmware *
dell precision_7760_firmware *
dell vostro_3470_firmware *
dell inspiron_5493_firmware *
dell precision_3650_tower_firmware *
dell latitude_9520_firmware *
dell latitude_rugged_5430_firmware *
dell inspiron_7506_2-in-1_firmware *
dell wyse_5470_all-in-one_firmware *
dell precision_5530_2-in-1_firmware *
dell latitude_7300_firmware *
dell latitude_3320_firmware *
dell xps_13_9380_firmware *
dell precision_3420_tower_firmware *
dell vostro_5300_firmware *
dell inspiron_3790_firmware *
dell vostro_3670_firmware *
dell inspiron_3671_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell latitude_5320_firmware *
dell xps_17_9700_firmware *
dell latitude_5290_firmware *
dell latitude_rugged_7220ex_firmware *
dell precision_3560_firmware *
dell latitude_7320_detachable_firmware *
dell latitude_3510_firmware *
dell g15_5511_firmware *
dell inspiron_7306_2-in-1_firmware *
dell optiplex_7000_firmware *
dell xps_13_9315_firmware *
dell vostro_3020_t_firmware *
dell inspiron_3470_firmware *
dell vostro_5510_firmware *
dell latitude_14_rugged_5414_firmware *
dell inspiron_3582_firmware *
dell inspiron_7000_firmware *
dell vostro_3690_firmware *
dell latitude_5510_firmware *
dell vostro_3471_firmware *
dell xps_17_9720_firmware *
dell latitude_9420_firmware *
dell precision_3450_firmware *
dell latitude_7400_2-in-1_firmware *
dell optiplex_3000_thin_client_firmware *
dell latitude_7280_firmware *
dell latitude_7290_firmware *
dell latitude_5300_firmware *
dell inspiron_5420_firmware *
dell optiplex_3000_firmware *
dell precision_5560_firmware *
dell xps_13_9310_2-in-1_firmware *
dell inspiron_3583_firmware *
dell optiplex_7071_firmware *
dell inspiron_5481_2-in-1_firmware *
dell precision_5570_firmware *
dell optiplex_7780_all-in-one_firmware *
dell vostro_5491_firmware *
dell alienware_aurora_r15_firmware *
dell inspiron_3590_firmware *
dell vostro_3420_firmware *
dell vostro_3582_firmware *
dell precision_3431_tower_firmware *
dell latitude_5530_firmware *
dell latitude_7530_firmware *
dell vostro_5591_firmware *
dell inspiron_5502_firmware *
dell optiplex_5050_firmware *
dell vostro_3481_firmware *
dell vostro_3490_firmware *
dell alienware_m15_r4_firmware *
dell inspiron_5406_2-in-1_firmware *
dell latitude_5290_2-in-1_firmware *
dell precision_3440_firmware *
dell precision_7510_firmware *
dell chengming_3980_firmware *
dell inspiron_3280_firmware *
dell xps_13_9310_firmware *
dell xps_13_9320_firmware *
dell precision_7865_tower_firmware *
dell precision_7710_firmware *
dell latitude_5580_firmware *
dell latitude_3120_firmware *
dell latitude_7410_firmware *
dell xps_13_9315_2-in-1_firmware *
dell inspiron_5598_firmware *
dell latitude_3189_firmware *
dell inspiron_7791_firmware *
dell precision_3460_small_form_factor_firmware *
dell precision_5750_firmware *
dell vostro_3681_firmware *
dell vostro_5320_firmware *
dell inspiron_5491_2-in-1_firmware *
dell vostro_7620_firmware *
dell inspiron_15_3511_firmware *
dell latitude_9330_firmware *
dell optiplex_3080_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell latitude_3590_firmware *
dell g16_7620_firmware *
dell inspiron_5402_firmware *
dell precision_7520_firmware *
dell latitude_3400_firmware *
dell latitude_5531_firmware *
dell latitude_3180_firmware *
dell g5_15_5500_firmware *
dell vostro_5620_firmware *
dell latitude_5500_firmware *
dell latitude_5330_firmware *
dell inspiron_5391_firmware *
dell inspiron_5501_firmware *
dell optiplex_5000_firmware *
dell g7_17_7700_firmware *
dell wyse_5070_firmware *
dell inspiron_5594_firmware *
dell chengming_3990_firmware *
dell inspiron_5301_firmware *
dell alienware_x17_r2_firmware *
dell precision_3660_firmware *
dell vostro_3584_firmware *
dell inspiron_3881_firmware *
dell vostro_5090_firmware *
dell optiplex_7460_all-in-one_firmware *
dell alienware_aurora_r12_firmware *
dell g3_15_3590_firmware *
dell optiplex_7090_ultra_firmware *
dell inspiron_14_plus_7420_firmware *
dell inspiron_5570_firmware *
dell precision_3550_firmware *
dell vostro_5410_firmware *
dell inspiron_7300_2-in-1_firmware *
dell optiplex_3280_all-in-one_firmware *
dell optiplex_5480_all-in-one_firmware *
dell precision_5470_firmware *
dell latitude_3530_firmware *
dell latitude_7330_firmware *
dell precision_3930_rack_firmware *
dell xps_15_7590_firmware *
dell inspiron_3490_firmware *
dell optiplex_7760_all-in-one_firmware *
dell inspiron_15_5518_firmware *
dell g5_5000_firmware *
dell precision_7540_firmware *
dell latitude_5289_firmware *
dell chengming_3988_firmware *
dell latitude_5280_firmware *
dell inspiron_5410_firmware *
dell vostro_3510_firmware *
dell xps_13_9305_firmware *
dell optiplex_7770_all-in-one_firmware *
dell inspiron_5408_firmware *
dell inspiron_3502_firmware *
dell inspiron_7590_firmware *
dell inspiron_5620_firmware *
dell latitude_7490_firmware *
dell inspiron_3493_firmware *
dell alienware_m16_firmware *
dell latitude_3480_firmware *
dell latitude_3310_2-in-1_firmware *
dell vostro_3590_firmware *
dell inspiron_7710_firmware *
dell optiplex_5250_firmware *
dell inspiron_3510_firmware *
dell latitude_5410_firmware *
dell vostro_5391_firmware *
dell optiplex_7400_firmware *
dell optiplex_7410_all-in-one_firmware *
dell latitude_3430_firmware *
dell inspiron_5401_firmware *
dell optiplex_7470_all-in-one_firmware *
dell optiplex_3050_all-in-one_firmware *
dell alienware_m15_r2_firmware *
dell latitude_5411_firmware *
dell g5_5090_firmware *
dell optiplex_3060_firmware *
dell inspiron_3581_firmware *
dell optiplex_xe3_firmware *
dell precision_3570_firmware *
dell inspiron_5590_firmware *
dell precision_5540_firmware *
dell embedded_box_pc_5000_firmware *
dell precision_7730_firmware *
dell inspiron_7501_firmware *
dell vostro_7510_firmware *
dell latitude_5490_firmware *
dell precision_5720_aio_firmware *
dell latitude_5520_firmware *
dell precision_3561_firmware *
dell inspiron_5508_firmware *
dell vostro_3881_firmware *
dell inspiron_5509_firmware *
dell inspiron_16_7630_2-in-1_firmware *
dell latitude_5521_firmware *
dell vostro_5401_firmware *
dell inspiron_3020s_firmware *
dell vostro_3500_firmware *
dell vostro_3501_firmware *
dell optiplex_5080_firmware *
dell latitude_5420_firmware *
dell alienware_aurora_r11_firmware *
dell inspiron_7490_firmware *
dell inspiron_5400_2-in-1_firmware *
dell inspiron_14_5410_firmware *
dell inspiron_3891_firmware *
dell latitude_7200_2-in-1_firmware *
dell inspiron_3910_firmware *
dell inspiron_14_5430_firmware *
dell precision_3620_tower_firmware *
dell precision_7770_firmware *
dell latitude_5288_firmware *
dell latitude_3300_firmware *
dell vostro_3667_firmware *
dell inspiron_5494_firmware *
dell vostro_3020_sff_firmware *
dell optiplex_5070_firmware *
dell inspiron_3520_firmware *
dell inspiron_3480_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_7212_rugged_extreme_tablet_firmware *
dell latitude_5501_firmware *
dell vostro_3910_firmware *
dell inspiron_5320_firmware *
dell latitude_7390_firmware *
dell vostro_3520_firmware *
dell inspiron_16_5630_firmware *
dell inspiron_5490_aio_firmware *
dell inspiron_7300_firmware *
dell optiplex_7070_ultra_firmware *
dell optiplex_7080_firmware *
dell inspiron_7400_firmware *
dell inspiron_24_5420_all-in-one_firmware *
dell latitude_3420_firmware *
dell inspiron_5770_firmware *
dell inspiron_3793_firmware *
dell optiplex_7090_firmware *
dell inspiron_7790_firmware *
dell latitude_7230_rugged_extreme_tablet_firmware *
dell alienware_area_51m_r2_firmware *
dell latitude_3190_firmware *
dell chengming_3991_firmware *
dell xps_13_9300_firmware *
dell alienware_x17_r1_firmware *
dell latitude_5424_rugged_firmware *
dell precision_5550_firmware *
dell inspiron_7706_2-in-1_firmware *
dell latitude_5300_2-in-1_firmware *
dell vostro_5880_firmware *
dell alienware_m15_r7_firmware *
dell inspiron_5401_aio_firmware *
dell latitude_5400_firmware *
dell latitude_5310_firmware *
dell g7_17_7790_firmware *
dell optiplex_7060_firmware *
dell vostro_3268_firmware *
dell inspiron_14_5418_firmware *
dell vostro_3583_firmware *
dell precision_3540_firmware *
dell chengming_3900_firmware *
dell latitude_3140_firmware *
dell vostro_16_5630_firmware *
dell vostro_3480_firmware *
dell xps_8950_firmware *
dell optiplex_5270_all-in-one_firmware *
dell latitude_5430_firmware *
dell inspiron_5491_aio_firmware *
dell precision_7670_firmware *
dell inspiron_3782_firmware *
dell optiplex_small_form_factor_plus_7010_firmware *
dell precision_7920_tower_firmware *
dell inspiron_14_7430_2-in-1_firmware *
dell inspiron_3670_firmware *
dell chengming_3910_firmware *
dell latitude_5285_2-in-1_firmware *
dell inspiron_16_plus_7620_firmware *
dell inspiron_3471_firmware *
dell chengming_3901_firmware *
dell vostro_5301_firmware *
dell latitude_3190_2-in-1_firmware *
dell precision_3541_firmware *
dell precision_5770_firmware *
dell g3_3579_firmware *
dell latitude_5480_firmware *
dell precision_7720_firmware *
dell optiplex_5400_firmware *
dell latitude_3500_firmware *
dell vostro_3267_firmware *
dell inspiron_24_5421_all-in-one_firmware *
dell latitude_5421_firmware *
dell inspiron_3780_firmware *
dell vostro_3671_firmware *
dell vostro_5890_firmware *
dell xps_13_7390_2-in-1_firmware *
dell optiplex_7000_oem_firmware *
dell inspiron_3521_firmware *
dell precision_3640_tower_firmware *
dell xps_15_9575_2-in-1_firmware *
dell optiplex_5490_all-in-one_firmware *
dell latitude_7310_firmware *
dell vostro_5590_firmware *
dell g15_5530_firmware *
dell alienware_area_51m_r1_firmware *
dell latitude_13_3380_firmware *
dell latitude_12_rugged_extreme_7214_firmware *
dell vostro_5310_firmware *
dell optiplex_3070_firmware *
dell chengming_3911_firmware *
dell latitude_9430_firmware *
dell latitude_7285_2-in-1_firmware *
dell precision_7530_firmware *
dell precision_5520_firmware *
dell latitude_7400_firmware *
dell wyse_5470_firmware *
dell vostro_5402_firmware *
dell vostro_3581_firmware *
dell latitude_7430_firmware *
dell alienware_m17_r3_firmware *
dell latitude_5591_firmware *
dell vostro_7500_firmware *
dell vostro_7590_firmware *
dell inspiron_3580_firmware *
dell inspiron_5490_firmware *
dell latitude_3390_2-in-1_firmware *
dell latitude_5420_rugged_firmware *
dell xps_8960_firmware *
dell latitude_5488_firmware *
dell latitude_3330_firmware *
dell vostro_3401_firmware *
dell latitude_5511_firmware *
dell precision_3530_firmware *
dell inspiron_3501_firmware *
dell g15_5510_firmware *
dell alienware_aurora_r13_firmware *
dell latitude_5590_firmware *
dell optiplex_5090_firmware *
dell optiplex_7050_firmware *
dell xps_13_7390_firmware *
dell inspiron_7391_firmware *
dell wyse_7040_thin_client_firmware *
dell vostro_3668_firmware *
dell inspiron_3511_firmware *
dell optiplex_7450_firmware *
dell inspiron_3584_firmware *
dell xps_8940_firmware *
dell inspiron_7500_firmware *
dell inspiron_15_5510_firmware *
dell optiplex_tower_plus_7010_firmware *
dell alienware_m15_r3_firmware *
dell vostro_3669_firmware *
dell inspiron_3481_firmware *
dell inspiron_5498_firmware *
dell inspiron_27_7720_all-in-one_firmware *
dell vostro_5490_firmware *
dell g15_5520_firmware *
dell inspiron_13_5330_firmware *
dell latitude_3310_firmware *
dell latitude_3301_firmware *
CVE-2023-28062

Dell PPDM versions 19.12, 19.11 and 19.10, contain an improper access control vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability to bypass intended access restrictions and perform unauthorized actions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
dell powerprotect_data_manager 19.10
dell powerprotect_data_manager 19.12
dell powerprotect_data_manager 19.11
CVE-2023-28063

Dell BIOS contains a Signed to Unsigned Conversion Error vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell chengming_3900_firmware -
dell inspiron_5590_firmware -
dell inspiron_15_3511_firmware -
dell optiplex_5490_all-in-one_firmware -
dell latitude_3300_firmware -
dell inspiron_14_5410_firmware -
dell latitude_7320_firmware -
dell vostro_3420_firmware -
dell optiplex_3090_firmware -
dell vostro_5620_firmware -
dell optiplex_5000_tower_firmware -
dell inspiron_13_5320_firmware -
dell inspiron_5620_firmware -
dell xps_15_7590_firmware -
dell precision_7560_firmware -
dell inspiron_5400_2-in-1_firmware -
dell inspiron_5300_firmware -
dell precision_3571_firmware -
dell optiplex_xe4_firmware -
dell latitude_rugged_7220_firmware -
dell latitude_7400_firmware -
dell inspiron_7500_firmware -
dell optiplex_micro_7010_firmware -
dell latitude_5591_firmware -
dell optiplex_7090_firmware -
dell inspiron_3493_firmware -
dell xps_17_9720_firmware -
dell xps_13_9315_firmware -
dell inspiron_3501_firmware -
dell inspiron_5401_firmware -
dell xps_13_9310_firmware -
dell vostro_3681_firmware -
dell optiplex_3000_tower_firmware -
dell inspiron_5498_firmware -
dell inspiron_3511_firmware -
dell latitude_3400_firmware -
dell vostro_5502_firmware -
dell g15_5510_firmware -
dell inspiron_5401_aio_firmware -
dell precision_7770_firmware -
dell latitude_7390_firmware -
dell precision_7550_firmware -
dell chengming_3990_firmware -
dell latitude_7230_rugged_extreme_tablet_firmware -
dell precision_3260_compact_firmware -
dell inspiron_5402_firmware -
dell precision_7750_firmware -
dell g3_3500_firmware -
dell g7_15_7500_firmware -
dell vostro_5301_firmware -
dell vostro_5591_firmware -
dell optiplex_tower_plus_7010_firmware -
dell latitude_5431_firmware -
dell latitude_7430_firmware -
dell precision_3530_firmware -
dell latitude_5590_firmware -
dell optiplex_7000_xe_micro_firmware -
dell latitude_3140_firmware -
dell latitude_5511_firmware -
dell inspiron_3490_firmware -
dell optiplex_micro_plus_7010_firmware -
dell precision_5770_firmware -
dell g5_15_5590_firmware -
dell latitude_5500_firmware -
dell latitude_rugged_7220ex_firmware -
dell inspiron_14_5418_firmware -
dell precision_3550_firmware -
dell optiplex_5090_tower_firmware -
dell inspiron_5406_2-in-1_firmware -
dell optiplex_3090_ultra_firmware -
dell vostro_5410_firmware -
dell xps_17_9710_firmware -
dell precision_3260_xe_compact_firmware -
dell inspiron_5409_firmware -
dell latitude_7400_2-in-1_firmware -
dell latitude_9330_firmware -
dell inspiron_5410_firmware -
dell inspiron_5501_firmware -
dell latitude_3330_firmware -
dell xps_13_9305_firmware -
dell precision_7540_firmware -
dell latitude_9410_firmware -
dell vostro_3910_firmware -
dell xps_17_9700_firmware -
dell latitude_7320_detachable_firmware -
dell vostro_7510_firmware -
dell optiplex_5000_micro_firmware -
dell vostro_3520_firmware -
dell precision_3650_tower_firmware -
dell inspiron_5509_firmware -
dell latitude_3530_firmware -
dell latitude_3310_firmware -
dell inspiron_7000_firmware -
dell latitude_3500_firmware -
dell latitude_rugged_7330_firmware -
dell precision_3470_firmware -
dell inspiron_5490_firmware -
dell xps_8940_firmware -
dell precision_3540_firmware -
dell precision_7740_firmware -
dell g5_5000_firmware -
dell inspiron_7791_firmware -
dell vostro_3690_firmware -
dell precision_7670_firmware -
dell optiplex_5480_all-in-one_firmware -
dell inspiron_5408_firmware -
dell inspiron_7400_firmware -
dell xps_13_9315_2-in-1_firmware -
dell vostro_5590_firmware -
dell optiplex_7400_all-in-one_firmware -
dell inspiron_24_5410_all-in-one_firmware -
dell latitude_3410_firmware -
dell latitude_3510_firmware -
dell latitude_9430_firmware -
dell precision_3440_firmware -
dell latitude_9520_firmware -
dell precision_7730_firmware -
dell precision_5530_2-in-1_firmware -
dell vostro_3400_firmware -
dell latitude_3120_firmware -
dell vostro_3590_firmware -
dell latitude_5520_firmware -
dell latitude_3420_firmware -
dell inspiron_5310_firmware -
dell latitude_5420_firmware -
dell vostro_3510_firmware -
dell optiplex_3000_small_form_factor_firmware -
dell inspiron_7610_firmware -
dell latitude_3310_2-in-1_firmware -
dell vostro_3020_small_desktop_firmware -
dell precision_3541_firmware -
dell vostro_5510_firmware -
dell optiplex_7000_tower_firmware -
dell xps_13_9310_2-in-1_firmware -
dell vostro_5880_firmware -
dell inspiron_5591_2-in-1_firmware -
dell precision_3450_firmware -
dell xps_15_9575_2-in-1_firmware -
dell latitude_7424_rugged_extreme_firmware -
dell latitude_5501_firmware -
dell precision_7530_firmware -
dell inspiron_3881_firmware -
dell xps_15_9520_firmware -
dell precision_5470_firmware -
dell optiplex_5080_firmware -
dell precision_5560_firmware -
dell precision_3551_firmware -
dell chengming_3910_firmware -
dell latitude_7520_firmware -
dell precision_3561_firmware -
dell optiplex_5090_small_form_factor_firmware -
dell chengming_3901_firmware -
dell vostro_5391_firmware -
dell optiplex_3000_micro_firmware -
dell g15_5520_firmware -
dell inspiron_14_plus_7420_firmware -
dell inspiron_5301_firmware -
dell vostro_5402_firmware -
dell precision_3660_firmware -
dell inspiron_7510_firmware -
dell latitude_7310_firmware -
dell inspiron_14_7420_2-in-1_firmware -
dell chengming_3991_firmware -
dell latitude_7210_2-in-1_firmware -
dell vostro_5490_firmware -
dell optiplex_small_form_factor_7010_firmware -
dell precision_5750_firmware -
dell vostro_3020_tower_desktop_firmware -
dell latitude_7420_firmware -
dell latitude_7330_firmware -
dell xps_15_9510_firmware -
dell latitude_5411_firmware -
dell latitude_7490_firmware -
dell precision_3560_firmware -
dell inspiron_7590_firmware -
dell latitude_7290_firmware -
dell xps_15_9500_firmware -
dell inspiron_5491_2-in-1_firmware -
dell precision_5550_firmware -
dell latitude_3520_firmware -
dell inspiron_16_7620_2-in-1_firmware -
dell inspiron_7300_2-in-1_firmware -
dell latitude_9420_firmware -
dell optiplex_7090_ultra_firmware -
dell inspiron_7501_firmware -
dell optiplex_7000_small_form_factor_firmware -
dell vostro_3890_firmware -
dell g7_15_7590_firmware -
dell optiplex_5400_all-in-one_firmware -
dell latitude_5300_2-in-1_firmware -
dell xps_13_7390_firmware -
dell optiplex_7480_all-in-one_firmware -
dell inspiron_16_plus_7620_firmware -
dell latitude_5300_firmware -
dell latitude_5310_2-in-1_firmware -
dell vostro_3500_firmware -
dell inspiron_3910_firmware -
dell latitude_rugged_5430_firmware -
dell optiplex_7780_all-in-one_firmware -
dell latitude_5290_2-in-1_firmware -
dell vostro_5320_firmware -
dell latitude_7410_firmware -
dell xps_13_9300_firmware -
dell latitude_3430_firmware -
dell latitude_5400_firmware -
dell inspiron_5400_firmware -
dell xps_13_7390_2-in-1_firmware -
dell precision_3570_firmware -
dell latitude_3190_2-in-1_firmware -
dell inspiron_27_7710_all-in-one_firmware -
dell g7_17_7790_firmware -
dell latitude_7200_2-in-1_firmware -
dell inspiron_3520_firmware -
dell inspiron_3880_firmware -
dell optiplex_5090_micro_firmware -
dell inspiron_24_5411_all-in-one_firmware -
dell inspiron_15_5510_firmware -
dell vostro_5310_firmware -
dell latitude_5530_firmware -
dell latitude_7300_firmware -
dell inspiron_5391_firmware -
dell latitude_5490_firmware -
dell latitude_5531_firmware -
dell latitude_5290_firmware -
dell precision_5570_firmware -
dell inspiron_3593_firmware -
dell precision_7760_firmware -
dell latitude_5495_firmware -
dell latitude_5320_firmware -
dell vostro_5890_firmware -
dell vostro_3710_firmware -
dell g15_5511_firmware -
dell vostro_5401_firmware -
dell inspiron_3891_firmware -
dell xps_13_9380_firmware -
dell latitute_5421_firmware -
dell inspiron_7506_2-in-1_firmware -
dell latitude_5310_firmware -
dell precision_3460_small_form_factor_firmware -
dell latitude_5424_rugged_firmware -
dell precision_3640_tower_firmware -
dell inspiron_7306_2-in-1_firmware -
dell latitude_5420_rugged_firmware -
dell inspiron_5502_firmware -
dell latitude_5521_firmware -
dell inspiron_7490_firmware -
dell xps_13_plus_9320_firmware -
dell precision_3460_xe_small_form_factor_firmware -
dell alienware_m15_r6_firmware -
dell inspiron_14_5420_firmware -
dell optiplex_3080_firmware -
dell vostro_3881_firmware -
dell inspiron_7700_all-in-one_firmware -
dell optiplex_3280_all-in-one_firmware -
dell vostro_5501_firmware -
dell optiplex_small_form_factor_plus_7010_firmware -
dell precision_7865_tower_firmware -
dell latitude_3320_firmware -
dell inspiron_7591_firmware -
dell g7_17_7700_firmware -
dell optiplex_5000_small_form_factor_firmware -
dell optiplex_tower_7010_firmware -
dell inspiron_7500_2-in-1_black_firmware -
dell vostro_7500_firmware -
dell optiplex_7080_firmware -
dell optiplex_7000_micro_firmware -
dell latitude_5430_firmware -
dell optiplex_7490_all-in-one_firmware -
dell latitude_5401_firmware -
dell latitude_9510_firmware -
dell vostro_5300_firmware -
dell inspiron_3020_desktop_firmware -
dell latitude_5330_firmware -
dell latitude_7530_firmware -
dell optiplex_all-in-one_7410_firmware -
dell precision_5760_firmware -
dell latitude_5410_firmware -
dell latitude_5510_firmware -
dell vostro_7620_firmware -
dell latitude_5491_firmware -
dell alienware_m15_r7_firmware -
dell inspiron_3020_small_desktop_firmware -
dell optiplex_xe4_oemready_firmware -
dell chengming_3911_firmware -
dell latitude_7390_2-in-1_firmware -
dell optiplex_3000_thin_client_firmware -
dell inspiron_7391_firmware -
dell inspiron_15_5518_firmware -
dell inspiron_5508_firmware -
dell vostro_7590_firmware -
dell inspiron_5598_firmware -
CVE-2023-28064

Dell BIOS contains an Out-of-bounds Write vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability, leading to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 3.5 LOW CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 0.9 2.5

Products Affected

Vendor Product Version
dell inspiron_5310_firmware *
dell vostro_5510_firmware *
dell vostro_7510_firmware *
dell inspiron_5410_firmware *
dell latitude_3120_firmware *
dell xps_13_9315_2-in-1_firmware *
dell vostro_3510_firmware *
dell latitude_5520_firmware *
dell vostro_5310_firmware *
dell inspiron_14_5418_firmware *
dell vostro_5320_firmware *
dell vostro_7620_firmware *
dell inspiron_15_3511_firmware *
dell inspiron_5620_firmware *
dell chengming_3900_firmware *
dell xps_17_9720_firmware *
dell latitude_rugged_7330_firmware *
dell xps_17_9710_firmware *
dell latitude_3520_firmware *
dell latitude_7430_firmware *
dell inspiron_14_5410_firmware *
dell inspiron_3891_firmware *
dell inspiron_3910_firmware *
dell latitude_5531_firmware *
dell vostro_5620_firmware *
dell inspiron_5420_firmware *
dell latitude_3330_firmware *
dell optiplex_3000_firmware *
dell latitude_5330_firmware *
dell inspiron_16_plus_7620_firmware *
dell optiplex_5000_firmware *
dell chengming_3901_firmware *
dell g15_5510_firmware *
dell inspiron_3520_firmware *
dell optiplex_7400_firmware *
dell optiplex_7410_all-in-one_firmware *
dell latitude_rugged_5430_firmware *
dell precision_5770_firmware *
dell inspiron_7610_firmware *
dell vostro_3910_firmware *
dell inspiron_5320_firmware *
dell latitude_3320_firmware *
dell latitude_3430_firmware *
dell vostro_3520_firmware *
dell inspiron_3511_firmware *
dell vostro_3420_firmware *
dell optiplex_5400_firmware *
dell inspiron_15_5510_firmware *
dell inspiron_14_plus_7420_firmware *
dell latitude_3420_firmware *
dell latitude_5320_firmware *
dell alienware_m15_r6_firmware *
dell vostro_5410_firmware *
dell latitude_5530_firmware *
dell latitude_7530_firmware *
dell precision_3571_firmware *
dell latitude_3530_firmware *
dell precision_5760_firmware *
dell latitude_7330_firmware *
dell g15_5520_firmware *
dell precision_3560_firmware *
dell inspiron_7510_firmware *
dell precision_3570_firmware *
dell g15_5511_firmware *
dell optiplex_7000_oem_firmware *
dell inspiron_15_5518_firmware *
dell optiplex_7000_firmware *
dell inspiron_7420_firmware *
dell inspiron_16_7620_2-in-1_firmware *
dell alienware_m15_r7_firmware *
CVE-2023-28065

Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability leading to privilege escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell update *
dell command_update *
dell alienware_update *
CVE-2023-28066

Dell OS Recovery Tool, versions 2.2.4013 and 2.3.7012.0, contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability in order to elevate privileges on the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

Products Affected

Vendor Product Version
dell os_recovery_tool 2.2.4013
dell os_recovery_tool 2.3.7012.0
CVE-2023-28068

Dell Command Monitor, versions 10.9 and prior, contains an improper folder permission vulnerability. A local authenticated malicious user can potentially exploit this vulnerability leading to privilege escalation by writing to a protected directory when Dell Command Monitor is installed to a non-default path

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

Products Affected

Vendor Product Version
dell command_|_monitor *
CVE-2023-28069

Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. A remote unauthenticated attacker can phish the legitimate user to redirect to malicious website leading to information disclosure and launch of phishing attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N 2.8 4.2
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
dell streaming_data_platform *
CVE-2023-28070

Alienware Command Center Application, versions 5.5.43.0 and prior, contain an improper access control vulnerability. A local malicious user could potentially exploit this vulnerability during installation or update process leading to privilege escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell alienware_command_center *
CVE-2023-28071

Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.3 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H 1.0 5.2

Products Affected

Vendor Product Version
dell update *
dell command_update 4.9.0
dell command_update *
dell update 4.9.0
dell alienware_update *
dell alienware_update 4.9.0
CVE-2023-28072

Dell Alienware Command Center, versions prior to 5.5.51.0, contain a deserialization of untrusted data vulnerability. A local malicious user could potentially send specially crafted requests to the .NET Remoting server to run arbitrary code on the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell alienware_command_center *
CVE-2023-28073

Dell BIOS contains an improper authentication vulnerability. A locally authenticated malicious user may potentially exploit this vulnerability by bypassing certain authentication mechanisms in order to elevate privileges on the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0

Products Affected

Vendor Product Version
dell latitude_5530_firmware *
dell precision_3570_firmware *
CVE-2023-28075

Dell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS. A local authenticated malicious user with physical access to the system could potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI in order to gain arbitrary code execution on the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.9 MEDIUM CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.3 6.0
nvd@nist.gov 6.3 MEDIUM CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 0.4 5.9

Products Affected

Vendor Product Version
dell optiplex_3090_firmware *
dell precision_7540_firmware *
dell optiplex_7480_all-in-one_firmware *
dell latitude_5280_firmware *
dell inspiron_5410_firmware *
dell inspiron_3593_firmware *
dell vostro_3510_firmware *
dell xps_13_9305_firmware *
dell inspiron_5593_firmware *
dell optiplex_7770_all-in-one_firmware *
dell vostro_3710_firmware *
dell inspiron_7590_firmware *
dell precision_3470_firmware *
dell latitude_7390_2-in-1_firmware *
dell inspiron_5400_firmware *
dell optiplex_7400_all-in-one_firmware *
dell latitude_7490_firmware *
dell latitude_7210_2-in-1_firmware *
dell inspiron_3493_firmware *
dell alienware_m16_firmware *
dell precision_3520_firmware *
dell latitude_7520_firmware *
dell latitude_3310_2-in-1_firmware *
dell xps_15_9520_firmware *
dell inspiron_7700_all-in-one_firmware *
dell g7_15_7500_firmware *
dell latitude_7480_firmware *
dell optiplex_5250_firmware *
dell precision_3630_tower_firmware *
dell precision_7820_tower_firmware *
dell inspiron_7591_firmware *
dell optiplex_7490_all-in-one_firmware *
dell g5_15_5590_firmware *
dell optiplex_7410_all-in-one_firmware *
dell latitude_9510_firmware *
dell inspiron_7610_firmware *
dell g7_15_7590_firmware *
dell latitude_3430_firmware *
dell optiplex_7470_all-in-one_firmware *
dell optiplex_3050_all-in-one_firmware *
dell optiplex_xe4_firmware *
dell optiplex_5400_all-in-one_firmware *
dell optiplex_5260_all-in-one_firmware *
dell edge_gateway_5000_firmware *
dell latitude_9410_firmware *
dell precision_3240_compact_firmware *
dell precision_5530_firmware *
dell vostro_3070_firmware *
dell latitude_5411_firmware *
dell inspiron_3781_firmware *
dell precision_5820_tower_firmware *
dell inspiron_3581_firmware *
dell inspiron_7510_firmware *
dell g3_3500_firmware *
dell vostro_3580_firmware *
dell inspiron_7500_2-in-1_black_firmware *
dell precision_5540_firmware *
dell embedded_box_pc_5000_firmware *
dell inspiron_7501_firmware *
dell vostro_7510_firmware *
dell latitude_rugged_7220_firmware *
dell precision_5720_aio_firmware *
dell inspiron_3880_firmware *
dell latitude_5431_firmware *
dell vostro_3881_firmware *
dell latitude_7380_firmware *
dell latitude_5420_firmware *
dell latitude_7420_firmware *
dell latitude_rugged_7330_firmware *
dell inspiron_7490_firmware *
dell precision_3551_firmware *
dell inspiron_14_5410_firmware *
dell inspiron_3891_firmware *
dell latitude_7200_2-in-1_firmware *
dell inspiron_3910_firmware *
dell optiplex_7070_firmware *
dell latitude_5288_firmware *
dell precision_7740_firmware *
dell vostro_3890_firmware *
dell vostro_3020_sff_firmware *
dell vostro_3470_firmware *
dell inspiron_5493_firmware *
dell precision_3650_tower_firmware *
dell inspiron_3480_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_9520_firmware *
dell latitude_rugged_5430_firmware *
dell wyse_5470_all-in-one_firmware *
dell precision_5530_2-in-1_firmware *
dell vostro_3910_firmware *
dell latitude_7300_firmware *
dell latitude_3320_firmware *
dell xps_13_9380_firmware *
dell latitude_7390_firmware *
dell vostro_3670_firmware *
dell inspiron_5490_aio_firmware *
dell optiplex_7070_ultra_firmware *
dell optiplex_7080_firmware *
dell vostro_3888_firmware *
dell inspiron_24_5420_all-in-one_firmware *
dell precision_5860_tower_firmware *
dell inspiron_3793_firmware *
dell optiplex_7090_firmware *
dell inspiron_7790_firmware *
dell precision_7750_firmware *
dell latitude_7230_rugged_extreme_tablet_firmware *
dell latitude_3190_firmware *
dell chengming_3991_firmware *
dell xps_13_9300_firmware *
dell latitude_5424_rugged_firmware *
dell latitude_rugged_7220ex_firmware *
dell latitude_5300_2-in-1_firmware *
dell precision_7960_tower_firmware *
dell optiplex_7000_firmware *
dell xps_13_9315_firmware *
dell vostro_3020_t_firmware *
dell inspiron_3470_firmware *
dell alienware_m15_r7_firmware *
dell vostro_5510_firmware *
dell inspiron_5401_aio_firmware *
dell inspiron_3020_desktop_firmware *
dell latitude_5400_firmware *
dell latitude_5310_firmware *
dell g7_17_7790_firmware *
dell optiplex_7060_firmware *
dell inspiron_14_5418_firmware *
dell vostro_3690_firmware *
dell vostro_3583_firmware *
dell precision_7550_firmware *
dell precision_3540_firmware *
dell chengming_3900_firmware *
dell latitude_3140_firmware *
dell vostro_3480_firmware *
dell optiplex_5270_all-in-one_firmware *
dell precision_3450_firmware *
dell latitude_5430_firmware *
dell inspiron_5491_aio_firmware *
dell latitude_7400_2-in-1_firmware *
dell optiplex_small_form_factor_plus_7010_firmware *
dell optiplex_3000_thin_client_firmware *
dell latitude_7280_firmware *
dell latitude_7290_firmware *
dell optiplex_micro_plus_7010_firmware *
dell latitude_5300_firmware *
dell precision_7920_tower_firmware *
dell precision_3260_compact_firmware *
dell latitude_7320_firmware *
dell optiplex_3000_firmware *
dell inspiron_3670_firmware *
dell chengming_3910_firmware *
dell alienware_m18_firmware *
dell latitude_5285_2-in-1_firmware *
dell xps_13_9310_2-in-1_firmware *
dell chengming_3901_firmware *
dell inspiron_3583_firmware *
dell edge_gateway_3000_firmware *
dell latitude_3190_2-in-1_firmware *
dell latitude_3340_firmware *
dell latitude_5480_firmware *
dell precision_5570_firmware *
dell optiplex_7780_all-in-one_firmware *
dell vostro_5491_firmware *
dell precision_7720_firmware *
dell latitude_3500_firmware *
dell inspiron_24_5421_all-in-one_firmware *
dell vostro_5591_firmware *
dell vostro_3481_firmware *
dell inspiron_3780_firmware *
dell latitude_5290_2-in-1_firmware *
dell vostro_5890_firmware *
dell xps_13_7390_2-in-1_firmware *
dell chengming_3980_firmware *
dell precision_3640_tower_firmware *
dell xps_15_9575_2-in-1_firmware *
dell xps_13_9310_firmware *
dell optiplex_5490_all-in-one_firmware *
dell latitude_7310_firmware *
dell latitude_5580_firmware *
dell latitude_3120_firmware *
dell latitude_7410_firmware *
dell chengming_3911_firmware *
dell latitude_3189_firmware *
dell latitude_7285_2-in-1_firmware *
dell precision_3460_small_form_factor_firmware *
dell vostro_3681_firmware *
dell precision_5520_firmware *
dell latitude_7400_firmware *
dell wyse_5470_firmware *
dell inspiron_15_3511_firmware *
dell latitude_9330_firmware *
dell vostro_3581_firmware *
dell latitude_3540_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell vostro_7500_firmware *
dell vostro_7590_firmware *
dell inspiron_3580_firmware *
dell g16_7620_firmware *
dell precision_7520_firmware *
dell precision_3460_xe_small_form_factor_firmware *
dell latitude_3400_firmware *
dell precision_3260_xe_compact_firmware *
dell latitude_3180_firmware *
dell g5_15_5500_firmware *
dell latitude_5420_rugged_firmware *
dell latitude_5500_firmware *
dell latitude_5488_firmware *
dell embedded_box_pc_3000_firmware *
dell latitude_3330_firmware *
dell latitude_5511_firmware *
dell optiplex_5000_firmware *
dell g7_17_7700_firmware *
dell latitude_3440_firmware *
dell optiplex_5090_firmware *
dell chengming_3990_firmware *
dell xps_13_7390_firmware *
dell precision_3660_firmware *
dell vostro_3584_firmware *
dell inspiron_3881_firmware *
dell inspiron_3511_firmware *
dell optiplex_7450_firmware *
dell optiplex_7460_all-in-one_firmware *
dell inspiron_3584_firmware *
dell inspiron_7500_firmware *
dell inspiron_15_5510_firmware *
dell optiplex_tower_plus_7010_firmware *
dell vostro_5410_firmware *
dell precision_5680_firmware *
dell inspiron_3481_firmware *
dell inspiron_7300_2-in-1_firmware *
dell optiplex_3280_all-in-one_firmware *
dell optiplex_5480_all-in-one_firmware *
dell precision_5470_firmware *
dell inspiron_27_7720_all-in-one_firmware *
dell latitude_3530_firmware *
dell precision_3930_rack_firmware *
dell g15_5520_firmware *
dell xps_15_7590_firmware *
dell optiplex_7760_all-in-one_firmware *
dell latitude_3310_firmware *
dell inspiron_15_5518_firmware *
dell inspiron_3020_small_desktop_firmware *
dell latitude_3301_firmware *
CVE-2023-28076

CloudLink 7.1.2 and all prior versions contain a broken or risky cryptographic algorithm vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability leading to some information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

Products Affected

Vendor Product Version
dell cloudlink *
CVE-2023-28077

Dell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 7.1 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6

Products Affected

Vendor Product Version
dell bsafe_ssl-j *
CVE-2023-28078

Dell OS10 Networking Switches running 10.5.2.x and above contain a vulnerability with zeroMQ when VLT is configured. A remote unauthenticated attacker could potentially exploit this vulnerability leading to information disclosure and a possible Denial of Service when a huge number of requests are sent to the switch. This is a high severity vulnerability as it allows an attacker to view sensitive data. Dell recommends customers to upgrade at the earliest opportunity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

Products Affected

Vendor Product Version
dell smartfabric_os10 *
dell smartfabric_os10 10.5.5.3
dell smartfabric_os10 10.5.5.1
dell smartfabric_os10 10.5.5.0
dell smartfabric_os10 10.5.5.2
CVE-2023-28079

PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains Insecure File and Folder Permissions vulnerability. A regular user (non-admin) can exploit the weak folder and file permissions to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

Products Affected

Vendor Product Version
dell powerpath 7.0
dell powerpath 7.1
dell powerpath 7.2
CVE-2023-28080

PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains DLL Hijacking Vulnerabilities. A regular user (non-admin) can exploit these issues to potentially escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell powerpath 7.0
dell powerpath 7.1
dell powerpath 7.2
CVE-2023-3039

SD ROM Utility, versions prior to 1.0.2.0 contain an Improper Access Control vulnerability. A low-privileged malicious user may potentially exploit this vulnerability to perform arbitrary code execution with limited access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

Products Affected

Vendor Product Version
dell sd_rom_utility *
CVE-2023-32446

Dell Wyse ThinOS versions prior to 2303 (9.4.1141) contain a sensitive information disclosure vulnerability. An unauthenticated malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
dell wyse_thinos 9.4.1141
CVE-2023-32447

Dell Wyse ThinOS versions prior to 2306 (9.4.2103) contain a sensitive information disclosure vulnerability. A malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
dell wyse_thinos *
CVE-2023-32448

PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains License Key Stored in Cleartext vulnerability. A local user with access to the installation directory can retrieve the license key of the product and use it to install and license PowerPath on different systems.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
dell powerpath 7.0
dell powerpath 7.1
dell powerpath 7.2
CVE-2023-32449

Dell PowerStore versions prior to 3.5 contain an improper verification of cryptographic signature vulnerability. An attacker can trick a high privileged user to install a malicious binary by bypassing the existing cryptographic signature checks

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.2 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H 0.6 6.0

Products Affected

Vendor Product Version
dell powerstoret_os *
CVE-2023-32450

Dell Power Manager, Versions 3.3 to 3.14 contains an Improper Access Control vulnerability. A low-privileged malicious user may potentially exploit this vulnerability to perform arbitrary code execution with limited access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H 1.8 4.2

Products Affected

Vendor Product Version
dell power_manager *
CVE-2023-32451

Dell Display Manager application, version 2.1.1.17, contains a vulnerability that low privilege user can execute malicious code during installation and uninstallation

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

Products Affected

Vendor Product Version
dell display_manager *
CVE-2023-32453

Dell BIOS contains an improper authentication vulnerability. A malicious user with physical access to the system may potentially exploit this vulnerability in order to modify a security-critical UEFI variable without knowledge of the BIOS administrator.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.9 LOW CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N 0.3 3.6
security_alert@emc.com 4.6 MEDIUM CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L 0.3 4.2

Products Affected

Vendor Product Version
dell vostro_5510_firmware *
dell inspiron_3020_desktop_firmware *
dell inspiron_5410_firmware *
dell inspiron_3593_firmware *
dell vostro_3510_firmware *
dell xps_13_9305_firmware *
dell inspiron_5593_firmware *
dell vostro_3710_firmware *
dell inspiron_14_5418_firmware *
dell vostro_3690_firmware *
dell precision_3470_firmware *
dell optiplex_7400_all-in-one_firmware *
dell chengming_3900_firmware *
dell inspiron_3493_firmware *
dell alienware_m16_firmware *
dell latitude_3140_firmware *
dell latitude_7520_firmware *
dell xps_15_9520_firmware *
dell precision_3450_firmware *
dell g7_15_7500_firmware *
dell latitude_5430_firmware *
dell optiplex_small_form_factor_plus_7010_firmware *
dell optiplex_3000_thin_client_firmware *
dell optiplex_micro_plus_7010_firmware *
dell precision_3260_compact_firmware *
dell latitude_7320_firmware *
dell optiplex_3000_firmware *
dell chengming_3910_firmware *
dell alienware_m18_firmware *
dell optiplex_7490_all-in-one_firmware *
dell xps_13_9310_2-in-1_firmware *
dell chengming_3901_firmware *
dell optiplex_7410_all-in-one_firmware *
dell inspiron_7610_firmware *
dell latitude_3340_firmware *
dell latitude_3430_firmware *
dell precision_5570_firmware *
dell vostro_5491_firmware *
dell optiplex_xe4_firmware *
dell optiplex_5400_all-in-one_firmware *
dell latitude_3500_firmware *
dell inspiron_24_5421_all-in-one_firmware *
dell vostro_5591_firmware *
dell inspiron_7510_firmware *
dell vostro_5890_firmware *
dell xps_13_7390_2-in-1_firmware *
dell g3_3500_firmware *
dell inspiron_7500_2-in-1_black_firmware *
dell xps_13_9310_firmware *
dell inspiron_7501_firmware *
dell optiplex_5490_all-in-one_firmware *
dell vostro_7510_firmware *
dell latitude_5431_firmware *
dell chengming_3911_firmware *
dell precision_3460_small_form_factor_firmware *
dell inspiron_15_3511_firmware *
dell latitude_5420_firmware *
dell latitude_7420_firmware *
dell latitude_rugged_7330_firmware *
dell inspiron_7490_firmware *
dell latitude_9330_firmware *
dell inspiron_14_5410_firmware *
dell latitude_3540_firmware *
dell inspiron_3891_firmware *
dell vostro_7500_firmware *
dell inspiron_3910_firmware *
dell g16_7620_firmware *
dell precision_3460_xe_small_form_factor_firmware *
dell latitude_3400_firmware *
dell precision_3260_xe_compact_firmware *
dell g5_15_5500_firmware *
dell vostro_3890_firmware *
dell latitude_3330_firmware *
dell vostro_3020_sff_firmware *
dell optiplex_5000_firmware *
dell inspiron_5493_firmware *
dell g7_17_7700_firmware *
dell precision_3650_tower_firmware *
dell latitude_9520_firmware *
dell latitude_3440_firmware *
dell optiplex_5090_firmware *
dell latitude_rugged_5430_firmware *
dell vostro_3910_firmware *
dell latitude_3320_firmware *
dell xps_13_7390_firmware *
dell precision_3660_firmware *
dell inspiron_3511_firmware *
dell inspiron_7500_firmware *
dell inspiron_15_5510_firmware *
dell inspiron_24_5420_all-in-one_firmware *
dell optiplex_tower_plus_7010_firmware *
dell precision_5860_tower_firmware *
dell vostro_5410_firmware *
dell precision_5680_firmware *
dell inspiron_7300_2-in-1_firmware *
dell inspiron_3793_firmware *
dell optiplex_7090_firmware *
dell precision_5470_firmware *
dell inspiron_27_7720_all-in-one_firmware *
dell latitude_3530_firmware *
dell latitude_7230_rugged_extreme_tablet_firmware *
dell g15_5520_firmware *
dell xps_13_9300_firmware *
dell precision_7960_tower_firmware *
dell inspiron_15_5518_firmware *
dell optiplex_7000_firmware *
dell xps_13_9315_firmware *
dell inspiron_3020_small_desktop_firmware *
dell latitude_3301_firmware *
dell vostro_3020_t_firmware *
dell alienware_m15_r7_firmware *
CVE-2023-32454

DUP framework version 4.9.4.36 and prior contains insecure operation on Windows junction/Mount point vulnerability. A local malicious standard user could exploit the vulnerability to create arbitrary files, leading to denial of service

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2
security_alert@emc.com 6.3 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H 1.0 5.2

Products Affected

Vendor Product Version
dell update_package_framework *
CVE-2023-32455

Dell Wyse ThinOS versions prior to 2208 (9.3.2102) contain a sensitive information disclosure vulnerability. An unauthenticated malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
dell wyse_thinos *
CVE-2023-32457

Dell PowerScale OneFS, versions 8.2.2.x-9.5.0.x, contains an improper privilege management vulnerability. A remote attacker with low privileges could potentially exploit this vulnerability, leading to escalation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2023-32460

Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell emc_storage_nx3240_firmware *
dell emc_xc_core_xc650_firmware *
dell poweredge_r640_firmware *
dell poweredge_t640_firmware *
dell poweredge_t140_firmware *
dell poweredge_r960_firmware *
dell poweredge_xr8610t_firmware *
dell poweredge_r350_firmware *
dell nx3230_firmware *
dell poweredge_c6320_firmware *
dell poweredge_c6620_firmware *
dell poweredge_hs5620_firmware *
dell poweredge_fc640_firmware *
dell poweredge_r940xa_firmware *
dell poweredge_t130_firmware *
dell poweredge_r7515_firmware *
dell poweredge_xe9680_firmware *
dell poweredge_r760xa_firmware *
dell poweredge_m640_(pe_vrtx)_firmware *
dell poweredge_mx760c_firmware *
dell poweredge_r730xd_firmware *
dell poweredge_r650xs_firmware *
dell poweredge_m830_(pe_vrtx)_firmware *
dell poweredge_r750_firmware *
dell poweredge_xe2420_firmware *
dell poweredge_xr5610_firmware *
dell poweredge_r6515_firmware *
dell poweredge_t560_firmware *
dell poweredge_r750xa_firmware *
dell poweredge_xe8545_firmware *
dell poweredge_r740_firmware *
dell poweredge_m640_firmware *
dell poweredge_r760xd2_firmware *
dell emc_xc_core_xc640_firmware *
dell poweredge_m630_firmware *
dell poweredge_r7615_firmware *
dell poweredge_r550_firmware *
dell poweredge_t440_firmware *
dell poweredge_r940_firmware *
dell poweredge_fc630_firmware *
dell poweredge_r740xd2_firmware *
dell poweredge_r630_firmware *
dell poweredge_m830_firmware *
dell poweredge_t340_firmware *
dell poweredge_mx740c_firmware *
dell poweredge_fc830_firmware *
dell xc730_hyperconverged_appliance_firmware *
dell poweredge_hs5610_firmware *
dell poweredge_r6525_firmware *
dell poweredge_t430_firmware *
dell poweredge_xr12_firmware *
dell poweredge_mx840c_firmware *
dell poweredge_c6615_firmware *
dell poweredge_r340_firmware *
dell poweredge_c4140_firmware *
dell poweredge_c6420_firmware *
dell poweredge_c4130_firmware *
dell poweredge_xr4510c_firmware *
dell poweredge_xe7440_firmware *
dell poweredge_r760xs_firmware *
dell poweredge_r6615_firmware *
dell poweredge_fc430_firmware *
dell emc_xc_core_xc7525_firmware *
dell xc630_hyperconverged_appliance_firmware *
dell xc_core_xc760_firmware *
dell nx3330_firmware *
dell poweredge_m630_(pe_vrtx)_firmware *
dell poweredge_xe9640_firmware *
dell poweredge_r840_firmware *
dell nx430_firmware *
dell poweredge_xr8620t_firmware *
dell poweredge_xe8640_firmware *
dell poweredge_r330_firmware *
dell poweredge_r6415_firmware *
dell emc_xc_core_xc740xd_firmware *
dell poweredge_r930_firmware *
dell poweredge_r660_firmware *
dell poweredge_r430_firmware *
dell xc430_hyperconverged_appliance_firmware *
dell emc_nx440_firmware *
dell poweredge_r240_firmware *
dell poweredge_r230_firmware *
dell poweredge_r250_firmware *
dell poweredge_xr4520c_firmware *
dell poweredge_r540_firmware *
dell emc_storage_nx3340_firmware *
dell poweredge_r730_firmware *
dell emc_xc_core_6420_firmware *
dell emc_xc_core_xc750xa_firmware *
dell poweredge_r860_firmware *
dell poweredge_r7415_firmware *
dell poweredge_r450_firmware *
dell emc_xc_core_xc740xd2_firmware *
dell poweredge_r7525_firmware *
dell poweredge_c6525_firmware *
dell poweredge_r830_firmware *
dell xc730xd_hyperconverged_appliance_firmware *
dell emc_xc_core_xc450_firmware *
dell poweredge_t630_firmware *
dell poweredge_r660xs_firmware *
dell poweredge_t350_firmware *
dell poweredge_r760_firmware *
dell emc_xc_core_xcxr2_firmware *
dell xc_core_xc660_firmware *
dell poweredge_r530_firmware *
dell poweredge_xr7620_firmware *
dell poweredge_r7625_firmware *
dell poweredge_xr2_firmware *
dell poweredge_xr11_firmware *
dell poweredge_mx750c_firmware *
dell poweredge_r740xd_firmware *
dell poweredge_t550_firmware *
dell poweredge_t330_firmware *
dell emc_xc_core_xc6520_firmware *
dell poweredge_r650_firmware *
dell poweredge_xe7420_firmware *
dell emc_xc_core_xc750_firmware *
dell dss_8440_firmware *
dell poweredge_r440_firmware *
dell poweredge_r7425_firmware *
dell poweredge_r750xs_firmware *
dell poweredge_t150_firmware *
dell poweredge_r6625_firmware *
dell xc6320_hyperconverged_appliance_firmware *
dell emc_xc_core_xc940_firmware *
dell poweredge_c6520_firmware *
CVE-2023-32461

Dell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, leading to corrupt memory and potentially escalate privileges.  

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.0 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L 0.8 3.7
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell emc_xc_core_xc650_firmware *
dell poweredge_r960_firmware *
dell poweredge_xr8620t_firmware *
dell poweredge_r350_firmware *
dell poweredge_xe8640_firmware *
dell poweredge_c6620_firmware *
dell poweredge_r660_firmware *
dell poweredge_hs5620_firmware *
dell poweredge_r250_firmware *
dell poweredge_r7515_firmware *
dell poweredge_xe9680_firmware *
dell poweredge_xr4520c_firmware *
dell poweredge_r760xa_firmware *
dell poweredge_mx760c_firmware *
dell poweredge_r650xs_firmware *
dell emc_xc_core_xc750xa_firmware *
dell poweredge_r750_firmware *
dell poweredge_r860_firmware *
dell poweredge_xr5610_firmware *
dell poweredge_r6515_firmware *
dell poweredge_t560_firmware *
dell poweredge_r750xa_firmware *
dell poweredge_r450_firmware *
dell poweredge_xe8545_firmware *
dell poweredge_r7525_firmware *
dell poweredge_c6525_firmware *
dell emc_xc_core_xc450_firmware *
dell poweredge_r760xd2_firmware *
dell poweredge_r660xs_firmware *
dell poweredge_t350_firmware *
dell poweredge_r760_firmware *
dell poweredge_r7615_firmware *
dell poweredge_r550_firmware *
dell poweredge_xr7620_firmware *
dell poweredge_r7625_firmware *
dell poweredge_xr11_firmware *
dell poweredge_mx750c_firmware *
dell poweredge_t550_firmware *
dell emc_xc_core_xc6520_firmware *
dell poweredge_r650_firmware *
dell emc_xc_core_xc750_firmware *
dell poweredge_hs5610_firmware *
dell poweredge_r6525_firmware *
dell poweredge_xr12_firmware *
dell poweredge_r750xs_firmware *
dell poweredge_t150_firmware *
dell poweredge_r6625_firmware *
dell poweredge_xr4510c_firmware *
dell poweredge_r760xs_firmware *
dell poweredge_xr4520c_firmware 1.10.4
dell poweredge_r6615_firmware *
dell poweredge_c6520_firmware *
dell emc_xc_core_xc7525_firmware *
CVE-2023-32462

Dell OS10 Networking Switches running 10.5.2.x and above contain an OS command injection vulnerability when using remote user authentication. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands and possible system takeover. This is a critical vulnerability as it allows an attacker to cause severe damage. Dell recommends customers to upgrade at the earliest opportunity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
dell smartfabric_os10 *
dell smartfabric_os10 10.5.5.3
dell smartfabric_os10 10.5.5.1
dell smartfabric_os10 10.5.5.0
dell smartfabric_os10 10.5.5.2
CVE-2023-32463

Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-service vulnerability in the upgrade functionality. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to degraded performance and system malfunction.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 3.4 LOW CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L 0.8 2.5

Products Affected

Vendor Product Version
dell vxrail_e560_vcf_firmware *
dell vxrail_e665f_firmware *
dell vxrail_p570f_firmware *
dell vxrail_v570f_vcf_firmware *
dell vxrail_p570f_vcf_firmware *
dell vxrail_p580n_firmware *
dell vxrail_vd-4000w_firmware *
dell vxrail_e660n_firmware *
dell vxrail_e560n_firmware *
dell vxrail_s570_firmware *
dell vxrail_d560_firmware *
dell vxrail_v470_firmware *
dell vxrail_vd-4510c_firmware *
dell vxrail_s570_vcf_firmware *
dell vxrail_v570f_firmware *
dell vxrail_v670f_firmware *
dell vxrail_e660_firmware *
dell vxrail_v570_firmware *
dell vxrail_p670f_firmware *
dell vxrail_p675n_firmware *
dell vxrail_s470_firmware *
dell vxrail_p670n_firmware *
dell vxrail_vd-4000r_firmware *
dell vxrail_p675f_firmware *
dell vxrail_e560_firmware *
dell vxrail_e665n_firmware *
dell vxrail_vd-4000z_firmware *
dell vxrail_g560f_firmware *
dell vxrail_s670_firmware *
dell vxrail_g560f_vcf_firmware *
dell vxrail_p470_firmware *
dell vxrail_p570_vcf_firmware *
dell vxrail_e560f_firmware *
dell vxrail_e660f_firmware *
dell vxrail_g560_vcf_firmware *
dell vxrail_p570_firmware *
dell vxrail_e665_firmware *
dell vxrail_e560n_vcf_firmware *
dell vxrail_g560_firmware *
dell vxrail_d560f_firmware *
dell vxrail_vd-4520c_firmware *
dell vxrail_p580n_vcf_firmware *
dell vxrail_e460_firmware *
dell vxrail_e560f_vcf_firmware *
dell vxrail_v570_vcf_firmware *
CVE-2023-32464

Dell VxRail, versions prior to 7.0.450, contain an improper certificate validation vulnerability. A high privileged remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim’s data in transit.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 2.7 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N 1.2 1.4

Products Affected

Vendor Product Version
dell vxrail_e560_vcf_firmware *
dell vxrail_e665f_firmware *
dell vxrail_p570f_firmware *
dell vxrail_v570f_vcf_firmware *
dell vxrail_p570f_vcf_firmware *
dell vxrail_p580n_firmware *
dell vxrail_vd-4000w_firmware *
dell vxrail_e660n_firmware *
dell vxrail_e560n_firmware *
dell vxrail_s570_firmware *
dell vxrail_d560_firmware *
dell vxrail_v470_firmware *
dell vxrail_vd-4510c_firmware *
dell vxrail_s570_vcf_firmware *
dell vxrail_v570f_firmware *
dell vxrail_v670f_firmware *
dell vxrail_e660_firmware *
dell vxrail_v570_firmware *
dell vxrail_p670f_firmware *
dell vxrail_p675n_firmware *
dell vxrail_s470_firmware *
dell vxrail_p670n_firmware *
dell vxrail_vd-4000r_firmware *
dell vxrail_p675f_firmware *
dell vxrail_e560_firmware *
dell vxrail_e665n_firmware *
dell vxrail_vd-4000z_firmware *
dell vxrail_g560f_firmware *
dell vxrail_s670_firmware *
dell vxrail_g560f_vcf_firmware *
dell vxrail_p470_firmware *
dell vxrail_p570_vcf_firmware *
dell vxrail_e560f_firmware *
dell vxrail_e660f_firmware *
dell vxrail_g560_vcf_firmware *
dell vxrail_p570_firmware *
dell vxrail_e665_firmware *
dell vxrail_e560n_vcf_firmware *
dell vxrail_g560_firmware *
dell vxrail_d560f_firmware *
dell vxrail_vd-4520c_firmware *
dell vxrail_p580n_vcf_firmware *
dell vxrail_e460_firmware *
dell vxrail_e560f_vcf_firmware *
dell vxrail_v570_vcf_firmware *
CVE-2023-32465

Dell Power Protect Cyber Recovery, contains an Authentication Bypass vulnerability. An attacker could potentially exploit this vulnerability, leading to unauthorized admin access to the Cyber Recovery application. Exploitation may lead to complete system takeover by an attacker.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
dell powerprotect_cyber_recovery *
CVE-2023-32466

Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some UEFI code, leading to arbitrary code execution or escalation of privilege.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L 1.5 3.7

Products Affected

Vendor Product Version
dell edge_gateway_3200_firmware *
CVE-2023-32467

Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some UEFI code, leading to arbitrary code execution or escalation of privilege.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L 1.5 3.7

Products Affected

Vendor Product Version
dell xps_13_9350_firmware 0.1.13.0
dell chengming_3977_firmware 0.1.13.0
dell edge_gateway_5000_firmware 0.1.19.0
dell edge_gateway_5200_firmware *
dell edge_gateway_5100_firmware 0.1.19.0
dell edge_gateway_3200_firmware -
CVE-2023-32468

Dell ECS Streamer, versions prior to 2.0.7.1, contain an insertion of sensitive information in log files vulnerability. A remote malicious high-privileged user could potentially exploit this vulnerability leading to exposure of this sensitive data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 1.3 4.0

Products Affected

Vendor Product Version
dell ecs_streamer *
CVE-2023-32469

Dell Precision Tower BIOS contains an Improper Input Validation vulnerability. A locally authenticated malicious user with admin privileges could potentially exploit this vulnerability to perform arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell precision_5820_firmware *
dell precision_7920_firmware *
dell precision_7820_firmware *
CVE-2023-32470

Dell Digital Delivery versions prior to 5.0.82.0 contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
security_alert@emc.com 5.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H 1.3 3.6

Products Affected

Vendor Product Version
dell digital_delivery *
CVE-2023-32471

Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds read vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability to read contents of stack memory and use this information for further exploits.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N 1.5 4.0

Products Affected

Vendor Product Version
dell vostro_15_7580_firmware -
dell precision_3930_rack_firmware -
dell precision_5820_tower_firmware -
dell edge_gateway_3200_firmware -
dell optiplex_7080_firmware -
dell edge_gateway_5200_firmware -
dell g7_7588_firmware -
dell precision_5520_firmware -
dell inspiron_7460_firmware -
dell g5_5587_firmware -
CVE-2023-32472

Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some code in System Management Mode, leading to arbitrary code execution or escalation of privilege.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L 1.5 3.7

Products Affected

Vendor Product Version
dell edge_gateway_5200_firmware *
dell edge_gateway_3200_firmware -
CVE-2023-32474

Dell Display Manager application, version 2.1.1.17 and prior, contain an insecure operation on windows junction/mount point. A local malicious user could potentially exploit this vulnerability during installation leading to arbitrary folder or file deletion

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H 1.3 5.2
security_alert@emc.com 6.6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H 1.3 5.2

Products Affected

Vendor Product Version
dell display_manager *
CVE-2023-32475

Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially bypass security mechanisms to run arbitrary code on the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.6 HIGH CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 0.9 6.0

Products Affected

Vendor Product Version
dell inspiron_16_5625_firmware *
dell inspiron_7405_2-in-1_firmware *
dell alienware_m15_r7_amd_firmware *
dell inspiron_5515_firmware *
dell inspiron_15_3535_firmware *
dell inspiron_14_7435_2-in-1_firmware *
dell vostro_16_5635_firmware *
dell alienware_aurora_r10_firmware *
dell inspiron_7415_2-in-1_firmware *
dell inspiron_24_5415_all-in-one_firmware *
dell inspiron_16_7635_2-in-1_firmware *
dell g15_5535_firmware *
dell alienware_m16_r1_amd_firmware *
dell g15_5515_firmware *
dell alienware_aurora_ryzen_edition_r14_firmware *
dell inspiron_14_5435_firmware *
dell inspiron_5505_firmware *
dell vostro_5415_firmware *
dell vostro_14_3435_firmware *
dell inspiron_14_7425_2-in-1_firmware *
dell inspiron_15_3515_firmware *
dell inspiron_5405_firmware *
dell vostro_5625_firmware *
dell inspiron_14_5425_firmware *
dell vostro_15_3525_firmware *
dell inspiron_16_5635_firmware *
dell alienware_m15_ryzen_edition_r5_firmware *
dell g15_5525_firmware *
dell inspiron_15_3525_firmware *
dell g5_5505_firmware *
dell vostro_5515_firmware *
dell vostro_15_3535_firmware *
dell inspiron_3505_firmware *
dell inspiron_5415_firmware *
dell alienware_aurora_r15_amd_firmware *
dell alienware_m17_r5_amd_firmware *
dell vostro_3405_firmware *
dell vostro_14_3425_firmware *
dell alienware_m18_firmware *
dell vostro_15_3515_firmware *
CVE-2023-32476

Dell Hybrid Client version 2.0 contains a Sensitive Data Exposure vulnerability. An unauthenticated malicious user on the device can access hard coded secrets in javascript files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9

Products Affected

Vendor Product Version
dell hybrid_client 2.0
CVE-2023-32477

Dell Common Event Enabler 8.9.8.2 for Windows and prior, contain an improper access control vulnerability. A local low-privileged malicious user may potentially exploit this vulnerability to gain elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell common_event_enabler *
CVE-2023-32478

Dell PowerStore versions prior to 3.5.0.1 contain an insertion of sensitive information into log file vulnerability. A high privileged malicious user could potentially exploit this vulnerability, leading to sensitive information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 9.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H 2.3 6.0

Products Affected

Vendor Product Version
dell powerstoreos *
CVE-2023-32479

Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by replacing binaries in installed directory and taking reverse shell of the system leading to Privilege Escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell security_management_server *
dell endpoint_security_suite_enterprise *
dell encryption *
CVE-2023-32480

Dell BIOS contains an Improper Input Validation vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability to perform arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

Products Affected

Vendor Product Version
dell vostro_5510_firmware *
dell g15_5510_firmware *
dell inspiron_3520_firmware *
dell vostro_7510_firmware *
dell inspiron_5410_firmware *
dell precision_5770_firmware *
dell xps_13_9315_2-in-1_firmware *
dell inspiron_7610_firmware *
dell latitude_3320_firmware *
dell inspiron_14_5418_firmware *
dell latitude_3430_firmware *
dell vostro_3520_firmware *
dell vostro_3420_firmware *
dell inspiron_5620_firmware *
dell inspiron_15_5510_firmware *
dell xps_17_9720_firmware *
dell latitude_3420_firmware *
dell xps_17_9710_firmware *
dell vostro_5410_firmware *
dell latitude_3520_firmware *
dell inspiron_14_5410_firmware *
dell latitude_3530_firmware *
dell precision_5760_firmware *
dell g15_5520_firmware *
dell inspiron_7510_firmware *
dell vostro_5620_firmware *
dell inspiron_15_5518_firmware *
dell inspiron_5420_firmware *
dell inspiron_7420_firmware *
dell inspiron_16_7620_2-in-1_firmware *
dell alienware_m15_r7_firmware *
CVE-2023-32481

Wyse Management Suite versions prior to 4.0 contain a denial-of-service vulnerability. An authenticated malicious user can flood the configured SMTP server with numerous requests in order to deny access to the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

Products Affected

Vendor Product Version
dell wyse_management_suite *
CVE-2023-32482

Wyse Management Suite versions prior to 4.0 contain an improper authorization vulnerability. An authenticated malicious user with privileged access can push policies to unauthorized tenant group.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N 1.2 3.6

Products Affected

Vendor Product Version
dell wyse_management_suite *
CVE-2023-32483

Wyse Management Suite versions prior to 4.0 contain a sensitive information disclosure vulnerability. An authenticated malicious user having local access to the system running the application could exploit this vulnerability to read sensitive information written to log files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6

Products Affected

Vendor Product Version
dell wyse_management_suite *
CVE-2023-32484

Dell Networking Switches running Enterprise SONiC versions 4.1.0, 4.0.5, 3.5.4 and below contains an improper input validation vulnerability. A remote unauthenticated malicious user may exploit this vulnerability and escalate privileges up to the highest administrative level. This is a Critical vulnerability affecting certain protocols, Dell recommends customers to upgrade at the earliest opportunity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
dell enterprise_sonic_distribution 4.1.0
dell enterprise_sonic_distribution *
CVE-2023-32485

Dell SmartFabric Storage Software version 1.3 and lower contain an improper input validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability and escalate privileges up to the highest administration level. This is a critical severity vulnerability affecting user authentication. Dell recommends customers to upgrade at the earliest opportunity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
dell smartfabric_storage_software *
CVE-2023-32486

Dell PowerScale OneFS 9.5.x version contain a privilege escalation vulnerability. A low privilege local attacker could potentially exploit this vulnerability, leading to escalation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2023-32487

Dell PowerScale OneFS, 8.2.x - 9.5.0.x, contains an elevation of privilege vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service, code execution and information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2023-32488

Dell PowerScale OneFS, 8.2.x-9.5.0.x, contains an information disclosure vulnerability in NFS. A low privileged attacker could potentially exploit this vulnerability, leading to information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2023-32489

Dell PowerScale OneFS 8.2x -9.5x contains a privilege escalation vulnerability. A local attacker with high privileges could potentially exploit this vulnerability, to bypass mode protections and gain elevated privileges.  

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2023-32490

Dell PowerScale OneFS 8.2x -9.5x contains an improper privilege management vulnerability. A high privilege local attacker could potentially exploit this vulnerability, leading to system takeover.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2023-32491

Dell PowerScale OneFS 9.5.0.x, contains an insertion of sensitive information into log file vulnerability in SNMPv3. A low privileges user could potentially exploit this vulnerability, leading to information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 2.8 3.4
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2023-32492

Dell PowerScale OneFS 9.5.0.x contains an incorrect default permissions vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to information disclosure or allowing to modify files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 1.8 3.4
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 1.8 5.2

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2023-32493

Dell PowerScale OneFS, 9.5.0.x, contains a protection mechanism bypass vulnerability. An unprivileged, remote attacker could potentially exploit this vulnerability, leading to denial of service, information disclosure and remote execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security_alert@emc.com 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2023-32494

Dell PowerScale OneFS, 8.0.x-9.5.x, contains an improper handling of insufficient privileges vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to elevation of privilege and affect in compliance mode also.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2023-32495

Dell PowerScale OneFS, 8.2.x-9.5.x, contains a exposure of sensitive information to an unauthorized Actor vulnerability. An authorized local attacker could potentially exploit this vulnerability, leading to escalation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2023-39244

DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level credentials.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4

Products Affected

Vendor Product Version
dell enterprise_storage_integrator_for_sap_landscape_management *
CVE-2023-39245

DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level credentials.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
dell enterprise_storage_integrator_for_sap_landscape_management *
CVE-2023-39246

Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server version prior to 11.8.1 contain an Insecure Operation on Windows Junction Vulnerability during installation. A local malicious user could potentially exploit this vulnerability to create an arbitrary folder inside a restricted directory, leading to Privilege Escalation

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L 1.5 2.7
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

Products Affected

Vendor Product Version
dell security_management_server *
dell endpoint_security_suite_enterprise *
dell encryption *
CVE-2023-39248

Dell OS10 Networking Switches running 10.5.2.x and above contain an Uncontrolled Resource Consumption (Denial of Service) vulnerability, when switches are configured with VLT and VRRP. A remote unauthenticated user can cause the network to be flooded leading to Denial of Service for actual network users. This is a high severity vulnerability as it allows an attacker to cause an outage of network. Dell recommends customers to upgrade at the earliest opportunity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
dell networking_os10 10.5.5.5
CVE-2023-39249

Dell SupportAssist for Business PCs version 3.4.0 contains a local Authentication Bypass vulnerability that allows locally authenticated non-admin users to gain temporary privilege within the SupportAssist User Interface on their respective PC. The Run as Admin temporary privilege feature enables IT/System Administrators to perform driver scans and Dell-recommended driver installations without requiring them to log out of the local non-admin user session. However, the granted privilege is limited solely to the SupportAssist User Interface and automatically expires after 15 minutes.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L 2.0 3.7

Products Affected

Vendor Product Version
dell supportassist_for_home_pcs 3.4.0
CVE-2023-39250

Dell Storage Integration Tools for VMware (DSITV) and Dell Storage vSphere Client Plugin (DSVCP) versions prior to 6.1.1 and Replay Manager for VMware (RMSV) versions prior to 3.1.2 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to retrieve an encryption key that could aid in further attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell replay_manager_for_vmware *
dell storage_integration_tools_for_vmware *
dell storage_vsphere_client_plugin *
CVE-2023-39251

Dell BIOS contains an Improper Input Validation vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability in order to corrupt memory on the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:L 1.5 4.7
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell precision_5560_firmware *
dell precision_7760_firmware *
dell xps_17_9710_firmware *
dell vostro_7510_firmware *
dell latitude_7330_rugged_firmware *
dell precision_5760_firmware *
dell xps_15_9510_firmware *
dell inspiron_7610_firmware *
dell precision_3561_firmware *
dell latitude_5430_rugged_firmware *
dell inspiron_7510_firmware *
dell latitude_5521_firmware *
dell precision_7560_firmware *
CVE-2023-39252

Dell SCG Policy Manager 5.16.00.14 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6
security_alert@emc.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

Products Affected

Vendor Product Version
dell secure_connect_gateway_policy_manager 5.16.00.14
dell policy_manager_for_secure_connect_gateway 5.16.00.14
CVE-2023-39253

Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of privilege on the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

Products Affected

Vendor Product Version
dell os_recovery_tool 2.2.4013
dell os_recovery_tool 2.3.7012.0
dell os_recovery_tool 2.3.7515.0
CVE-2023-39254

Dell Update Package (DUP), Versions prior to 4.9.10 contain an Uncontrolled Search Path vulnerability. A malicious user with local access to the system could potentially exploit this vulnerability to run arbitrary code as admin.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell update_package_framework *
CVE-2023-39256

Dell Rugged Control Center, version prior to 4.7, contains an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability to modify the content in an unsecured folder during product installation and upgrade, leading to privilege escalation on the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

Products Affected

Vendor Product Version
dell rugged_control_center *
CVE-2023-39257

Dell Rugged Control Center, version prior to 4.7, contains an Improper Access Control vulnerability. A local malicious standard user could potentially exploit this vulnerability to modify the content in an unsecured folder when product installation repair is performed, leading to privilege escalation on the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

Products Affected

Vendor Product Version
dell rugged_control_center *
CVE-2023-39259

Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of privilege on the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

Products Affected

Vendor Product Version
dell os_recovery_tool 2.2.4013
dell os_recovery_tool 2.3.7012.0
dell os_recovery_tool 2.3.7515.0
CVE-2023-4129

Dell Data Protection Central, version 19.9, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
security_alert@emc.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

Products Affected

Vendor Product Version
dell data_protection_central 19.9.0-10
CVE-2023-43065

Dell Unity prior to 5.3 contains a Cross-site scripting vulnerability. A low-privileged authenticated attacker can exploit these issues to obtain escalated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7
security_alert@emc.com 5.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L 2.3 2.7

Products Affected

Vendor Product Version
dell unity_xt_operating_environment *
dell unityvsa_operating_environment *
dell unity_operating_environment *
CVE-2023-43066

Dell Unity prior to 5.3 contains a Restricted Shell Bypass vulnerability. This could allow an authenticated, local attacker to exploit this vulnerability by authenticating to the device CLI and issuing certain commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L 0.8 4.2
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell unity_xt_operating_environment *
dell unityvsa_operating_environment *
dell unity_operating_environment *
CVE-2023-43067

Dell Unity prior to 5.3 contains an XML External Entity injection vulnerability. An XXE attack could potentially exploit this vulnerability disclosing local files in the file system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
dell unity_xt_operating_environment *
dell unityvsa_operating_environment *
dell unity_operating_environment *
CVE-2023-43068

Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the restricted shell in SSH. An authenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
dell smartfabric_storage_software *
CVE-2023-43069

Dell SmartFabric Storage Software v1.4 (and earlier) contain(s) an OS Command Injection Vulnerability in the CLI. An authenticated local attacker could potentially exploit this vulnerability, leading to possible injection of parameters to curl or docker.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell smartfabric_storage_software *
CVE-2023-43070

Dell SmartFabric Storage Software v1.4 (and earlier) contains a Path Traversal Vulnerability in the HTTP interface. A remote authenticated attacker could potentially exploit this vulnerability, leading to modify or write arbitrary files to arbitrary locations in the license container.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6
security_alert@emc.com 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2.8 3.4

Products Affected

Vendor Product Version
dell smartfabric_storage_software *
CVE-2023-43071

Dell SmartFabric Storage Software v1.4 (and earlier) contains possible vulnerabilities for HTML injection or CVS formula injection which might escalate to cross-site scripting attacks in HTML pages in the GUI. A remote authenticated attacker could potentially exploit these issues, leading to various injection type attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7
security_alert@emc.com 4.4 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N 1.3 2.7

Products Affected

Vendor Product Version
dell smartfabric_storage_software *
CVE-2023-43072

Dell SmartFabric Storage Software v1.4 (and earlier) contains an improper access control vulnerability in the CLI. A local possibly unauthenticated attacker could potentially exploit this vulnerability, leading to ability to execute arbritrary shell commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L 1.8 2.5
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell smartfabric_storage_software *
CVE-2023-43073

Dell SmartFabric Storage Software v1.4 (and earlier) contains an Improper Input Validation vulnerability in RADIUS configuration. An authenticated remote attacker could potentially exploit this vulnerability, leading to gaining unauthorized access to data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
dell smartfabric_storage_software *
CVE-2023-43074

Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by crafting arbitrary files through a request to the server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6
security_alert@emc.com 5.2 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:L 0.9 4.2

Products Affected

Vendor Product Version
dell unity_xt_operating_environment *
dell unityvsa_operating_environment *
dell unity_operating_environment *
CVE-2023-43076

Dell PowerScale OneFS 8.2.x,9.0.0.x-9.5.0.x contains a denial-of-service vulnerability. A low privilege remote attacker could potentially exploit this vulnerability to cause an out of memory (OOM) condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2023-43078

Dell Dock Firmware and Dell Client Platform contain an Improper Link Resolution vulnerability during installation resulting in arbitrary folder deletion, which could lead to Privilege Escalation or Denial of Service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell optiplex_3090_firmware *
dell precision_7540_firmware *
dell xps_17_9730_firmware *
dell chengming_3988_firmware *
dell optiplex_7480_all-in-one_firmware *
dell alienware_x14_r2_firmware *
dell inspiron_5410_firmware *
dell inspiron_3593_firmware *
dell inspiron_24_5410_all-in-one_firmware *
dell xps_13_9305_firmware *
dell inspiron_5593_firmware *
dell optiplex_7770_all-in-one_firmware *
dell vostro_3710_firmware *
dell latitude_3410_firmware *
dell vostro_14_5410_firmware *
dell inspiron_15_3530_firmware *
dell precision_3470_firmware *
dell inspiron_5400_firmware *
dell optiplex_7400_all-in-one_firmware *
dell vostro_15_3520_firmware *
dell latitude_7490_firmware *
dell latitude_7210_2-in-1_firmware *
dell xps_13_plus_9320_firmware *
dell optiplex_all-in-one_7410_firmware *
dell latitude_3520_firmware *
dell latitude_7520_firmware *
dell latitude_3310_2-in-1_firmware *
dell xps_15_9520_firmware *
dell inspiron_5409_firmware *
dell vostro_3590_firmware *
dell inspiron_7700_all-in-one_firmware *
dell latitude_7440_firmware *
dell vostro_3020_tower_desktop_firmware *
dell dock_hd22q_firmware_update_utility 01.00.15
dell xps_15_9530_firmware *
dell latitude_7330_rugged_laptop_firmware *
dell xps_9315_2-in-1_firmware *
dell optiplex_tower_7010_firmware *
dell optiplex_3000_micro_firmware *
dell latitude_7230_rugged_extreme_firmware *
dell precision_3630_tower_firmware *
dell optiplex_7490_all-in-one_firmware *
dell precision_5480_firmware *
dell latitude_5410_firmware *
dell optiplex_7460_all_in_one_firmware *
dell optiplex_5060_firmware *
dell inspiron_15_3520_firmware *
dell latitude_3430_firmware *
dell inspiron_5401_firmware *
dell optiplex_7470_all-in-one_firmware *
dell alienware_x16_r1_firmware *
dell precision_3430_tower_firmware *
dell optiplex_5400_all-in-one_firmware *
dell optiplex_7000_micro_firmware *
dell optiplex_5260_all-in-one_firmware *
dell latitude_9410_firmware *
dell precision_3240_compact_firmware *
dell alienware_m16_r1_firmware *
dell g7_7700_firmware *
dell precision_5530_firmware *
dell alienware_m15_r6_firmware *
dell precision_3571_firmware *
dell latitude_5411_firmware *
dell optiplex_5090_micro_firmware *
dell latitude_5491_firmware *
dell vostro_5502_firmware *
dell g5_5090_firmware *
dell intel_thunderbolt_controller_firmware_update_utility *
dell precision_5760_firmware *
dell g7_7500_firmware *
dell optiplex_3000_small_form_factor_firmware *
dell precision_3480_firmware *
dell optiplex_3060_firmware *
dell optiplex_xe3_firmware *
dell precision_3570_firmware *
dell vostro_15_3530_firmware *
dell g3_3500_firmware *
dell inspiron_16_7620_2-in-1_firmware *
dell vostro_3580_firmware *
dell precision_5540_firmware *
dell precision_7730_firmware *
dell inspiron_7501_firmware *
dell inspiron_14_7420_2-in-1_firmware *
dell latitude_5490_firmware *
dell optiplex_5000_micro_firmware *
dell inspiron_3880_firmware *
dell latitude_5520_firmware *
dell precision_3561_firmware *
dell vostro_14_3430_firmware *
dell optiplex_7000_small_form_factor_firmware *
dell latitude_5431_firmware *
dell g5_5500_firmware *
dell vostro_3881_firmware *
dell inspiron_5509_firmware *
dell vostro_3400_firmware *
dell inspiron_16_7630_2-in-1_firmware *
dell latitude_5521_firmware *
dell vostro_3500_firmware *
dell vostro_3501_firmware *
dell optiplex_5080_firmware *
dell latitude_5420_firmware *
dell latitude_7420_firmware *
dell latitude_7220_rugged_extreme_firmware *
dell inspiron_7490_firmware *
dell latitude_9440_2-in-1_firmware *
dell xps_17_9710_firmware *
dell optiplex_3090_ultra_firmware *
dell precision_3551_firmware *
dell inspiron_14_5410_firmware *
dell precision_7680_firmware *
dell inspiron_3891_firmware *
dell latitude_7200_2-in-1_firmware *
dell inspiron_3910_firmware *
dell xps_15_9510_firmware *
dell inspiron_14_5430_firmware *
dell optiplex_7070_firmware *
dell precision_7770_firmware *
dell latitude_5340_firmware *
dell latitude_3300_firmware *
dell precision_7740_firmware *
dell latitude_9510_2in1_firmware *
dell vostro_3890_firmware *
dell xps_15_9500_firmware *
dell precision_7560_firmware *
dell optiplex_5070_firmware *
dell precision_7760_firmware *
dell inspiron_16_7610_firmware *
dell optiplex_5000_tower_firmware *
dell precision_3650_tower_firmware *
dell inspiron_3480_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_5540_firmware *
dell vostro_13_5310_firmware *
dell latitude_9520_firmware *
dell latitude_5501_firmware *
dell vostro_15_7510_firmware *
dell inspiron_7506_2-in-1_firmware *
dell wyse_5470_all-in-one_firmware *
dell precision_5530_2-in-1_firmware *
dell vostro_3910_firmware *
dell latitude_7300_firmware *
dell precision_3581_firmware *
dell latitude_3320_firmware *
dell latitude_7390_firmware *
dell alienware_m18_r1_firmware *
dell precision_3580_firmware *
dell inspiron_16_5630_firmware *
dell inspiron_3671_firmware *
dell inspiron_7300_firmware *
dell optiplex_7070_ultra_firmware *
dell optiplex_7080_firmware *
dell tpm_2.0_firmware_update_utility *
dell inspiron_7400_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell inspiron_24_5420_all-in-one_firmware *
dell optiplex_micro_7010_firmware *
dell precision_5860_tower_firmware *
dell latitude_3420_firmware *
dell latitude_5320_firmware *
dell inspiron_3793_firmware *
dell xps_17_9700_firmware *
dell universal_dock_ud22_firmware_update_utility 1.0.14.20
dell precision_7750_firmware *
dell latitude_3190_firmware *
dell latitude_5290_firmware *
dell chengming_3991_firmware *
dell xps_13_9300_firmware *
dell latitude_5424_rugged_firmware *
dell latitude_rugged_7220ex_firmware *
dell precision_5550_firmware *
dell precision_3560_firmware *
dell inspiron_7706_2-in-1_firmware *
dell latitude_5300_2-in-1_firmware *
dell precision_7960_tower_firmware *
dell latitude_7320_detachable_firmware *
dell latitude_3510_firmware *
dell g15_5511_firmware *
dell inspiron_7306_2-in-1_firmware *
dell vostro_5880_firmware *
dell xps_13_9315_firmware *
dell alienware_m15_r7_firmware *
dell inspiron_13_5320_firmware *
dell inspiron_5401_aio_firmware *
dell inspiron_3020_desktop_firmware *
dell latitude_5400_firmware *
dell optiplex_5090_tower_firmware *
dell latitude_5310_firmware *
dell optiplex_7060_firmware *
dell inspiron_14_5418_firmware *
dell vostro_3690_firmware *
dell vostro_3583_firmware *
dell latitude_5510_firmware *
dell precision_7550_firmware *
dell precision_3540_firmware *
dell vostro_3471_firmware *
dell chengming_3900_firmware *
dell xps_17_9720_firmware *
dell latitude_3140_firmware *
dell vostro_16_5630_firmware *
dell vostro_3480_firmware *
dell inspiron_13_5310_firmware *
dell latitude_9420_firmware *
dell optiplex_5270_all-in-one_firmware *
dell precision_3450_firmware *
dell latitude_5430_firmware *
dell latitude_7400_2-in-1_firmware *
dell precision_7670_firmware *
dell optiplex_small_form_factor_plus_7010_firmware *
dell latitude_7640_firmware *
dell optiplex_3000_thin_client_firmware *
dell latitude_7290_firmware *
dell optiplex_micro_plus_7010_firmware *
dell latitude_5300_firmware *
dell inspiron_15_7510_firmware *
dell precision_3260_compact_firmware *
dell latitude_7320_firmware *
dell inspiron_14_7430_2-in-1_firmware *
dell chengming_3910_firmware *
dell latitude_5440_firmware *
dell precision_5560_firmware *
dell inspiron_16_plus_7620_firmware *
dell inspiron_3471_firmware *
dell xps_13_9310_2-in-1_firmware *
dell vostro_5301_firmware *
dell optiplex_7071_firmware *
dell latitude_3190_2-in-1_firmware *
dell precision_3541_firmware *
dell precision_5770_firmware *
dell inspiron_27_7710_all-in-one_firmware *
dell optiplex_7000_tower_firmware *
dell latitude_3340_firmware *
dell g16_7630_firmware *
dell precision_5570_firmware *
dell optiplex_7780_all-in-one_firmware *
dell latitude_3500_firmware *
dell precision_3431_tower_firmware *
dell latitude_5530_firmware *
dell latitude_7530_firmware *
dell inspiron_16_plus_7630_firmware *
dell inspiron_5502_firmware *
dell latitude_5421_firmware *
dell inspiron_5406_2-in-1_firmware *
dell latitude_5290_2-in-1_firmware *
dell vostro_3671_firmware *
dell vostro_5890_firmware *
dell xps_13_7390_2-in-1_firmware *
dell precision_3440_firmware *
dell dock_wd19_firmware_update_utility 01.00.36
dell dock_wd22tb4_firmware_update_utility 01.00.36
dell xps_13_9310_firmware *
dell precision_7865_tower_firmware *
dell optiplex_7000_xe_micro_firmware *
dell optiplex_5490_all-in-one_firmware *
dell latitude_7310_firmware *
dell vostro_3020_small_desktop_firmware *
dell latitude_3120_firmware *
dell g15_5530_firmware *
dell optiplex_7090_tower_firmware *
dell latitude_7410_firmware *
dell optiplex_3070_firmware *
dell chengming_3911_firmware *
dell latitude_9430_firmware *
dell vostro_14_3420_firmware *
dell precision_7530_firmware *
dell precision_3460_small_form_factor_firmware *
dell precision_5750_firmware *
dell vostro_3681_firmware *
dell vostro_5320_firmware *
dell latitude_7400_firmware *
dell wyse_5470_firmware *
dell vostro_7620_firmware *
dell optiplex_3000_tower_firmware *
dell vostro_5402_firmware *
dell inspiron_15_3511_firmware *
dell precision_7780_firmware *
dell latitude_9330_firmware *
dell inspiron_14_5420_firmware *
dell optiplex_3080_firmware *
dell latitude_7430_firmware *
dell latitude_3540_firmware *
dell latitude_5591_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell vostro_7500_firmware *
dell inspiron_3580_firmware *
dell g16_7620_firmware *
dell inspiron_5402_firmware *
dell precision_3460_xe_small_form_factor_firmware *
dell latitude_3400_firmware *
dell precision_3260_xe_compact_firmware *
dell latitude_5531_firmware *
dell vostro_15_5510_firmware *
dell vostro_5620_firmware *
dell latitude_5420_rugged_firmware *
dell latitude_5500_firmware *
dell latitude_7340_firmware *
dell latitude_3330_firmware *
dell latitude_5330_firmware *
dell vostro_3401_firmware *
dell latitude_5511_firmware *
dell precision_3530_firmware *
dell inspiron_3501_firmware *
dell g15_5510_firmware *
dell latitude_5590_firmware *
dell latitude_3440_firmware *
dell wyse_5070_firmware *
dell chengming_3990_firmware *
dell precision_3640_firmware *
dell inspiron_14_plus_7430_firmware *
dell inspiron_5301_firmware *
dell xps_13_7390_firmware *
dell precision_3660_firmware *
dell inspiron_3881_firmware *
dell vostro_5090_firmware *
dell vostro_15_3510_firmware *
dell xps_8940_firmware *
dell inspiron_7500_firmware *
dell optiplex_xe4_tower_firmware *
dell inspiron_15_5510_firmware *
dell optiplex_7090_ultra_firmware *
dell inspiron_14_plus_7420_firmware *
dell optiplex_tower_plus_7010_firmware *
dell precision_3550_firmware *
dell precision_5680_firmware *
dell optiplex_3280_all-in-one_firmware *
dell optiplex_5480_all-in-one_firmware *
dell precision_5470_firmware *
dell inspiron_27_7720_all-in-one_firmware *
dell latitude_3530_firmware *
dell optiplex_small_form_factor_7010_firmware *
dell latitude_7330_firmware *
dell precision_3930_rack_firmware *
dell g15_5520_firmware *
dell xps_15_7590_firmware *
dell inspiron_13_5330_firmware *
dell optiplex_7760_all-in-one_firmware *
dell inspiron_24_5411_all-in-one_firmware *
dell latitude_3310_firmware *
dell inspiron_15_5518_firmware *
dell optiplex_5000_small_form_factor_firmware *
dell inspiron_3020_small_desktop_firmware *
dell latitude_3301_firmware *
dell g5_5000_firmware *
dell optiplex_5090_small_form_factor_firmware *
dell inspiron_16_5620_firmware *
dell latitude_5430_rugged_laptop_firmware *
CVE-2023-43079

Dell OpenManage Server Administrator, versions 11.0.0.0 and prior, contains an Improper Access Control vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to execute arbitrary code in order to elevate privileges on the system. Exploitation may lead to a complete system compromise.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

Products Affected

Vendor Product Version
dell emc_openmanage_server_administrator *
CVE-2023-43081

PowerProtect Agent for File System Version 19.14 and prior, contains an incorrect default permissions vulnerability in ddfscon component. A low Privileged local attacker could potentially exploit this vulnerability, leading to overwriting of log files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 1.8 1.4
security_alert@emc.com 4.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 2.5 1.4

Products Affected

Vendor Product Version
dell powerprotect_agent_for_file_system *
CVE-2023-43082

Dell Unity prior to 5.3 contains a 'man in the middle' vulnerability in the vmadapter component. If a customer has a certificate signed by a third-party public Certificate Authority, the vCenter CA could be spoofed by an attacker who can obtain a CA-signed certificate.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6
security_alert@emc.com 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N 3.9 4.0

Products Affected

Vendor Product Version
dell unity_xt_operating_environment *
dell unityvsa_operating_environment *
dell unity_operating_environment *
CVE-2023-43086

Dell Command | Configure, versions prior to 4.11.0, contains an improper access control vulnerability. A local malicious user could potentially modify files inside installation folder during application upgrade, leading to privilege escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

Products Affected

Vendor Product Version
dell command|configure *
CVE-2023-43087

Dell PowerScale OneFS 8.2.x, 9.0.0.x-9.5.0.x contains an improper handling of insufficient permissions. A low privileged remote attacker could potentially exploit this vulnerability to cause information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2023-43088

Dell Client BIOS contains a pre-boot direct memory access (DMA) vulnerability. An authenticated attacker with physical access to the system may potentially exploit this vulnerability in order to execute arbitrary code on the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.2 HIGH CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 0.5 6.0
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

Products Affected

Vendor Product Version
dell precision_7865_tower_firmware *
CVE-2023-43089

Dell Rugged Control Center, version prior to 4.7, contains insufficient protection for the Policy folder. A local malicious standard user could potentially exploit this vulnerability to modify the content of the policy file, leading to unauthorized access to resources.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L 1.8 2.5
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 1.8 1.4

Products Affected

Vendor Product Version
dell rugged_control_center *
CVE-2023-4401

Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the CLI use of the ‘more’ command. A local or remote authenticated attacker could potentially exploit this vulnerability, leading to the ability to gain root-level access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell smartfabric_storage_software *
CVE-2023-44277

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in the CLI. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell apex_protection_storage *
dell powerprotect_data_protection *
dell powerprotect_data_domain_management_center *
dell powerprotect_data_domain *
dell emc_data_domain_os *
CVE-2023-44278

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a path traversal vulnerability. A local high privileged attacker could potentially exploit this vulnerability, to gain unauthorized read and write access to the OS files stored on the server filesystem, with the privileges of the running application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell apex_protection_storage *
dell powerprotect_data_protection *
dell powerprotect_data_domain_management_center *
dell powerprotect_data_domain *
dell emc_data_domain_os *
CVE-2023-44279

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A local high privileged attacker could potentially exploit this vulnerability, to bypass security restrictions. Exploitation may lead to a system take over by an attacker

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell apex_protection_storage *
dell powerprotect_data_protection *
dell powerprotect_data_domain_management_center *
dell powerprotect_data_domain *
dell emc_data_domain_os *
CVE-2023-44281

Dell Pair Installer version prior to 1.2.1 contains an elevation of privilege vulnerability. A low privilege user with local access to the system could potentially exploit this vulnerability to delete arbitrary files and result in Denial of Service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H 1.3 5.2
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

Products Affected

Vendor Product Version
dell pair *
CVE-2023-44282

Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module. A local low-privileged attacker could potentially exploit this vulnerability, leading to gaining escalated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell repository_manager *
CVE-2023-44283

In Dell SupportAssist for Home PCs (between v3.0 and v3.14.1) and SupportAssist for Business PCs (between v3.0 and v3.4.1), a security concern has been identified, impacting locally authenticated users on their respective PCs. This issue may potentially enable privilege escalation and the execution of arbitrary code, in the Windows system context, and confined to that specific local PC.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell supportassist_for_home_pcs *
dell supportassist_for_business_pcs *
CVE-2023-44284

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an SQL Injection vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing unauthorized read access to application data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4
security_alert@emc.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
dell apex_protection_storage *
dell powerprotect_data_protection *
dell powerprotect_data_domain_management_center *
dell powerprotect_data_domain *
dell emc_data_domain_os *
CVE-2023-44285

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of privilege.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell apex_protection_storage *
dell powerprotect_data_protection *
dell powerprotect_data_domain_management_center *
dell powerprotect_data_domain *
dell emc_data_domain_os *
CVE-2023-44286

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a DOM-based Cross-Site Scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the injection of malicious HTML or JavaScript code to a victim user's DOM environment in the browser. . Exploitation may lead to information disclosure, session theft, or client-side request forgery.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7
security_alert@emc.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
dell apex_protection_storage *
dell powerprotect_data_protection *
dell powerprotect_data_domain_management_center *
dell powerprotect_data_domain *
dell emc_data_domain_os *
CVE-2023-44288

Dell PowerScale OneFS, 8.2.2.x through 9.6.0.x, contains an improper control of a resource through its lifetime vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, leading to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2023-44289

Dell Command | Configure versions prior to 4.11.0, contain an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability while repairing/changing installation, leading to privilege escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

Products Affected

Vendor Product Version
dell command|configure *
CVE-2023-44290

Dell Command | Monitor versions prior to 10.10.0, contain an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability while repairing/changing installation, leading to privilege escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

Products Affected

Vendor Product Version
dell command|monitor *
CVE-2023-44291

Dell DM5500 5.14.0.0 contains an OS command injection vulnerability in the appliance. A remote attacker with high privileges could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
dell powerprotect_data_manager_dm5500_firmware *
CVE-2023-44292

Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module. A local low-privileged attacker could potentially exploit this vulnerability, leading to gaining escalated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell repository_manager *
CVE-2023-44293

In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of IP Range Rest API. This issue may potentially lead to unintentional information disclosure from the product database.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

Products Affected

Vendor Product Version
dell secure_connect_gateway *
CVE-2023-44294

In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of Collection Rest API. This issue may potentially lead to unintentional information disclosure from the product database.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

Products Affected

Vendor Product Version
dell secure_connect_gateway *
CVE-2023-44295

Dell PowerScale OneFS versions 8.2.2.x through 9.6.0.x contains an improper control of a resource through its lifetime vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to loss of information, and information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.8 5.2
security_alert@emc.com 6.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L 2.0 3.7

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2023-44296

Dell ELab-Navigator, version 3.1.9 contains a hard-coded credential vulnerability. A local attacker could potentially exploit this vulnerability, leading to unauthorized access to sensitive data. Successful exploitation may result in the compromise of confidential user information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
security_alert@emc.com 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.5 5.9

Products Affected

Vendor Product Version
dell e-lab_navigator 3.1.8
dell e-lab_navigator 3.1.9
CVE-2023-44297

Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information disclosure, information tampering, code execution, denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
security_alert@emc.com 7.1 HIGH CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L 0.5 6.0

Products Affected

Vendor Product Version
dell poweredge_r660xs_firmware 1.4.4
dell poweredge_mx760c_firmware 1.4.4
dell poweredge_r760xd2_firmware 1.4.4
dell poweredge_r760_firmware 1.4.4
dell poweredge_r960_firmware 1.4.4
dell poweredge_hs5620_firmware 1.4.4
dell poweredge_r760xa_firmware 1.4.4
dell poweredge_c6620_firmware 1.4.4
dell poweredge_hs5610_firmware 1.4.4
dell poweredge_r660_firmware 1.4.4
dell poweredge_r860_firmware 1.4.4
dell poweredge_r760xs_firmware 1.4.4
dell poweredge_t560_firmware 1.4.4
CVE-2023-44298

Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information tampering, code execution, denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 3.6 LOW CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L 0.5 2.7
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

Products Affected

Vendor Product Version
dell poweredge_r660xs_firmware 1.4.4
dell poweredge_mx760c_firmware 1.4.4
dell poweredge_r760xd2_firmware 1.4.4
dell poweredge_r760_firmware 1.4.4
dell poweredge_r960_firmware 1.4.4
dell poweredge_hs5620_firmware 1.4.4
dell poweredge_r760xa_firmware 1.4.4
dell poweredge_c6620_firmware 1.4.4
dell poweredge_hs5610_firmware 1.4.4
dell poweredge_r660_firmware 1.4.4
dell poweredge_r860_firmware 1.4.4
dell poweredge_r760xs_firmware 1.4.4
dell poweredge_t560_firmware 1.4.4
CVE-2023-44300

Dell DM5500 5.14.0.0, contain a Plain-text Password Storage Vulnerability in the appliance. A local attacker with privileges could potentially exploit this vulnerability, leading to the disclosure of certain service credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
dell powerprotect_data_manager_dm5500_firmware *
CVE-2023-44301

Dell DM5500 5.14.0.0 and prior contain a Reflected Cross-Site Scripting Vulnerability. A network attacker with low privileges could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7
security_alert@emc.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
dell powerprotect_data_manager_dm5500_firmware *
CVE-2023-44302

Dell DM5500 5.14.0.0 and prior contain an improper authentication vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access of resources or functionality that could possibly lead to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security_alert@emc.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
dell powerprotect_data_manager_dm5500_firmware *
CVE-2023-44304

Dell DM5500 contains a privilege escalation vulnerability in the appliance. A remote attacker with low privileges could potentially exploit this vulnerability to escape the restricted shell and gain root access to the appliance.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
security_alert@emc.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
dell dm5500_firmware *
CVE-2023-44305

Dell DM5500 5.14.0.0, contains a Stack-based Buffer Overflow Vulnerability in the appliance. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security_alert@emc.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
dell dm5500_firmware *
CVE-2023-44306

Dell DM5500 contains a path traversal vulnerability in the appliance. A remote attacker with high privileges could potentially exploit this vulnerability to overwrite configuration files stored on the server filesystem.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 1.2 5.2
security_alert@emc.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 1.2 5.2

Products Affected

Vendor Product Version
dell dm5500_firmware *
CVE-2023-48660

Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote attacker could potentially exploit this vulnerability to read arbitrary files from the target system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
dell solutions_enabler_virtual_appliance *
dell unisphere_for_powermax_virtual_appliance *
dell powermax_os 5978
CVE-2023-48661

Dell vApp Manager, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability to read arbitrary files from the target system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

Products Affected

Vendor Product Version
dell solutions_enabler_virtual_appliance *
dell unisphere_for_powermax_virtual_appliance *
dell powermax_os 5978
CVE-2023-48662

Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
security_alert@emc.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
dell solutions_enabler_virtual_appliance *
dell unisphere_for_powermax_virtual_appliance *
dell powermax_os 5978
CVE-2023-48663

Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
dell solutions_enabler_virtual_appliance *
dell unisphere_for_powermax_virtual_appliance *
dell powermax_os 5978
CVE-2023-48664

Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
dell solutions_enabler_virtual_appliance *
dell unisphere_for_powermax_virtual_appliance *
dell powermax_os 5978
CVE-2023-48665

Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
security_alert@emc.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
dell solutions_enabler_virtual_appliance *
dell unisphere_for_powermax_virtual_appliance *
dell powermax_os 5978
CVE-2023-48667

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS to bypass security restriction. Exploitation may lead to a system take over by an attacker.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
dell apex_protection_storage *
dell powerprotect_data_protection *
dell powerprotect_data_domain_management_center *
dell powerprotect_data_domain *
dell emc_data_domain_os *
CVE-2023-48668

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 on DDMC contain an OS command injection vulnerability in an admin operation. A local high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the managed system application's underlying OS with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker on a managed system of DDMC.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
security_alert@emc.com 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0

Products Affected

Vendor Product Version
dell powerprotect_data_domain_management_center *
CVE-2023-48670

Dell SupportAssist for Home PCs version 3.14.1 and prior versions contain a privilege escalation vulnerability in the installer. A local low privileged authenticated attacker may potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

Products Affected

Vendor Product Version
dell supportassist_for_home_pcs 3.14.2.45116
CVE-2023-48671

Dell vApp Manager, versions prior to 9.2.4.x contain an information disclosure vulnerability. A remote attacker could potentially exploit this vulnerability leading to obtain sensitive information that may aid in further attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
dell solutions_enabler_virtual_appliance *
dell unisphere_for_powermax_virtual_appliance *
dell powermax_os 5978
CVE-2023-48674

Dell Platform BIOS contains an Improper Null Termination vulnerability. A high privilege user with network access to the system could potentially send malicious data to the device in order to cause some services to cease to function.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H 2.3 4.0

Products Affected

Vendor Product Version
dell precision_7540_firmware *
dell latitude_5400_firmware *
dell optiplex_7480_all-in-one_firmware *
dell latitude_5280_firmware *
dell latitude_5310_firmware *
dell optiplex_7060_firmware *
dell optiplex_7770_all-in-one_firmware *
dell latitude_5510_firmware *
dell precision_7550_firmware *
dell precision_3540_firmware *
dell precision_3470_firmware *
dell latitude_7390_2-in-1_firmware *
dell optiplex_7400_all-in-one_firmware *
dell latitude_7490_firmware *
dell xps_17_9720_firmware *
dell latitude_7210_2-in-1_firmware *
dell xps_13_plus_9320_firmware *
dell optiplex_all-in-one_7410_firmware *
dell precision_3520_firmware *
dell latitude_7520_firmware *
dell xps_15_9520_firmware *
dell latitude_9420_firmware *
dell precision_3450_firmware *
dell latitude_5430_firmware *
dell latitude_7440_firmware *
dell latitude_7400_2-in-1_firmware *
dell precision_7670_firmware *
dell optiplex_small_form_factor_plus_7010_firmware *
dell latitude_7640_firmware *
dell latitude_7480_firmware *
dell latitude_7330_rugged_laptop_firmware *
dell latitude_7280_firmware *
dell optiplex_tower_7010_firmware *
dell latitude_7290_firmware *
dell optiplex_micro_plus_7010_firmware *
dell latitude_5300_firmware *
dell precision_7920_tower_firmware *
dell precision_3260_compact_firmware *
dell latitude_7230_rugged_extreme_firmware *
dell latitude_7320_firmware *
dell precision_3630_tower_firmware *
dell latitude_5440_firmware *
dell precision_7820_tower_firmware *
dell precision_5560_firmware *
dell optiplex_7490_all-in-one_firmware *
dell xps_13_9310_2-in-1_firmware *
dell precision_5480_firmware *
dell latitude_5410_firmware *
dell optiplex_7071_firmware *
dell precision_3541_firmware *
dell optiplex_7460_all_in_one_firmware *
dell precision_5770_firmware *
dell optiplex_7000_tower_firmware *
dell latitude_5480_firmware *
dell precision_5570_firmware *
dell optiplex_7470_all-in-one_firmware *
dell optiplex_7780_all-in-one_firmware *
dell precision_3430_tower_firmware *
dell precision_7720_firmware *
dell optiplex_7000_micro_firmware *
dell latitude_9410_firmware *
dell precision_3240_compact_firmware *
dell precision_5530_firmware *
dell precision_3431_tower_firmware *
dell latitude_5530_firmware *
dell latitude_7530_firmware *
dell precision_3571_firmware *
dell latitude_5411_firmware *
dell latitude_5491_firmware *
dell precision_5760_firmware *
dell precision_5820_tower_firmware *
dell precision_3480_firmware *
dell optiplex_xe3_firmware *
dell latitude_5421_firmware *
dell latitude_5290_2-in-1_firmware *
dell precision_3570_firmware *
dell precision_3440_firmware *
dell precision_5540_firmware *
dell xps_13_9310_firmware *
dell precision_7730_firmware *
dell optiplex_7000_xe_micro_firmware *
dell latitude_7310_firmware *
dell latitude_5490_firmware *
dell latitude_5580_firmware *
dell precision_5720_aio_firmware *
dell optiplex_7090_tower_firmware *
dell latitude_7410_firmware *
dell latitude_5520_firmware *
dell precision_3561_firmware *
dell optiplex_7000_small_form_factor_firmware *
dell latitude_5431_firmware *
dell latitude_9430_firmware *
dell latitude_5521_firmware *
dell latitude_7285_2-in-1_firmware *
dell precision_7530_firmware *
dell precision_3460_small_form_factor_firmware *
dell precision_5750_firmware *
dell latitude_7380_firmware *
dell precision_5520_firmware *
dell latitude_7400_firmware *
dell latitude_5420_firmware *
dell precision_7780_firmware *
dell latitude_7420_firmware *
dell latitude_7220_rugged_extreme_firmware *
dell latitude_9330_firmware *
dell latitude_9440_2-in-1_firmware *
dell latitude_7430_firmware *
dell precision_3551_firmware *
dell precision_7680_firmware *
dell latitude_5591_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell latitude_7200_2-in-1_firmware *
dell precision_7520_firmware *
dell precision_3460_xe_small_form_factor_firmware *
dell precision_3260_xe_compact_firmware *
dell latitude_5531_firmware *
dell precision_3620_tower_firmware *
dell optiplex_7070_firmware *
dell precision_7770_firmware *
dell latitude_5420_rugged_firmware *
dell latitude_5340_firmware *
dell latitude_5288_firmware *
dell latitude_5500_firmware *
dell optiplex_7450_all-in-one_firmware *
dell latitude_5488_firmware *
dell precision_7740_firmware *
dell latitude_9510_2in1_firmware *
dell latitude_7340_firmware *
dell latitude_5330_firmware *
dell precision_7560_firmware *
dell latitude_5511_firmware *
dell optiplex_xe3_firmware 1.28.0
dell precision_3530_firmware *
dell precision_7760_firmware *
dell precision_3650_tower_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_7212_rugged_extreme_tablet_firmware *
dell latitude_5540_firmware *
dell latitude_5590_firmware *
dell latitude_9520_firmware *
dell latitude_5501_firmware *
dell precision_3640_firmware *
dell precision_5530_2-in-1_firmware *
dell latitude_7300_firmware *
dell precision_3581_firmware *
dell precision_3420_tower_firmware *
dell latitude_7390_firmware *
dell precision_3580_firmware *
dell precision_3660_firmware *
dell optiplex_7070_ultra_firmware *
dell optiplex_7080_firmware *
dell latitude_5401_firmware *
dell optiplex_xe4_tower_firmware *
dell optiplex_micro_7010_firmware *
dell optiplex_7090_ultra_firmware *
dell optiplex_tower_plus_7010_firmware *
dell latitude_5320_firmware *
dell precision_3550_firmware *
dell precision_5680_firmware *
dell precision_5470_firmware *
dell precision_7750_firmware *
dell optiplex_small_form_factor_7010_firmware *
dell latitude_7330_firmware *
dell precision_3930_rack_firmware *
dell latitude_5290_firmware *
dell latitude_5424_rugged_firmware *
dell latitude_rugged_7220ex_firmware *
dell precision_5550_firmware *
dell precision_3560_firmware *
dell latitude_5300_2-in-1_firmware *
dell optiplex_7760_all-in-one_firmware *
dell latitude_7320_detachable_firmware *
dell xps_13_9315_firmware *
dell latitude_5430_rugged_laptop_firmware *
CVE-2024-0154

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 3.8 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N 2.0 1.4

Products Affected

Vendor Product Version
dell emc_xc_core_xc650_firmware *
dell poweredge_r640_firmware *
dell poweredge_t640_firmware *
dell poweredge_t140_firmware *
dell poweredge_r960_firmware *
dell poweredge_xr8610t_firmware *
dell poweredge_r350_firmware *
dell nx3230_firmware *
dell poweredge_c6320_firmware *
dell poweredge_c6620_firmware *
dell xc6320_firmware *
dell poweredge_hs5620_firmware *
dell poweredge_fc640_firmware *
dell poweredge_r940xa_firmware *
dell poweredge_t130_firmware *
dell poweredge_r7515_firmware *
dell poweredge_xe9680_firmware *
dell poweredge_r760xa_firmware *
dell poweredge_m640_(pe_vrtx)_firmware *
dell poweredge_mx760c_firmware *
dell poweredge_r730xd_firmware *
dell poweredge_r650xs_firmware *
dell poweredge_m830_(pe_vrtx)_firmware *
dell poweredge_r750_firmware *
dell poweredge_xe2420_firmware *
dell xc_core_xc7625_firmware *
dell poweredge_xr5610_firmware *
dell poweredge_r6515_firmware *
dell xc430_firmware *
dell poweredge_t560_firmware *
dell poweredge_r750xa_firmware *
dell poweredge_xe8545_firmware *
dell poweredge_r740_firmware *
dell poweredge_m640_firmware *
dell poweredge_r760xd2_firmware *
dell poweredge_m630_firmware *
dell poweredge_r7615_firmware *
dell emc_xc_core_xc740xd_system_firmware *
dell poweredge_r550_firmware *
dell xc630_firmware *
dell poweredge_t440_firmware *
dell poweredge_r940_firmware *
dell emc_xc_core_xc940_system_firmware *
dell poweredge_fc630_firmware *
dell poweredge_r740xd2_firmware *
dell poweredge_r630_firmware *
dell poweredge_m830_firmware *
dell poweredge_t340_firmware *
dell nx3240_firmware *
dell poweredge_mx740c_firmware *
dell poweredge_fc830_firmware *
dell nx440_firmware *
dell poweredge_hs5610_firmware *
dell poweredge_r6525_firmware *
dell poweredge_t430_firmware *
dell poweredge_xr12_firmware *
dell poweredge_mx840c_firmware *
dell poweredge_c6615_firmware *
dell poweredge_r340_firmware *
dell poweredge_c4140_firmware *
dell poweredge_c6420_firmware *
dell poweredge_c4130_firmware *
dell poweredge_xr4510c_firmware *
dell poweredge_xe7440_firmware *
dell poweredge_r760xs_firmware *
dell poweredge_r6615_firmware *
dell poweredge_fc430_firmware *
dell emc_xc_core_xc7525_firmware *
dell xc_core_xc760_firmware *
dell nx3330_firmware *
dell poweredge_m630_(pe_vrtx)_firmware *
dell poweredge_xe9640_firmware *
dell poweredge_r840_firmware *
dell nx430_firmware *
dell poweredge_xr8620t_firmware *
dell poweredge_xe8640_firmware *
dell poweredge_r330_firmware *
dell poweredge_r930_firmware *
dell poweredge_r660_firmware *
dell poweredge_r430_firmware *
dell nx3340_firmware *
dell poweredge_r240_firmware *
dell poweredge_r230_firmware *
dell emc_xc_core_xc640_system_firmware *
dell poweredge_r250_firmware *
dell poweredge_xr4520c_firmware *
dell poweredge_r540_firmware *
dell poweredge_r730_firmware *
dell emc_xc_core_xc750xa_firmware *
dell xc730xd_firmware *
dell poweredge_r860_firmware *
dell poweredge_r450_firmware *
dell emc_xc_core_xc740xd2_firmware *
dell poweredge_r7525_firmware *
dell poweredge_c6525_firmware *
dell poweredge_r830_firmware *
dell emc_xc_core_xc450_firmware *
dell poweredge_t630_firmware *
dell poweredge_r660xs_firmware *
dell poweredge_t350_firmware *
dell poweredge_r760_firmware *
dell emc_xc_core_xcxr2_firmware *
dell xc_core_xc660_firmware *
dell poweredge_r530_firmware *
dell poweredge_xr7620_firmware *
dell poweredge_r7625_firmware *
dell poweredge_xr2_firmware *
dell poweredge_xr11_firmware *
dell poweredge_mx750c_firmware *
dell poweredge_r740xd_firmware *
dell emc_xc_core_6420_system_firmware *
dell poweredge_t550_firmware *
dell poweredge_t330_firmware *
dell emc_xc_core_xc6520_firmware *
dell poweredge_r650_firmware *
dell poweredge_xe7420_firmware *
dell emc_xc_core_xc750_firmware *
dell xc730_firmware *
dell dss_8440_firmware *
dell poweredge_r440_firmware *
dell poweredge_r750xs_firmware *
dell poweredge_t150_firmware *
dell poweredge_r6625_firmware *
dell poweredge_c6520_firmware *
CVE-2024-0155

Dell Digital Delivery, versions prior to 5.2.0.0, contain a Use After Free Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to application crash or execution of arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

Products Affected

Vendor Product Version
dell digital_delivery *
CVE-2024-0156

Dell Digital Delivery, versions prior to 5.2.0.0, contain a Buffer Overflow Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to arbitrary code execution and/or privilege escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

Products Affected

Vendor Product Version
dell digital_delivery *
CVE-2024-0157

Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in SRM Windows Host Agent. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to the hijack of a targeted user's application session.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

Products Affected

Vendor Product Version
dell storage_monitoring_and_reporting *
dell storage_resource_manager *
CVE-2024-0158

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability to modify a UEFI variable, leading to denial of service and escalation of privileges

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L 0.8 4.2

Products Affected

Vendor Product Version
dell optiplex_3090_firmware *
dell xps_17_9730_firmware *
dell optiplex_7480_all-in-one_firmware *
dell inspiron_3593_firmware *
dell inspiron_24_5410_all-in-one_firmware *
dell inspiron_5593_firmware *
dell vostro_3710_firmware *
dell latitude_3410_firmware *
dell inspiron_15_3530_firmware *
dell latitude_7390_2-in-1_firmware *
dell inspiron_5400_firmware *
dell optiplex_7400_all-in-one_firmware *
dell vostro_15_3520_firmware *
dell latitude_7210_2-in-1_firmware *
dell xps_13_plus_9320_firmware *
dell optiplex_all-in-one_7410_firmware *
dell precision_3520_firmware *
dell latitude_3520_firmware *
dell xps_15_9520_firmware *
dell inspiron_5409_firmware *
dell inspiron_7700_all-in-one_firmware *
dell latitude_7440_firmware *
dell vostro_3020_tower_desktop_firmware *
dell latitude_7480_firmware *
dell xps_15_9530_firmware *
dell xps_9315_2-in-1_firmware *
dell optiplex_tower_7010_firmware *
dell latitude_7230_rugged_extreme_firmware *
dell precision_3630_tower_firmware *
dell precision_7820_tower_firmware *
dell optiplex_7490_all-in-one_firmware *
dell optiplex_7460_all_in_one_firmware *
dell optiplex_5060_firmware *
dell inspiron_16_5640_firmware *
dell alienware_x16_r1_firmware *
dell precision_3430_tower_firmware *
dell optiplex_5400_all-in-one_firmware *
dell optiplex_5260_all-in-one_firmware *
dell latitude_9410_firmware *
dell precision_3240_compact_firmware *
dell inspiron_3030s_firmware *
dell g7_7700_firmware *
dell precision_5530_firmware *
dell optiplex_3050_firmware *
dell alienware_m15_r6_firmware *
dell precision_3571_firmware *
dell latitude_5491_firmware *
dell vostro_5502_firmware *
dell precision_5760_firmware *
dell precision_5820_tower_firmware *
dell optiplex_3000_small_form_factor_firmware *
dell vostro_15_3530_firmware *
dell g3_3500_firmware *
dell inspiron_16_7620_2-in-1_firmware *
dell vostro_3580_firmware *
dell inspiron_14_7420_2-in-1_firmware *
dell latitude_7414_rugged_firmware *
dell inspiron_3880_firmware *
dell optiplex_7000_small_form_factor_firmware *
dell vostro_3400_firmware *
dell latitude_7380_firmware *
dell latitude_7420_firmware *
dell latitude_7220_rugged_extreme_firmware *
dell latitude_9440_2-in-1_firmware *
dell xps_17_9710_firmware *
dell optiplex_3090_ultra_firmware *
dell precision_3551_firmware *
dell precision_7680_firmware *
dell xps_15_9510_firmware *
dell optiplex_7070_firmware *
dell latitude_5340_firmware *
dell precision_7740_firmware *
dell vostro_3890_firmware *
dell xps_15_9500_firmware *
dell precision_7560_firmware *
dell precision_7760_firmware *
dell inspiron_5493_firmware *
dell optiplex_5000_tower_firmware *
dell precision_3650_tower_firmware *
dell vostro_13_5310_firmware *
dell latitude_9520_firmware *
dell inspiron_7506_2-in-1_firmware *
dell wyse_5470_all-in-one_firmware *
dell precision_5530_2-in-1_firmware *
dell latitude_7300_firmware *
dell precision_3581_firmware *
dell latitude_3320_firmware *
dell precision_3420_tower_firmware *
dell precision_3580_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell optiplex_micro_7010_firmware *
dell precision_5860_tower_firmware *
dell latitude_5320_firmware *
dell xps_17_9700_firmware *
dell latitude_5290_firmware *
dell latitude_rugged_7220ex_firmware *
dell precision_3560_firmware *
dell latitude_7320_detachable_firmware *
dell latitude_3510_firmware *
dell g15_5511_firmware *
dell inspiron_7306_2-in-1_firmware *
dell xps_13_9315_firmware *
dell inspiron_13_5320_firmware *
dell vostro_3690_firmware *
dell latitude_5510_firmware *
dell xps_17_9720_firmware *
dell latitude_9420_firmware *
dell precision_3450_firmware *
dell latitude_7400_2-in-1_firmware *
dell latitude_7640_firmware *
dell optiplex_3000_thin_client_firmware *
dell latitude_7280_firmware *
dell latitude_7290_firmware *
dell optiplex_5055_ryzen_cpu_firmware *
dell latitude_5300_firmware *
dell inspiron_15_7510_firmware *
dell latitude_7320_firmware *
dell latitude_5440_firmware *
dell precision_5560_firmware *
dell xps_13_9310_2-in-1_firmware *
dell optiplex_7071_firmware *
dell edge_gateway_3000_firmware *
dell inspiron_27_7710_all-in-one_firmware *
dell latitude_3380_firmware *
dell latitude_3340_firmware *
dell precision_5570_firmware *
dell optiplex_7780_all-in-one_firmware *
dell precision_3431_tower_firmware *
dell latitude_5530_firmware *
dell latitude_7530_firmware *
dell inspiron_5502_firmware *
dell optiplex_5050_firmware *
dell inspiron_5406_2-in-1_firmware *
dell latitude_5290_2-in-1_firmware *
dell precision_3440_firmware *
dell xps_13_9310_firmware *
dell precision_7865_tower_firmware *
dell optiplex_5055_ryzen_apu_firmware *
dell latitude_5580_firmware *
dell latitude_3120_firmware *
dell latitude_7410_firmware *
dell latitude_3189_firmware *
dell precision_3460_small_form_factor_firmware *
dell precision_5750_firmware *
dell vostro_3681_firmware *
dell vostro_5320_firmware *
dell optiplex_3000_tower_firmware *
dell inspiron_15_3511_firmware *
dell latitude_9330_firmware *
dell inspiron_14_5420_firmware *
dell latitude_5495_firmware *
dell optiplex_3080_firmware *
dell latitude_3540_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell g16_7620_firmware *
dell inspiron_5402_firmware *
dell precision_7520_firmware *
dell latitude_3400_firmware *
dell latitude_5531_firmware *
dell vostro_15_5510_firmware *
dell latitude_3180_firmware *
dell vostro_5620_firmware *
dell alienware_x16_r2_firmware *
dell latitude_5500_firmware *
dell latitude_7340_firmware *
dell latitude_5330_firmware *
dell latitude_3440_firmware *
dell wyse_5070_firmware *
dell chengming_3990_firmware *
dell inspiron_5301_firmware *
dell precision_3660_firmware *
dell inspiron_3881_firmware *
dell vostro_5090_firmware *
dell optiplex_xe4_tower_firmware *
dell optiplex_7090_ultra_firmware *
dell inspiron_14_plus_7420_firmware *
dell precision_3550_firmware *
dell vostro_7620_firmware -
dell optiplex_3280_all-in-one_firmware *
dell optiplex_5480_all-in-one_firmware *
dell precision_5470_firmware *
dell latitude_3530_firmware *
dell optiplex_small_form_factor_7010_firmware *
dell latitude_7330_firmware *
dell precision_3930_rack_firmware *
dell xps_15_7590_firmware *
dell optiplex_7760_all-in-one_firmware *
dell inspiron_15_5518_firmware *
dell g5_5000_firmware *
dell precision_7540_firmware *
dell alienware_x14_r2_firmware *
dell latitude_5280_firmware *
dell inspiron_5410_firmware *
dell xps_13_9305_firmware *
dell optiplex_7770_all-in-one_firmware *
dell precision_7875_tower_firmware *
dell vostro_14_5410_firmware *
dell precision_3470_firmware *
dell latitude_7490_firmware *
dell inspiron_3493_firmware *
dell latitude_7520_firmware *
dell latitude_3310_2-in-1_firmware *
dell vostro_3590_firmware *
dell latitude_7330_rugged_laptop_firmware *
dell optiplex_3000_micro_firmware *
dell vostro_16_5640_firmware *
dell precision_5480_firmware *
dell latitude_5410_firmware *
dell inspiron_15_3520_firmware *
dell latitude_3430_firmware *
dell inspiron_5401_firmware *
dell optiplex_7470_all-in-one_firmware *
dell optiplex_3050_all-in-one_firmware *
dell optiplex_7000_micro_firmware *
dell edge_gateway_5000_firmware *
dell alienware_m16_r1_firmware *
dell latitude_5411_firmware *
dell optiplex_5090_micro_firmware *
dell g5_5090_firmware *
dell g7_7500_firmware *
dell precision_3480_firmware *
dell optiplex_3060_firmware *
dell optiplex_xe3_firmware *
dell precision_3570_firmware *
dell precision_5540_firmware *
dell embedded_box_pc_5000_firmware *
dell precision_7730_firmware *
dell inspiron_7501_firmware *
dell latitude_5490_firmware *
dell optiplex_5000_micro_firmware *
dell latitude_5520_firmware *
dell precision_3561_firmware *
dell vostro_14_3430_firmware *
dell latitude_5431_firmware *
dell g5_5500_firmware *
dell vostro_3881_firmware *
dell inspiron_5509_firmware *
dell inspiron_16_7630_2-in-1_firmware *
dell latitude_5521_firmware *
dell vostro_3500_firmware *
dell vostro_3501_firmware *
dell optiplex_5080_firmware *
dell latitude_5420_firmware *
dell inspiron_7490_firmware *
dell inspiron_14_5410_firmware *
dell inspiron_3891_firmware *
dell latitude_7200_2-in-1_firmware *
dell inspiron_3910_firmware *
dell inspiron_14_5430_firmware *
dell precision_3620_tower_firmware *
dell precision_7770_firmware *
dell latitude_5288_firmware *
dell latitude_3300_firmware *
dell optiplex_7450_all-in-one_firmware *
dell latitude_9510_2in1_firmware *
dell optiplex_5070_firmware *
dell inspiron_16_7610_firmware *
dell inspiron_3480_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_7212_rugged_extreme_tablet_firmware *
dell latitude_5540_firmware *
dell latitude_5501_firmware *
dell vostro_15_7510_firmware *
dell vostro_3910_firmware *
dell latitude_5430_rugged_firmware *
dell latitude_7390_firmware *
dell alienware_m18_r1_firmware *
dell inspiron_16_5630_firmware *
dell inspiron_7300_firmware *
dell optiplex_7070_ultra_firmware *
dell optiplex_7080_firmware *
dell inspiron_7400_firmware *
dell inspiron_24_5420_all-in-one_firmware *
dell latitude_3420_firmware *
dell inspiron_3793_firmware *
dell precision_7750_firmware *
dell latitude_3190_firmware *
dell chengming_3991_firmware *
dell xps_13_9300_firmware *
dell latitude_5424_rugged_firmware *
dell precision_5550_firmware *
dell inspiron_7706_2-in-1_firmware *
dell latitude_5300_2-in-1_firmware *
dell precision_7960_tower_firmware *
dell vostro_5880_firmware *
dell alienware_m15_r7_firmware *
dell inspiron_5401_aio_firmware *
dell inspiron_3020_desktop_firmware *
dell latitude_5400_firmware *
dell optiplex_5090_tower_firmware *
dell latitude_5310_firmware *
dell optiplex_7060_firmware *
dell inspiron_14_5418_firmware *
dell vostro_3583_firmware *
dell precision_7550_firmware *
dell precision_3540_firmware *
dell chengming_3900_firmware *
dell latitude_3140_firmware *
dell vostro_16_5630_firmware *
dell vostro_3480_firmware *
dell inspiron_13_5310_firmware *
dell optiplex_5270_all-in-one_firmware *
dell latitude_5430_firmware *
dell precision_7670_firmware *
dell optiplex_small_form_factor_plus_7010_firmware *
dell inspiron_14_5440_firmware *
dell optiplex_micro_plus_7010_firmware *
dell precision_7920_tower_firmware *
dell precision_3260_compact_firmware *
dell inspiron_14_7430_2-in-1_firmware *
dell chengming_3910_firmware *
dell alienware_m18_r2_firmware *
dell inspiron_16_plus_7620_firmware *
dell vostro_5301_firmware *
dell latitude_3190_2-in-1_firmware *
dell precision_3541_firmware *
dell precision_5770_firmware *
dell latitude_5414_rugged_firmware *
dell optiplex_7000_tower_firmware *
dell g16_7630_firmware *
dell latitude_5480_firmware *
dell precision_7720_firmware *
dell latitude_3500_firmware *
dell inspiron_16_plus_7630_firmware *
dell latitude_5421_firmware *
dell vostro_5890_firmware *
dell xps_13_7390_2-in-1_firmware *
dell optiplex_7000_xe_micro_firmware *
dell optiplex_5490_all-in-one_firmware *
dell latitude_7310_firmware *
dell vostro_3020_small_desktop_firmware *
dell g15_5530_firmware *
dell optiplex_7090_tower_firmware *
dell optiplex_5055_a-serial_firmware *
dell latitude_12_rugged_extreme_7214_firmware *
dell optiplex_3070_firmware *
dell chengming_3911_firmware *
dell latitude_9430_firmware *
dell vostro_14_3420_firmware *
dell latitude_7285_2-in-1_firmware *
dell precision_7530_firmware *
dell precision_5520_firmware *
dell latitude_7400_firmware *
dell wyse_5470_firmware *
dell vostro_5402_firmware *
dell precision_7780_firmware *
dell latitude_7430_firmware *
dell latitude_5591_firmware *
dell vostro_7500_firmware *
dell inspiron_3580_firmware *
dell precision_3460_xe_small_form_factor_firmware *
dell precision_3260_xe_compact_firmware *
dell vostro_3030s_firmware *
dell latitude_3390_2-in-1_firmware *
dell latitude_5420_rugged_firmware *
dell latitude_5488_firmware *
dell embedded_box_pc_3000_firmware *
dell latitude_3330_firmware *
dell vostro_3401_firmware *
dell latitude_7030_rugged_extreme_firmware *
dell latitude_5511_firmware *
dell precision_3530_firmware *
dell inspiron_3501_firmware *
dell g15_5510_firmware *
dell latitude_5590_firmware *
dell precision_3640_firmware *
dell inspiron_14_plus_7430_firmware *
dell xps_13_7390_firmware *
dell wyse_7040_thin_client_firmware *
dell vostro_15_3510_firmware *
dell xps_8940_firmware *
dell inspiron_7500_firmware *
dell inspiron_15_5510_firmware *
dell optiplex_tower_plus_7010_firmware *
dell precision_5680_firmware *
dell inspiron_27_7720_all-in-one_firmware *
dell g15_5520_firmware *
dell inspiron_13_5330_firmware *
dell inspiron_24_5411_all-in-one_firmware *
dell inspiron_14_7440_2-in-1_firmware *
dell vostro_14_3440_firmware *
dell latitude_3310_firmware *
dell optiplex_5000_small_form_factor_firmware *
dell inspiron_3020_small_desktop_firmware *
dell latitude_3301_firmware *
dell optiplex_5090_small_form_factor_firmware *
dell inspiron_16_5620_firmware *
CVE-2024-0159

Dell Alienware Command Center, versions 5.5.52.0 and prior, contain improper access control vulnerability, leading to Denial of Service on local system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell alienware_command_center *
CVE-2024-0160

Dell Client Platform contains an incorrect authorization vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by bypassing BIOS authorization to modify settings in the BIOS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

Products Affected

Vendor Product Version
dell g7_7700_firmware *
dell latitude_3420_firmware *
dell inspiron_7501_firmware *
dell latitude_3520_firmware *
dell vostro_7500_firmware *
dell xps_17_9700_firmware *
dell g7_7500_firmware *
dell precision_5550_firmware *
dell g5_5500_firmware *
dell latitude_3510_firmware *
dell precision_5750_firmware *
dell g3_3500_firmware *
dell latitude_3410_firmware *
dell xps_15_9500_firmware *
dell inspiron_7500_firmware *
CVE-2024-0161

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.2 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H 0.8 5.8

Products Affected

Vendor Product Version
dell emc_storage_nx3240_firmware *
dell poweredge_m630_(pe_vrtx)_firmware *
dell emc_xc_core_xc650_firmware *
dell poweredge_r640_firmware *
dell poweredge_t640_firmware *
dell poweredge_r840_firmware *
dell poweredge_r350_firmware *
dell poweredge_r330_firmware *
dell poweredge_c6320_firmware *
dell emc_xc_core_xc740xd_firmware *
dell poweredge_r930_firmware *
dell xc6320_firmware *
dell poweredge_r430_firmware *
dell poweredge_fc640_firmware *
dell poweredge_r940xa_firmware *
dell poweredge_r230_firmware *
dell poweredge_t130_firmware *
dell poweredge_r250_firmware *
dell poweredge_xr4520c_firmware *
dell poweredge_r540_firmware *
dell emc_storage_nx3340_firmware *
dell poweredge_m640_(pe_vrtx)_firmware *
dell poweredge_r730_firmware *
dell poweredge_r730xd_firmware *
dell poweredge_r650xs_firmware *
dell emc_xc_core_6420_firmware *
dell emc_xc_core_xc750xa_firmware *
dell poweredge_m830_(pe_vrtx)_firmware *
dell poweredge_r750_firmware *
dell xc730xd_firmware *
dell poweredge_xe2420_firmware *
dell xc430_firmware *
dell poweredge_r750xa_firmware *
dell poweredge_r450_firmware *
dell poweredge_r740_firmware *
dell emc_xc_core_xc740xd2_firmware *
dell poweredge_r360_firmware *
dell poweredge_m640_firmware *
dell poweredge_r830_firmware *
dell emc_xc_core_xc450_firmware *
dell poweredge_t630_firmware *
dell emc_xc_core_xc640_firmware *
dell poweredge_t350_firmware *
dell poweredge_m630_firmware *
dell emc_xc_core_xcxr2_firmware *
dell poweredge_r550_firmware *
dell poweredge_r530_firmware *
dell xc630_firmware *
dell poweredge_t440_firmware *
dell poweredge_r940_firmware *
dell poweredge_xr2_firmware *
dell poweredge_fc630_firmware *
dell poweredge_r740xd2_firmware *
dell poweredge_r630_firmware *
dell poweredge_m830_firmware *
dell poweredge_xr11_firmware *
dell poweredge_mx750c_firmware *
dell poweredge_r740xd_firmware *
dell poweredge_t550_firmware *
dell poweredge_t330_firmware *
dell emc_xc_core_xc6520_firmware *
dell poweredge_t360_firmware *
dell poweredge_r650_firmware *
dell poweredge_mx740c_firmware *
dell poweredge_xe7420_firmware *
dell emc_xc_core_xc750_firmware *
dell xc730_firmware *
dell poweredge_fc830_firmware *
dell poweredge_t430_firmware *
dell dss_8440_firmware *
dell poweredge_r440_firmware *
dell poweredge_xr12_firmware *
dell storage_nx430_firmware *
dell poweredge_mx840c_firmware *
dell poweredge_r750xs_firmware *
dell poweredge_t150_firmware *
dell poweredge_c4140_firmware *
dell poweredge_c6420_firmware *
dell poweredge_c4130_firmware *
dell poweredge_xr4510c_firmware *
dell poweredge_xe7440_firmware *
dell emc_xc_core_xc940_firmware *
dell storage_nx3230_firmware *
dell poweredge_c6520_firmware *
dell poweredge_fc430_firmware *
dell storage_nx3330_firmware *
CVE-2024-0162

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to out-of-bound read/writes to SMRAM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.3 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L 1.1 3.7

Products Affected

Vendor Product Version
dell xc_core_xc760_firmware *
dell emc_xc_core_xc650_firmware *
dell poweredge_r960_firmware *
dell poweredge_xe9640_firmware *
dell poweredge_xr8610t_firmware *
dell poweredge_xr8620t_firmware *
dell poweredge_r350_firmware *
dell poweredge_xe8640_firmware *
dell poweredge_c6620_firmware *
dell poweredge_r660_firmware *
dell poweredge_hs5620_firmware *
dell poweredge_r250_firmware *
dell poweredge_r7515_firmware *
dell poweredge_xe9680_firmware *
dell poweredge_xr4520c_firmware *
dell poweredge_r760xa_firmware *
dell poweredge_mx760c_firmware *
dell poweredge_r650xs_firmware *
dell emc_xc_core_xc750xa_firmware *
dell poweredge_r750_firmware *
dell poweredge_r860_firmware *
dell xc_core_xc7625_firmware *
dell poweredge_xr5610_firmware *
dell poweredge_r6515_firmware *
dell poweredge_t560_firmware *
dell poweredge_r750xa_firmware *
dell poweredge_r450_firmware *
dell poweredge_xe8545_firmware *
dell poweredge_r7525_firmware *
dell poweredge_c6525_firmware *
dell emc_xc_core_xc450_firmware *
dell poweredge_r760xd2_firmware *
dell poweredge_r660xs_firmware *
dell poweredge_t350_firmware *
dell poweredge_r760_firmware *
dell poweredge_r7615_firmware *
dell poweredge_r550_firmware *
dell xc_core_xc660_firmware *
dell poweredge_xr7620_firmware *
dell poweredge_r7625_firmware *
dell poweredge_xr11_firmware *
dell poweredge_mx750c_firmware *
dell poweredge_t550_firmware *
dell emc_xc_core_xc6520_firmware *
dell poweredge_r650_firmware *
dell emc_xc_core_xc750_firmware *
dell poweredge_hs5610_firmware *
dell poweredge_r6525_firmware *
dell poweredge_xr12_firmware *
dell poweredge_r750xs_firmware *
dell poweredge_t150_firmware *
dell poweredge_c6615_firmware *
dell poweredge_r6625_firmware *
dell poweredge_xr4510c_firmware *
dell poweredge_r760xs_firmware *
dell poweredge_r6615_firmware *
dell poweredge_c6520_firmware *
dell emc_xc_core_xc7525_firmware *
CVE-2024-0163

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain a TOCTOU race condition vulnerability. A local low privileged attacker could potentially exploit this vulnerability to gain access to otherwise unauthorized resources.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.3 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L 1.1 3.7

Products Affected

Vendor Product Version
dell xc_core_xc760_firmware *
dell emc_xc_core_xc650_firmware *
dell poweredge_r960_firmware *
dell poweredge_xe9640_firmware *
dell poweredge_xr8610t_firmware *
dell poweredge_xr8620t_firmware *
dell poweredge_r350_firmware *
dell poweredge_xe8640_firmware *
dell poweredge_c6620_firmware *
dell poweredge_r660_firmware *
dell poweredge_hs5620_firmware *
dell poweredge_r250_firmware *
dell poweredge_r7515_firmware *
dell poweredge_xe9680_firmware *
dell poweredge_xr4520c_firmware *
dell poweredge_r760xa_firmware *
dell poweredge_mx760c_firmware *
dell poweredge_r650xs_firmware *
dell emc_xc_core_xc750xa_firmware *
dell poweredge_r750_firmware *
dell poweredge_r860_firmware *
dell xc_core_xc7625_firmware *
dell poweredge_xr5610_firmware *
dell poweredge_r6515_firmware *
dell poweredge_t560_firmware *
dell poweredge_r750xa_firmware *
dell poweredge_r450_firmware *
dell poweredge_xe8545_firmware *
dell poweredge_r7525_firmware *
dell poweredge_c6525_firmware *
dell emc_xc_core_xc450_firmware *
dell poweredge_r760xd2_firmware *
dell poweredge_r660xs_firmware *
dell poweredge_t350_firmware *
dell poweredge_r760_firmware *
dell poweredge_r7615_firmware *
dell poweredge_r550_firmware *
dell xc_core_xc660_firmware *
dell poweredge_xr7620_firmware *
dell poweredge_r7625_firmware *
dell poweredge_xr11_firmware *
dell poweredge_mx750c_firmware *
dell poweredge_t550_firmware *
dell emc_xc_core_xc6520_firmware *
dell poweredge_r650_firmware *
dell emc_xc_core_xc750_firmware *
dell poweredge_hs5610_firmware *
dell poweredge_r6525_firmware *
dell poweredge_xr12_firmware *
dell poweredge_r750xs_firmware *
dell poweredge_t150_firmware *
dell poweredge_c6615_firmware *
dell poweredge_r6625_firmware *
dell poweredge_xr4510c_firmware *
dell poweredge_r760xs_firmware *
dell poweredge_r6615_firmware *
dell poweredge_c6520_firmware *
dell emc_xc_core_xc7525_firmware *
CVE-2024-0164

Dell Unity, versions prior to 5.4, contain an OS Command Injection Vulnerability in its svc_topstats utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary commands with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell unity_operating_environment *
CVE-2024-0165

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_acldb_dump utility. An authenticated attacker could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell unity_operating_environment *
CVE-2024-0166

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_tcpdump utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell unity_operating_environment *
CVE-2024-0167

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in the svc_topstats utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability to overwrite arbitrary files on the file system with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell unity_operating_environment *
CVE-2024-0168

Dell Unity, versions prior to 5.4, contains a Command Injection Vulnerability in svc_oscheck utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability to inject arbitrary operating system commands. This vulnerability allows an authenticated attacker to execute commands with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell unity_operating_environment *
CVE-2024-0169

Dell Unity, version(s) 5.3 and prior, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.7 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N 2.1 3.6

Products Affected

Vendor Product Version
dell unity_operating_environment *
CVE-2024-0170

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cava utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell unity_operating_environment *
CVE-2024-0171

Dell PowerEdge Server BIOS contains an TOCTOU race condition vulnerability. A local low privileged attacker could potentially exploit this vulnerability to gain access to otherwise unauthorized resources.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.3 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L 1.1 3.7

Products Affected

Vendor Product Version
dell poweredge_c6615_firmware *
dell poweredge_r6625_firmware *
dell xc_core_xc7625_firmware *
dell poweredge_r7615_firmware *
dell poweredge_r6615_firmware *
dell poweredge_r7625_firmware *
CVE-2024-0172

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.9 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L 2.5 4.7

Products Affected

Vendor Product Version
dell emc_storage_nx3240_firmware *
dell emc_xc_core_xc650_firmware *
dell poweredge_r640_firmware *
dell poweredge_t640_firmware *
dell poweredge_t140_firmware *
dell poweredge_r960_firmware *
dell poweredge_xe9640_firmware *
dell poweredge_r840_firmware *
dell poweredge_xr8610t_firmware *
dell poweredge_xr8620t_firmware *
dell poweredge_r350_firmware *
dell poweredge_xe8640_firmware *
dell poweredge_r6415_firmware *
dell poweredge_c6620_firmware *
dell poweredge_r660_firmware *
dell poweredge_hs5620_firmware *
dell poweredge_fc640_firmware *
dell poweredge_r940xa_firmware *
dell poweredge_r240_firmware *
dell emc_xc_core_xc640_system_firmware *
dell poweredge_r250_firmware *
dell poweredge_r7515_firmware *
dell poweredge_xe9680_firmware *
dell poweredge_xr4520c_firmware *
dell poweredge_r540_firmware *
dell poweredge_r760xa_firmware *
dell emc_storage_nx3340_firmware *
dell poweredge_m640_(pe_vrtx)_firmware *
dell poweredge_mx760c_firmware *
dell poweredge_r650xs_firmware *
dell emc_xc_core_xc750xa_firmware *
dell poweredge_r750_firmware *
dell poweredge_r860_firmware *
dell poweredge_xe2420_firmware *
dell poweredge_xr5610_firmware *
dell poweredge_r6515_firmware *
dell poweredge_t560_firmware *
dell poweredge_r7415_firmware *
dell poweredge_r750xa_firmware *
dell poweredge_r450_firmware *
dell poweredge_xe8545_firmware *
dell poweredge_r740_firmware *
dell emc_xc_core_xc740xd2_firmware *
dell poweredge_r7525_firmware *
dell poweredge_c6525_firmware *
dell poweredge_m640_firmware *
dell emc_xc_core_xc450_firmware *
dell poweredge_r760xd2_firmware *
dell poweredge_r660xs_firmware *
dell poweredge_t350_firmware *
dell poweredge_r760_firmware *
dell poweredge_r7615_firmware *
dell emc_xc_core_xcxr2_firmware *
dell emc_xc_core_xc740xd_system_firmware *
dell poweredge_r550_firmware *
dell poweredge_xr7620_firmware *
dell poweredge_t440_firmware *
dell poweredge_r940_firmware *
dell poweredge_r7625_firmware *
dell poweredge_xr2_firmware *
dell emc_xc_core_xc940_system_firmware *
dell poweredge_r740xd2_firmware *
dell poweredge_xr11_firmware *
dell poweredge_mx750c_firmware *
dell poweredge_r740xd_firmware *
dell emc_xc_core_6420_system_firmware *
dell poweredge_t550_firmware *
dell poweredge_t340_firmware *
dell emc_xc_core_xc6520_firmware *
dell poweredge_r650_firmware *
dell poweredge_mx740c_firmware *
dell poweredge_xe7420_firmware *
dell emc_xc_core_xc750_firmware *
dell nx440_firmware *
dell poweredge_hs5610_firmware *
dell poweredge_r6525_firmware *
dell dss_8440_firmware *
dell poweredge_r440_firmware *
dell poweredge_r7425_firmware *
dell poweredge_xr12_firmware *
dell poweredge_mx840c_firmware *
dell poweredge_r750xs_firmware *
dell poweredge_t150_firmware *
dell poweredge_r340_firmware *
dell poweredge_r6625_firmware *
dell poweredge_c4140_firmware *
dell poweredge_c6420_firmware *
dell poweredge_xr4510c_firmware *
dell poweredge_xe7440_firmware *
dell poweredge_r760xs_firmware *
dell poweredge_r6615_firmware *
dell poweredge_c6520_firmware *
dell emc_xc_core_xc7525_firmware *
CVE-2024-0173

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 3.8 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N 2.0 1.4

Products Affected

Vendor Product Version
dell emc_xc_core_xc650_firmware *
dell poweredge_r640_firmware *
dell poweredge_t640_firmware *
dell poweredge_t140_firmware *
dell poweredge_r960_firmware *
dell poweredge_xr8610t_firmware *
dell poweredge_r350_firmware *
dell nx3230_firmware *
dell poweredge_c6320_firmware *
dell poweredge_c6620_firmware *
dell xc6320_firmware *
dell poweredge_hs5620_firmware *
dell poweredge_fc640_firmware *
dell poweredge_r940xa_firmware *
dell poweredge_t130_firmware *
dell poweredge_r7515_firmware *
dell poweredge_xe9680_firmware *
dell poweredge_r760xa_firmware *
dell poweredge_m640_(pe_vrtx)_firmware *
dell poweredge_mx760c_firmware *
dell poweredge_r730xd_firmware *
dell poweredge_r650xs_firmware *
dell poweredge_m830_(pe_vrtx)_firmware *
dell poweredge_r750_firmware *
dell poweredge_xe2420_firmware *
dell xc_core_xc7625_firmware *
dell poweredge_xr5610_firmware *
dell poweredge_r6515_firmware *
dell xc430_firmware *
dell poweredge_t560_firmware *
dell poweredge_r750xa_firmware *
dell poweredge_xe8545_firmware *
dell poweredge_r740_firmware *
dell poweredge_m640_firmware *
dell poweredge_r760xd2_firmware *
dell poweredge_m630_firmware *
dell poweredge_r7615_firmware *
dell emc_xc_core_xc740xd_system_firmware *
dell poweredge_r550_firmware *
dell xc630_firmware *
dell poweredge_t440_firmware *
dell poweredge_r940_firmware *
dell emc_xc_core_xc940_system_firmware *
dell poweredge_fc630_firmware *
dell poweredge_r740xd2_firmware *
dell poweredge_r630_firmware *
dell poweredge_m830_firmware *
dell poweredge_t340_firmware *
dell nx3240_firmware *
dell poweredge_mx740c_firmware *
dell poweredge_fc830_firmware *
dell nx440_firmware *
dell poweredge_hs5610_firmware *
dell poweredge_r6525_firmware *
dell poweredge_t430_firmware *
dell poweredge_xr12_firmware *
dell poweredge_mx840c_firmware *
dell poweredge_c6615_firmware *
dell poweredge_r340_firmware *
dell poweredge_c4140_firmware *
dell poweredge_c6420_firmware *
dell poweredge_c4130_firmware *
dell poweredge_xr4510c_firmware *
dell poweredge_xe7440_firmware *
dell poweredge_r760xs_firmware *
dell poweredge_r6615_firmware *
dell poweredge_fc430_firmware *
dell emc_xc_core_xc7525_firmware *
dell xc_core_xc760_firmware *
dell nx3330_firmware *
dell poweredge_m630_(pe_vrtx)_firmware *
dell poweredge_xe9640_firmware *
dell poweredge_r840_firmware *
dell nx430_firmware *
dell poweredge_xr8620t_firmware *
dell poweredge_xe8640_firmware *
dell poweredge_r330_firmware *
dell poweredge_r930_firmware *
dell poweredge_r660_firmware *
dell poweredge_r430_firmware *
dell nx3340_firmware *
dell poweredge_r240_firmware *
dell poweredge_r230_firmware *
dell emc_xc_core_xc640_system_firmware *
dell poweredge_r250_firmware *
dell poweredge_xr4520c_firmware *
dell poweredge_r540_firmware *
dell poweredge_r730_firmware *
dell emc_xc_core_xc750xa_firmware *
dell xc730xd_firmware *
dell poweredge_r860_firmware *
dell poweredge_r450_firmware *
dell emc_xc_core_xc740xd2_firmware *
dell poweredge_r7525_firmware *
dell poweredge_c6525_firmware *
dell poweredge_r830_firmware *
dell emc_xc_core_xc450_firmware *
dell poweredge_t630_firmware *
dell poweredge_r660xs_firmware *
dell poweredge_t350_firmware *
dell poweredge_r760_firmware *
dell emc_xc_core_xcxr2_firmware *
dell xc_core_xc660_firmware *
dell poweredge_r530_firmware *
dell poweredge_xr7620_firmware *
dell poweredge_r7625_firmware *
dell poweredge_xr2_firmware *
dell poweredge_xr11_firmware *
dell poweredge_mx750c_firmware *
dell poweredge_r740xd_firmware *
dell emc_xc_core_6420_system_firmware *
dell poweredge_t550_firmware *
dell poweredge_t330_firmware *
dell emc_xc_core_xc6520_firmware *
dell poweredge_r650_firmware *
dell poweredge_xe7420_firmware *
dell emc_xc_core_xc750_firmware *
dell xc730_firmware *
dell dss_8440_firmware *
dell poweredge_r440_firmware *
dell poweredge_r750xs_firmware *
dell poweredge_t150_firmware *
dell poweredge_r6625_firmware *
dell poweredge_c6520_firmware *
CVE-2024-22221

Dell Unity, versions prior to 5.4, contains SQL Injection vulnerability. An authenticated attacker could potentially exploit this vulnerability, leading to exposure of sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N 0.9 3.6

Products Affected

Vendor Product Version
dell unity_operating_environment *
CVE-2024-22222

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_udoctor utility. An authenticated malicious user with local access could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell unity_operating_environment *
CVE-2024-22223

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_cbr utility. An authenticated malicious user with local access could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell unity_operating_environment *
CVE-2024-22224

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_nas utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell unity_operating_environment *
CVE-2024-22225

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_supportassist utility. An authenticated attacker could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell unity_operating_environment *
CVE-2024-22226

Dell Unity, versions prior to 5.4, contain a path traversal vulnerability in its svc_supportassist utility. An authenticated attacker could potentially exploit this vulnerability, to gain unauthorized write access to the files stored on the server filesystem, with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 1.8 1.4

Products Affected

Vendor Product Version
dell unity_operating_environment *
CVE-2024-22227

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_dc utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability execute commands with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell unity_operating_environment *
CVE-2024-22228

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cifssupport utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell unity_operating_environment *
CVE-2024-22229

Dell Unity, versions prior to 5.4, contain a vulnerability whereby log messages can be spoofed by an authenticated attacker. An attacker could exploit this vulnerability to forge log entries, create false alarms, and inject malicious content into logs that compromise logs integrity. A malicious attacker could also prevent the product from logging information while malicious actions are performed or implicate an arbitrary user for malicious activities.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4
security_alert@emc.com 3.1 LOW CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N 1.6 1.4

Products Affected

Vendor Product Version
dell unity_operating_environment 5.3.0.0.5.120
dell unity_xt_operating_environment 5.3.0.0.5.120
dell unityvsa_operating_environment 5.3.0.0.5.120
CVE-2024-22230

Dell Unity, versions prior to 5.4, contains a Cross-site scripting vulnerability. An authenticated attacker could potentially exploit this vulnerability, stealing session information, masquerading as the affected user or carry out any actions that this user could perform, or to generally control the victim's browser.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N 3.1 2.7

Products Affected

Vendor Product Version
dell unity_operating_environment *
CVE-2024-22425

Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains a brute force/dictionary attack vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to launch a brute force attack or a dictionary attack against the RecoverPoint login form. This allows attackers to brute-force the password of valid users in an automated manner.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

Products Affected

Vendor Product Version
dell recoverpoint_for_virtual_machines 6.0
dell recoverpoint_for_virtual_machines 5.3
CVE-2024-22426

Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains an OS Command injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary operating system commands, which will get executed in the context of the root user, resulting in a complete system compromise.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
dell recoverpoint_for_virtual_machines 6.0
dell recoverpoint_for_virtual_machines 5.3
CVE-2024-22428

Dell iDRAC Service Module, versions 5.2.0.0 and prior, contain an Incorrect Default Permissions vulnerability. It may allow a local unprivileged user to escalate privileges and execute arbitrary code on the affected system. Dell recommends customers upgrade at the earliest opportunity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

Products Affected

Vendor Product Version
dell emc_idrac_service_module *
CVE-2024-22429

Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0

Products Affected

Vendor Product Version
dell embedded_box_pc_5000_firmware *
dell latitude_5400_firmware *
dell latitude_5280_firmware *
dell latitude_7414_rugged_firmware *
dell latitude_5490_firmware *
dell latitude_5580_firmware *
dell latitude_13_3380_firmware *
dell latitude_12_rugged_extreme_7214_firmware *
dell latitude_3189_firmware *
dell latitude_7285_2-in-1_firmware *
dell latitude_7380_firmware *
dell precision_5520_firmware *
dell latitude_7390_2-in-1_firmware *
dell latitude_7490_firmware *
dell precision_3520_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell precision_7520_firmware *
dell latitude_3180_firmware *
dell latitude_7480_firmware *
dell precision_3620_tower_firmware *
dell latitude_7280_firmware *
dell latitude_7290_firmware *
dell latitude_3390_2-in-1_firmware *
dell latitude_5420_rugged_firmware *
dell latitude_5288_firmware *
dell latitude_3300_firmware *
dell optiplex_7450_all-in-one_firmware *
dell latitude_5488_firmware *
dell embedded_box_pc_3000_firmware *
dell edge_gateway_3000_firmware *
dell latitude_7212_rugged_extreme_tablet_firmware *
dell latitude_5590_firmware *
dell latitude_3190_2-in-1_firmware *
dell wyse_5070_firmware *
dell latitude_5414_rugged_firmware *
dell precision_5530_2-in-1_firmware *
dell precision_3420_tower_firmware *
dell latitude_7390_firmware *
dell wyse_7040_thin_client_firmware *
dell latitude_5480_firmware *
dell optiplex_3050_all-in-one_firmware *
dell precision_7720_firmware *
dell edge_gateway_5000_firmware *
dell optiplex_3050_firmware *
dell precision_5820_tower_firmware *
dell latitude_3190_firmware *
dell latitude_5290_firmware *
dell optiplex_5050_firmware *
dell latitude_5424_rugged_firmware *
dell latitude_5290_2-in-1_firmware *
CVE-2024-22430

Dell PowerScale OneFS versions 8.2.x through 9.6.0.x contains an incorrect default permissions vulnerability. A local low privileges malicious user could potentially exploit this vulnerability, leading to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
security_alert@emc.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2024-22432

Networker 19.9 and all prior versions contains a Plain-text Password stored in temporary config file during backup duration in NMDA MySQL Database backups. User has low privilege access to Networker Client system could potentially exploit this vulnerability, leading to the disclosure of configured MySQL Database user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application Database with privileges of the compromised account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H 1.1 6.0
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 2.0 4.0

Products Affected

Vendor Product Version
dell networker *
CVE-2024-22433

Dell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain text when using LdapSettings.get_ldap_info in DP Search. A remote unauthorized unauthenticated attacker could potentially exploit this vulnerability leading to a loss of Confidentiality, Integrity, Protection, and remote takeover of the system. This is a high-severity vulnerability as it allows an attacker to take complete control of DP Search to affect downstream protected devices.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security_alert@emc.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L 2.8 5.3

Products Affected

Vendor Product Version
dell data_protection_search *
CVE-2024-22445

Dell PowerProtect Data Manager, version 19.15 and prior versions, contain an OS command injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
dell powerprotect_data_manager *
CVE-2024-22448

Dell BIOS contains an Out-of-Bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H 0.5 4.2

Products Affected

Vendor Product Version
dell optiplex_3090_firmware *
dell xps_17_9730_firmware *
dell optiplex_7480_all-in-one_firmware *
dell alienware_x14_r2_firmware *
dell inspiron_5410_firmware *
dell inspiron_24_5410_all-in-one_firmware *
dell xps_13_9305_firmware *
dell vostro_3710_firmware *
dell precision_7875_tower_firmware *
dell latitude_3410_firmware *
dell vostro_14_5410_firmware *
dell inspiron_15_3530_firmware *
dell precision_3470_firmware *
dell inspiron_5400_firmware *
dell optiplex_7400_all-in-one_firmware *
dell vostro_15_3520_firmware *
dell latitude_7210_2-in-1_firmware *
dell xps_13_plus_9320_firmware *
dell optiplex_all-in-one_7410_firmware *
dell latitude_3520_firmware *
dell latitude_7520_firmware *
dell xps_15_9520_firmware *
dell inspiron_5409_firmware *
dell inspiron_7700_all-in-one_firmware *
dell latitude_7440_firmware *
dell vostro_3020_tower_desktop_firmware *
dell xps_15_9530_firmware *
dell latitude_7330_rugged_laptop_firmware *
dell xps_9315_2-in-1_firmware *
dell optiplex_tower_7010_firmware *
dell optiplex_3000_micro_firmware *
dell latitude_7230_rugged_extreme_firmware *
dell optiplex_7490_all-in-one_firmware *
dell vostro_16_5640_firmware *
dell precision_5480_firmware *
dell latitude_5410_firmware *
dell inspiron_15_3520_firmware *
dell inspiron_16_5640_firmware *
dell latitude_3430_firmware *
dell inspiron_5401_firmware *
dell alienware_x16_r1_firmware *
dell optiplex_5400_all-in-one_firmware *
dell optiplex_7000_micro_firmware *
dell latitude_9410_firmware *
dell precision_3240_compact_firmware *
dell inspiron_3030s_firmware *
dell alienware_m16_r1_firmware *
dell g7_7700_firmware *
dell alienware_m15_r6_firmware *
dell precision_3571_firmware *
dell latitude_5411_firmware *
dell optiplex_5090_micro_firmware *
dell vostro_5502_firmware *
dell precision_5760_firmware *
dell g7_7500_firmware *
dell optiplex_3000_small_form_factor_firmware *
dell precision_3480_firmware *
dell precision_3570_firmware *
dell vostro_15_3530_firmware *
dell g3_3500_firmware *
dell inspiron_16_7620_2-in-1_firmware *
dell inspiron_7501_firmware *
dell inspiron_16_plus_7640_firmware *
dell inspiron_14_7420_2-in-1_firmware *
dell optiplex_5000_micro_firmware *
dell inspiron_3880_firmware *
dell latitude_5520_firmware *
dell precision_3561_firmware *
dell vostro_14_3430_firmware *
dell optiplex_7000_small_form_factor_firmware *
dell latitude_5431_firmware *
dell g5_5500_firmware *
dell inspiron_16_7640_2-in-1_firmware *
dell vostro_3881_firmware *
dell inspiron_5509_firmware *
dell vostro_3400_firmware *
dell inspiron_16_7630_2-in-1_firmware *
dell latitude_5521_firmware *
dell vostro_3500_firmware *
dell optiplex_5080_firmware *
dell latitude_5420_firmware *
dell latitude_7420_firmware *
dell latitude_9440_2-in-1_firmware *
dell xps_17_9710_firmware *
dell optiplex_3090_ultra_firmware *
dell precision_3551_firmware *
dell inspiron_14_5410_firmware *
dell precision_7680_firmware *
dell inspiron_3891_firmware *
dell inspiron_3910_firmware *
dell xps_15_9510_firmware *
dell inspiron_14_5430_firmware *
dell precision_7770_firmware *
dell latitude_5340_firmware *
dell latitude_9510_2in1_firmware *
dell vostro_3890_firmware *
dell xps_15_9500_firmware *
dell precision_7560_firmware *
dell precision_7760_firmware *
dell inspiron_16_7610_firmware *
dell optiplex_5000_tower_firmware *
dell precision_3650_tower_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_5540_firmware *
dell vostro_13_5310_firmware *
dell latitude_9520_firmware *
dell vostro_15_7510_firmware *
dell inspiron_7506_2-in-1_firmware *
dell vostro_3910_firmware *
dell precision_3581_firmware *
dell latitude_3320_firmware *
dell alienware_m18_r1_firmware *
dell precision_3580_firmware *
dell inspiron_16_5630_firmware *
dell inspiron_7300_firmware *
dell optiplex_7080_firmware *
dell inspiron_7400_firmware *
dell vostro_3888_firmware *
dell inspiron_24_5420_all-in-one_firmware *
dell optiplex_micro_7010_firmware *
dell precision_5860_tower_firmware *
dell latitude_3420_firmware *
dell latitude_5320_firmware *
dell xps_13_9340_firmware *
dell xps_17_9700_firmware *
dell precision_7750_firmware *
dell chengming_3991_firmware *
dell precision_5550_firmware *
dell inspiron_14_plus_7440_firmware *
dell precision_3560_firmware *
dell inspiron_7706_2-in-1_firmware *
dell precision_7960_tower_firmware *
dell latitude_7320_detachable_firmware *
dell latitude_3510_firmware *
dell g15_5511_firmware *
dell inspiron_7306_2-in-1_firmware *
dell vostro_5880_firmware *
dell xps_13_9315_firmware *
dell alienware_m15_r7_firmware *
dell inspiron_13_5320_firmware *
dell inspiron_5401_aio_firmware *
dell inspiron_3020_desktop_firmware *
dell optiplex_5090_tower_firmware *
dell latitude_5310_firmware *
dell inspiron_14_5418_firmware *
dell vostro_3690_firmware *
dell latitude_5510_firmware *
dell precision_7550_firmware *
dell chengming_3900_firmware *
dell xps_17_9720_firmware *
dell latitude_3140_firmware *
dell vostro_16_5630_firmware *
dell inspiron_13_5310_firmware *
dell latitude_9420_firmware *
dell precision_3450_firmware *
dell latitude_5430_firmware *
dell precision_7670_firmware *
dell latitude_3450_firmware *
dell optiplex_small_form_factor_plus_7010_firmware *
dell latitude_7640_firmware *
dell optiplex_3000_thin_client_firmware *
dell inspiron_14_5440_firmware *
dell optiplex_micro_plus_7010_firmware *
dell inspiron_15_7510_firmware *
dell precision_3260_compact_firmware *
dell latitude_7320_firmware *
dell inspiron_14_7430_2-in-1_firmware *
dell chengming_3910_firmware *
dell latitude_5440_firmware *
dell precision_5560_firmware *
dell alienware_m18_r2_firmware *
dell inspiron_16_plus_7620_firmware *
dell xps_13_9310_2-in-1_firmware *
dell vostro_5301_firmware *
dell xps_14_9440_firmware *
dell precision_5770_firmware *
dell inspiron_27_7710_all-in-one_firmware *
dell optiplex_7000_tower_firmware *
dell latitude_3340_firmware *
dell g16_7630_firmware *
dell precision_5570_firmware *
dell optiplex_7780_all-in-one_firmware *
dell latitude_5530_firmware *
dell latitude_7530_firmware *
dell inspiron_16_plus_7630_firmware *
dell inspiron_5502_firmware *
dell latitude_5421_firmware *
dell inspiron_5406_2-in-1_firmware *
dell vostro_5890_firmware *
dell precision_3440_firmware *
dell latitude_3550_firmware *
dell xps_13_9310_firmware *
dell precision_7865_tower_firmware *
dell optiplex_7000_xe_micro_firmware *
dell optiplex_5490_all-in-one_firmware *
dell latitude_7310_firmware *
dell latitude_3120_firmware *
dell g15_5530_firmware *
dell optiplex_7090_tower_firmware *
dell latitude_7410_firmware *
dell chengming_3911_firmware *
dell latitude_9430_firmware *
dell vostro_14_3420_firmware *
dell precision_3460_small_form_factor_firmware *
dell precision_5750_firmware *
dell vostro_3681_firmware *
dell vostro_5320_firmware *
dell vostro_7620_firmware *
dell optiplex_3000_tower_firmware *
dell vostro_5402_firmware *
dell inspiron_15_3511_firmware *
dell precision_7780_firmware *
dell latitude_9330_firmware *
dell inspiron_14_5420_firmware *
dell optiplex_3080_firmware *
dell latitude_7430_firmware *
dell latitude_3540_firmware *
dell vostro_7500_firmware *
dell g16_7620_firmware *
dell inspiron_5402_firmware *
dell precision_3460_xe_small_form_factor_firmware *
dell precision_3260_xe_compact_firmware *
dell vostro_3030s_firmware *
dell latitude_5531_firmware *
dell vostro_15_5510_firmware *
dell vostro_5620_firmware *
dell alienware_x16_r2_firmware *
dell latitude_7340_firmware *
dell latitude_3330_firmware *
dell latitude_5330_firmware *
dell latitude_7030_rugged_extreme_firmware *
dell latitude_5511_firmware *
dell inspiron_3501_firmware *
dell g15_5510_firmware *
dell latitude_3440_firmware *
dell chengming_3990_firmware *
dell precision_3640_firmware *
dell inspiron_14_plus_7430_firmware *
dell inspiron_5301_firmware *
dell precision_3660_firmware *
dell inspiron_3881_firmware *
dell vostro_15_3510_firmware *
dell inspiron_7500_firmware *
dell optiplex_xe4_tower_firmware *
dell inspiron_15_5510_firmware *
dell optiplex_7090_ultra_firmware *
dell inspiron_14_plus_7420_firmware *
dell optiplex_tower_plus_7010_firmware *
dell precision_3550_firmware *
dell precision_5680_firmware *
dell optiplex_3280_all-in-one_firmware *
dell optiplex_5480_all-in-one_firmware *
dell precision_5470_firmware *
dell inspiron_27_7720_all-in-one_firmware *
dell latitude_3530_firmware *
dell optiplex_small_form_factor_7010_firmware *
dell latitude_7330_firmware *
dell g15_5520_firmware *
dell inspiron_13_5330_firmware *
dell inspiron_24_5411_all-in-one_firmware *
dell inspiron_14_7440_2-in-1_firmware *
dell vostro_14_3440_firmware *
dell inspiron_15_5518_firmware *
dell optiplex_5000_small_form_factor_firmware *
dell inspiron_3020_small_desktop_firmware *
dell optiplex_5090_small_form_factor_firmware *
dell inspiron_16_5620_firmware *
dell latitude_5430_rugged_laptop_firmware *
CVE-2024-22449

Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x contains a missing authentication for critical function vulnerability. A low privileged local malicious user could potentially exploit this vulnerability to gain elevated access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H 1.8 4.7
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2024-22450

Dell Alienware Command Center, versions prior to 6.2.7.0, contain an uncontrolled search path element vulnerability. A local malicious user could potentially inject malicious files in the file search path, leading to system compromise.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.4 HIGH CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 1.4 5.9

Products Affected

Vendor Product Version
dell alienware_command_center *
CVE-2024-22452

Dell Display and Peripheral Manager for macOS prior to 1.3 contains an improper access control vulnerability. A low privilege user could potentially exploit this vulnerability by modifying files in the installation folder to execute arbitrary code, leading to privilege escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

Products Affected

Vendor Product Version
dell display_and_peripheral_manager *
CVE-2024-22453

Dell PowerEdge Server BIOS contains a heap-based buffer overflow vulnerability. A local high privileged attacker could potentially exploit this vulnerability to write to otherwise unauthorized memory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.2 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H 0.8 5.8

Products Affected

Vendor Product Version
dell poweredge_r830_firmware *
dell poweredge_t630_firmware *
dell nx3330_firmware *
dell poweredge_m630_(pe_vrtx)_firmware *
dell poweredge_m630_firmware *
dell poweredge_r530_firmware *
dell xc630_firmware *
dell nx3230_firmware *
dell poweredge_fc630_firmware *
dell poweredge_c6320_firmware *
dell poweredge_r930_firmware *
dell poweredge_r630_firmware *
dell poweredge_m830_firmware *
dell xc6320_firmware *
dell poweredge_r430_firmware *
dell xc730_firmware *
dell poweredge_fc830_firmware *
dell poweredge_r730_firmware *
dell poweredge_t430_firmware *
dell poweredge_r730xd_firmware *
dell poweredge_m830_(pe_vrtx)_firmware *
dell xc730xd_firmware *
dell poweredge_c4130_firmware *
dell xc430_firmware *
dell poweredge_fc430_firmware *
CVE-2024-22454

Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgotten passwords. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges of the compromised account. The attacker could retrieve the reset password token without authorization and then perform the password change

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
dell powerprotect_data_manager *
CVE-2024-22455

Dell Mobility - E-Lab Navigator, version(s) 3.1.9, 3.2.0, contain(s) an Authorization Bypass Through User-Controlled Key vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Launch of phishing attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N 1.8 2.5

Products Affected

Vendor Product Version
dell e-lab_navigator 3.2.0
dell e-lab_navigator 3.1.9
CVE-2024-22457

Dell Secure Connect Gateway 5.20 contains an improper authentication vulnerability during the SRS to SCG update path. A remote low privileged attacker could potentially exploit this vulnerability, leading to impersonation of the server through presenting a fake self-signed certificate and communicating with the remote server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.1 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
dell secure_connect_gateway 5.20.00.10
CVE-2024-22458

Dell Secure Connect Gateway, 5.18, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 2.2 1.4

Products Affected

Vendor Product Version
dell secure_connect_gateway 5.18.00.20
dell secure_connect_gateway 5.20.00.10
CVE-2024-22459

Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, contain an improper access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to all buckets and their data within a namespace

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H 0.9 5.9

Products Affected

Vendor Product Version
dell elastic_cloud_storage *
CVE-2024-22460

Dell PowerProtect DM5500 version 5.15.0.0 and prior contains an insecure deserialization Vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 2.2 LOW CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N 0.7 1.4

Products Affected

Vendor Product Version
dell dm5500_firmware *
CVE-2024-22461

Dell RecoverPoint for Virtual Machines 6.0.x contains an OS Command injection vulnerability. A low privileged remote attacker could potentially exploit this vulnerability by running any command as root, leading to gaining of root-level access and compromise of complete system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
security_alert@emc.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
dell recoverpoint_for_virtual_machines 6.0
CVE-2024-22463

Dell PowerScale OneFS 8.2.x through 9.6.0.x contains a use of a broken or risky cryptographic algorithm vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to compromise of confidentiality and integrity of sensitive information

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

Products Affected

Vendor Product Version
dell powerscale_onefs *
dell powerscale_onefs 9.6.1
CVE-2024-22464

Dell EMC AppSync, versions from 4.2.0.0 to 4.6.0.0 including all Service Pack releases, contain an exposure of sensitive information vulnerability in AppSync server logs. A high privileged remote attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.2 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N 1.7 4.0

Products Affected

Vendor Product Version
dell emc_appsync *
CVE-2024-24900

Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain an improper authorization vulnerability. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized devices added to policies. Exploitation may lead to information disclosure and unauthorized access to the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N 1.5 4.2

Products Affected

Vendor Product Version
dell secure_connect_gateway *
dell policy_manager_for_secure_connect_gateway *
CVE-2024-24901

Dell PowerScale OneFS 8.2.x through 9.6.0.x contain an insufficient logging vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, causing audit messages lost and not recorded for a specific time period.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 3.0 LOW CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L 0.5 2.5

Products Affected

Vendor Product Version
dell powerscale_onefs *
dell powerscale_onefs 9.6.1
CVE-2024-24902

Dell RecoverPoint for Virtual Machines 6.0.x contains an Improper access control vulnerability. A low privileged local attacker could potentially exploit this vulnerability leading to gaining access to unauthorized data for a limited time.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
security_alert@emc.com 6.6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L 1.8 4.7

Products Affected

Vendor Product Version
dell recoverpoint_for_virtual_machines 6.0
CVE-2024-24903

Dell Secure Connect Gateway (SCG) Policy Manager, version 5.10+, contain a weak password recovery mechanism for forgotten passwords. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges of the compromised account. The attacker could retrieve the reset password token without authorization and then perform the password change.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
dell secure_connect_gateway *
dell policy_manager_for_secure_connect_gateway *
CVE-2024-24904

Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.6 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N 1.2 5.8

Products Affected

Vendor Product Version
dell secure_connect_gateway *
dell policy_manager_for_secure_connect_gateway *
CVE-2024-24905

Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.6 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N 1.2 5.8

Products Affected

Vendor Product Version
dell secure_connect_gateway *
dell policy_manager_for_secure_connect_gateway *
CVE-2024-24906

Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in Policy page. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.6 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N 1.2 5.8

Products Affected

Vendor Product Version
dell secure_connect_gateway *
dell policy_manager_for_secure_connect_gateway *
CVE-2024-24907

Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in the Filters page. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.6 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N 1.2 5.8

Products Affected

Vendor Product Version
dell secure_connect_gateway *
dell policy_manager_for_secure_connect_gateway *
CVE-2024-24908

Dell PowerProtect DM5500 version 5.15.0.0 and prior contain an Arbitrary File Delete via Path Traversal vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability to deletion of arbitrary files stored on the server filesystem.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 1.2 5.2

Products Affected

Vendor Product Version
dell dm5500_firmware *
CVE-2024-25942

Dell PowerEdge Server BIOS contains an Improper SMM communication buffer verification vulnerability. A physical high privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.4 MEDIUM CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L 0.3 3.7

Products Affected

Vendor Product Version
dell poweredge_r830_firmware *
dell poweredge_t630_firmware *
dell nx3330_firmware *
dell poweredge_m630_(pe_vrtx)_firmware *
dell poweredge_m630_firmware *
dell poweredge_r530_firmware *
dell xc630_firmware *
dell nx3230_firmware *
dell poweredge_fc630_firmware *
dell poweredge_c6320_firmware *
dell poweredge_r930_firmware *
dell poweredge_r630_firmware *
dell poweredge_m830_firmware *
dell xc6320_firmware *
dell poweredge_r430_firmware *
dell xc730_firmware *
dell poweredge_fc830_firmware *
dell poweredge_r730_firmware *
dell poweredge_t430_firmware *
dell poweredge_r730xd_firmware *
dell poweredge_m830_(pe_vrtx)_firmware *
dell xc730xd_firmware *
dell poweredge_c4130_firmware *
dell xc430_firmware *
dell poweredge_fc430_firmware *
CVE-2024-25943

iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th Generations, contains a session hijacking vulnerability in IPMI. A remote attacker could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L 2.8 4.7

Products Affected

Vendor Product Version
dell idrac9 *
CVE-2024-25944

Dell OpenManage Enterprise, v4.0 and prior, contain(s) a path traversal vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, to gain unauthorized access to the files stored on the server filesystem, with the privileges of the running web application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.1 3.6

Products Affected

Vendor Product Version
dell openmanage_enterprise *
CVE-2024-25946

Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the earliest opportunity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
dell solutions_enabler_virtual_appliance *
dell unisphere_for_powermax_virtual_appliance *
dell powermax_eem 5978
CVE-2024-25949

Dell OS10 Networking Switches, versions10.5.6.x, 10.5.5.x, 10.5.4.x and 10.5.3.x ,contain an improper authorization vulnerability. A remote authenticated attacker could potentially exploit this vulnerability leading to escalation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
dell networking_os10 10.5.6.0
dell networking_os10 *
CVE-2024-25951

A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
dell idrac8 *
CVE-2024-25952

Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 0.8 5.2

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2024-25953

Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 0.8 5.2

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2024-25954

Dell PowerScale OneFS, versions 9.5.0.x through 9.7.0.x, contain an insufficient session expiration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2024-25955

Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted command. Dell recommends customers to upgrade at the earliest opportunity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
dell solutions_enabler_virtual_appliance *
dell unisphere_for_powermax_virtual_appliance *
dell powermax_eem 5978
CVE-2024-25956

Dell Grab for Windows, versions 5.0.4 and below, contains an improper file permissions vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the information disclosure of certain system information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
dell grab *
CVE-2024-25957

Dell Grab for Windows, versions 5.0.4 and below, contains a cleartext storage of sensitive information vulnerability in its appsync module. An authenticated local attacker could potentially exploit this vulnerability, leading to information disclosure that could be used to access the appsync application with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.8 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L 1.3 3.4

Products Affected

Vendor Product Version
dell grab *
CVE-2024-25958

Dell Grab for Windows, versions up to and including 5.0.4, contain Weak Application Folder Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading to privilege escalation, unauthorized access to application data, unauthorized modification of application data and service disruption.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell grab *
CVE-2024-25959

Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an insertion of sensitive information into log file vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to sensitive information disclosure, escalation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.9 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L 2.0 5.3

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2024-25960

Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains a cleartext transmission of sensitive information vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2024-25961

Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 0.8 5.2

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2024-25962

Dell InsightIQ, version 5.0, contains an improper access control vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to monitoring data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.3 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H 2.8 5.5

Products Affected

Vendor Product Version
dell insightiq 5.0.0
CVE-2024-25963

Dell PowerScale OneFS, versions 8.2.2.x through 9.5.0.x contains a use of a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2024-25964

Dell PowerScale OneFS 9.5.0.x through 9.7.0.x contain a covert timing channel vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2024-25965

Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an external control of file name or path vulnerability. A local high privilege attacker could potentially exploit this vulnerability, leading to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:H 0.6 5.5

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2024-25966

Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an improper handling of unexpected data type vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2024-25967

Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an execution with unnecessary privileges vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2024-25968

Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains a use of a broken or risky cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2024-25969

Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an allocation of resources without limits or throttling vulnerability. A local unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.5 3.6

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2024-25970

Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an improper input validation vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to loss of integrity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2024-25971

Dell PowerProtect Data Manager, version 19.15, contains an XML External Entity Injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information disclosure, denial-of-service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L 1.2 4.2

Products Affected

Vendor Product Version
dell powerprotect_data_manager *
CVE-2024-28961

Dell OpenManage Enterprise, versions 4.0.0 and 4.0.1, contains a sensitive information disclosure vulnerability. A local low privileged malicious user could potentially exploit this vulnerability to obtain credentials leading to unauthorized access with elevated privileges. This could lead to further attacks, thus Dell recommends customers to upgrade at the earliest opportunity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L 2.0 3.7

Products Affected

Vendor Product Version
dell openmanage_enterprise 4.0
dell openmanage_enterprise 4.0.1
CVE-2024-28963

Telemetry Dashboard v1.0.0.7 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability. An unauthenticated user with local access to the device could exploit this vulnerability to read sensitive proxy settings information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.5 3.6

Products Affected

Vendor Product Version
dell telemetry_dashboard 1.0.0.7
CVE-2024-28964

Dell Common Event Enabler, version 8.9.10.0 and prior, contain an insecure deserialization vulnerability in CAVATools. A local unauthenticated attacker could potentially exploit this vulnerability, leading to arbitrary code execution in the context of the logged in user. Exploitation of this issue requires a victim to open a malicious file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell common_event_enabler *
CVE-2024-28965

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal enable REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain Internal APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

Products Affected

Vendor Product Version
dell secure_connect_gateway *
CVE-2024-28966

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

Products Affected

Vendor Product Version
dell secure_connect_gateway *
CVE-2024-28967

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal maintenance REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

Products Affected

Vendor Product Version
dell secure_connect_gateway *
CVE-2024-28968

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for internal email and collection settings REST APIs (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

Products Affected

Vendor Product Version
dell secure_connect_gateway *
CVE-2024-28969

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
dell secure_connect_gateway *
CVE-2024-28970

Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H 0.5 4.2

Products Affected

Vendor Product Version
dell g7_7700_firmware *
dell inspiron_16_plus_7640_firmware *
dell vostro_5502_firmware *
dell inspiron_27_7720_all-in-one_firmware *
dell inspiron_5402_firmware *
dell inspiron_5409_firmware *
dell inspiron_5502_firmware *
dell g7_7500_firmware *
dell inspiron_16_7640_2-in-1_firmware *
dell inspiron_14_plus_7440_firmware *
dell inspiron_5509_firmware *
dell precision_3660_firmware *
dell vostro_5402_firmware *
dell inspiron_24_5420_all-in-one_firmware *
CVE-2024-28971

Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 3.5 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N 0.9 2.5

Products Affected

Vendor Product Version
dell openmanage_enterprise_update_manager *
CVE-2024-28973

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a high privileged victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L 1.7 3.7

Products Affected

Vendor Product Version
dell data_domain_operating_system *
CVE-2024-28974

Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequate Encryption Strength vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.6 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H 2.8 4.7

Products Affected

Vendor Product Version
dell dp5900_firmware *
dell data_protection_advisor *
dell dp4400_firmware *
CVE-2024-28976

Dell Repository Manager, versions prior to 3.4.5, contains a Path Traversal vulnerability in API module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized write access to the files stored on the server filesystem with the privileges of the running web application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0

Products Affected

Vendor Product Version
dell repository_manager *
CVE-2024-28977

Dell Repository Manager, versions 3.4.2 through 3.4.4,contains a Path Traversal vulnerability in logger module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized read access to the files stored on the server filesystem with the privileges of the running web application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 1.8 1.4

Products Affected

Vendor Product Version
dell repository_manager *
CVE-2024-28978

Dell OpenManage Enterprise, versions 3.10 and 4.0, contains an Improper Access Control vulnerability. A high privileged remote attacker could potentially exploit this vulnerability, leading to unauthorized access to resources.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.2 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N 0.9 4.2

Products Affected

Vendor Product Version
dell openmanage_enterprise 4.0
dell openmanage_enterprise 3.10
CVE-2024-28979

Dell OpenManage Enterprise, versions 4.1.0 and older, contains an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.1 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L 1.0 3.7

Products Affected

Vendor Product Version
dell openmanage_enterprise *
CVE-2024-28980

Dell RecoverPoint for VMs, version(s) 6.0.x contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the SSH. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Remote execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security_alert@emc.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

Products Affected

Vendor Product Version
dell recoverpoint_for_virtual_machines 6.0
CVE-2024-29168

Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal assets REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing potential unauthorized access and modification of application data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

Products Affected

Vendor Product Version
dell secure_connect_gateway *
CVE-2024-29169

Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal audit REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing potential unauthorized access and modification of application data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

Products Affected

Vendor Product Version
dell secure_connect_gateway *
CVE-2024-29170

Dell PowerScale OneFS versions 8.2.x through 9.8.0.x contain a use of hard coded credentials vulnerability. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure of network traffic and denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.1 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 2.8 5.2

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2024-29173

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery (SSRF) vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to disclosure of information on the application or remote client.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N 2.3 4.0

Products Affected

Vendor Product Version
dell data_domain_operating_system *
CVE-2024-29174

Dell Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.30, LTS 7.10.1.20 contain an SQL Injection vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing unauthorized access to application data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 1.8 2.5

Products Affected

Vendor Product Version
dell data_domain_operating_system *
CVE-2024-29175

Dell PowerProtect Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.40, LTS 7.10.1.30 contain an weak cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to man-in-the-middle attack that exposes sensitive session information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

Products Affected

Vendor Product Version
dell data_domain_operating_system *
CVE-2024-29176

Dell PowerProtect DD, version(s) 8.0, 7.13.1.0, 7.10.1.30, 7.7.5.40, contain(s) an Out-of-bounds Write vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
dell data_domain_operating_system *
CVE-2024-29177

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a disclosure of temporary sensitive information vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the reuse of disclosed information to gain unauthorized access to the application report.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 2.7 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N 1.2 1.4

Products Affected

Vendor Product Version
dell data_domain_operating_system *
CVE-2024-30473

Dell ECS, versions prior to 3.8.1, contain a privilege elevation vulnerability in user management. A remote high privileged attacker could potentially exploit this vulnerability, gaining access to unauthorized end points.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N 1.2 3.6

Products Affected

Vendor Product Version
dell elastic_cloud_storage *
CVE-2024-32852

Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.0 contain use of a broken or risky cryptographic algorithm vulnerability. An unprivileged network malicious attacker could potentially exploit this vulnerability, leading to data leaks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2024-32853

Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.2 contain an execution with unnecessary privileges vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L 1.8 2.5

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2024-32854

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privilege attacker could potentially exploit this vulnerability, leading to privilege escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell powerscale_onefs 9.8.0.0
dell powerscale_onefs *
CVE-2024-32855

Dell Client Platform BIOS contains an Out-of-bounds Write vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 3.8 LOW CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L 0.3 3.4

Products Affected

Vendor Product Version
dell precision_7540_firmware *
dell precision_7730_firmware *
dell latitude_5400_firmware *
dell latitude_7310_firmware *
dell latitude_5310_firmware *
dell latitude_5490_firmware *
dell latitude_5580_firmware *
dell latitude_3120_firmware *
dell latitude_7410_firmware *
dell vostro_3583_firmware *
dell latitude_5510_firmware *
dell precision_7550_firmware *
dell precision_7530_firmware *
dell precision_3540_firmware *
dell latitude_7380_firmware *
dell latitude_7400_firmware *
dell latitude_7390_2-in-1_firmware *
dell wyse_5470_firmware *
dell latitude_7490_firmware *
dell latitude_7210_2-in-1_firmware *
dell latitude_7220_rugged_extreme_firmware *
dell precision_3520_firmware *
dell vostro_3480_firmware *
dell precision_3551_firmware *
dell latitude_5591_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell latitude_3310_2-in-1_firmware *
dell latitude_7200_2-in-1_firmware *
dell inspiron_3580_firmware *
dell latitude_7400_2-in-1_firmware *
dell latitude_7480_firmware *
dell latitude_7280_firmware *
dell latitude_7290_firmware *
dell latitude_3390_2-in-1_firmware *
dell latitude_5420_rugged_firmware *
dell latitude_5288_firmware *
dell latitude_3300_firmware *
dell latitude_5300_firmware *
dell latitude_5500_firmware *
dell latitude_5488_firmware *
dell precision_7740_firmware *
dell latitude_9510_2in1_firmware *
dell latitude_5511_firmware *
dell precision_3530_firmware *
dell latitude_5410_firmware *
dell inspiron_3480_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_7212_rugged_extreme_tablet_firmware *
dell latitude_5590_firmware *
dell latitude_3190_2-in-1_firmware *
dell precision_3541_firmware *
dell latitude_5501_firmware *
dell wyse_5470_all-in-one_firmware *
dell precision_5530_2-in-1_firmware *
dell latitude_7300_firmware *
dell latitude_7390_firmware *
dell latitude_5480_firmware *
dell latitude_5401_firmware *
dell latitude_9410_firmware *
dell precision_5530_firmware *
dell precision_3550_firmware *
dell latitude_5411_firmware *
dell latitude_5491_firmware *
dell precision_7750_firmware *
dell latitude_3190_firmware *
dell latitude_5290_firmware *
dell latitude_5424_rugged_firmware *
dell latitude_rugged_7220ex_firmware *
dell xps_15_7590_firmware *
dell latitude_5300_2-in-1_firmware *
dell latitude_5290_2-in-1_firmware *
dell latitude_3310_firmware *
dell vostro_3580_firmware *
dell precision_5540_firmware *
CVE-2024-32856

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L 0.8 4.2

Products Affected

Vendor Product Version
dell alienware_aurora_r11_firmware *
dell alienware_m15_r3_firmware *
dell alienware_aurora_r13_firmware *
dell alienware_m17_r3_firmware *
dell inspiron_15_3510_firmware *
dell xps_8950_firmware *
dell alienware_x15_r2_firmware *
dell alienware_area_51m_r2_firmware *
dell aurora_r16_firmware *
dell alienware_x17_r1_firmware *
dell alienware_m17_r4_firmware *
dell inspiron_15_3521_firmware *
dell alienware_aurora_r10_firmware *
dell alienware_m15_r4_firmware *
dell alienware_x17_r2_firmware *
dell inspiron_3502_firmware *
dell alienware_x14_firmware *
dell alienware_aurora_r15_amd_firmware *
dell xps_8960_firmware *
dell alienware_aurora_r15_firmware *
dell alienware_aurora_r12_firmware *
dell alienware_x15_r1_firmware *
dell alienware_aurora_ryzen_edition_r14_firmware *
CVE-2024-32858

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0

Products Affected

Vendor Product Version
dell alienware_aurora_r11_firmware *
dell alienware_m15_r3_firmware *
dell alienware_aurora_r13_firmware *
dell alienware_m17_r3_firmware *
dell inspiron_15_3510_firmware *
dell xps_8950_firmware *
dell alienware_x15_r2_firmware *
dell alienware_area_51m_r2_firmware *
dell aurora_r16_firmware *
dell alienware_x17_r1_firmware *
dell alienware_m17_r4_firmware *
dell inspiron_15_3521_firmware *
dell alienware_aurora_r10_firmware *
dell alienware_m15_r4_firmware *
dell alienware_x17_r2_firmware *
dell inspiron_3502_firmware *
dell alienware_x14_firmware *
dell alienware_aurora_r15_amd_firmware *
dell xps_8960_firmware *
dell alienware_aurora_r15_firmware *
dell alienware_aurora_r12_firmware *
dell alienware_x15_r1_firmware *
dell alienware_aurora_ryzen_edition_r14_firmware *
CVE-2024-32859

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0

Products Affected

Vendor Product Version
dell alienware_aurora_r11_firmware *
dell alienware_m15_r3_firmware *
dell alienware_aurora_r13_firmware *
dell alienware_m17_r3_firmware *
dell inspiron_15_3510_firmware *
dell xps_8950_firmware *
dell alienware_x15_r2_firmware *
dell alienware_area_51m_r2_firmware *
dell aurora_r16_firmware *
dell alienware_x17_r1_firmware *
dell alienware_m17_r4_firmware *
dell inspiron_15_3521_firmware *
dell alienware_aurora_r10_firmware *
dell alienware_m15_r4_firmware *
dell alienware_x17_r2_firmware *
dell inspiron_3502_firmware *
dell alienware_x14_firmware *
dell alienware_aurora_r15_amd_firmware *
dell xps_8960_firmware *
dell alienware_aurora_r15_firmware *
dell alienware_aurora_r12_firmware *
dell alienware_x15_r1_firmware *
dell alienware_aurora_ryzen_edition_r14_firmware *
CVE-2024-32860

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0

Products Affected

Vendor Product Version
dell alienware_aurora_r11_firmware *
dell alienware_m15_r3_firmware *
dell alienware_aurora_r13_firmware *
dell alienware_m17_r3_firmware *
dell inspiron_15_3510_firmware *
dell xps_8950_firmware *
dell alienware_x15_r2_firmware *
dell alienware_area_51m_r2_firmware *
dell aurora_r16_firmware *
dell alienware_x17_r1_firmware *
dell alienware_m17_r4_firmware *
dell alienware_m15_r4_firmware *
dell alienware_x17_r2_firmware *
dell inspiron_3502_firmware *
dell alienware_x14_firmware *
dell alienware_aurora_r15_amd_firmware *
dell xps_8960_firmware *
dell alienware_aurora_r15_firmware *
dell alienware_aurora_r12_firmware *
dell alienware_x15_r1_firmware *
dell inspiron_15_352_firmware *
dell alienware_aurora_ryzen_edition_r14_firmware *
CVE-2024-37125

Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x,10.5.3.x, contains an Uncontrolled Resource Consumption vulnerability. A remote unauthenticated host could potentially exploit this vulnerability leading to a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
dell smartfabric_os10 *
CVE-2024-37126

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to unauthorized gain of root-level access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell powerscale_onefs 9.8.0.0
dell powerscale_onefs *
CVE-2024-37130

Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains a Local Privilege Escalation vulnerability via XSL Hijacking. A local low-privileged malicious user could potentially exploit this vulnerability and escalate their privilege to the admin user and gain full control of the machine. Exploitation may lead to a complete system compromise.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

Products Affected

Vendor Product Version
dell openmanage_server_administrator *
CVE-2024-37131

SCG Policy Manager, all versions, contains an overly permissive Cross-Origin Resource Policy (CORP) vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious actions on the application in the context of the authenticated user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 1.6 5.9

Products Affected

Vendor Product Version
dell policy_manager_for_secure_connect_gateway *
CVE-2024-37132

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an incorrect privilege assignment vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service and Elevation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell powerscale_onefs 9.8.0.0
dell powerscale_onefs *
CVE-2024-37133

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to unauthorized gain of root-level access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell powerscale_onefs 9.8.0.0
dell powerscale_onefs *
CVE-2024-37134

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell powerscale_onefs 9.8.0.0
dell powerscale_onefs *
CVE-2024-37135

DM5500 5.16.0.0, contains an information disclosure vulnerability. A local attacker with high privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 1.8 1.4

Products Affected

Vendor Product Version
dell dm5500_firmware *
CVE-2024-37137

Dell Key Trust Platform, v3.0.6 and prior, contains Use of a Cryptographic Primitive with a Risky Implementation vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to privileged information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 3.8 LOW CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L 0.3 3.4

Products Affected

Vendor Product Version
dell cloudlink *
CVE-2024-37138

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 on DDMC contain a relative path traversal vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the application sending over an unauthorized file to the managed system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N 2.3 1.4

Products Affected

Vendor Product Version
dell data_domain_operating_system *
CVE-2024-37139

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an Improper Control of a Resource Through its Lifetime vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to temporary resource constraint of system application. Exploitation may lead to denial of service of the application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
dell data_domain_operating_system *
CVE-2024-37140

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an OS command injection vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the system application's underlying OS with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
dell data_domain_operating_system *
CVE-2024-37141

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an open redirect vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 3.5 LOW CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N 2.1 1.4

Products Affected

Vendor Product Version
dell data_domain_operating_system *
CVE-2024-37143

Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell PowerFlex custom node using PowerFlex Manager versions prior to 4.6.1.0, Dell InsightIQ versions prior to 5.1.1, and Dell Data Lakehouse versions prior to 1.2.0.0 contain an Improper Link Resolution Before File Access vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to execute arbitrary code on the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0

Products Affected

Vendor Product Version
dell insightiq *
dell powerflex_rack_release_certification_matrix *
dell data_lakehouse *
dell powerflex_appliance_intelligent_catalog *
dell powerflex_manager *
CVE-2024-37144

Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell PowerFlex custom node using PowerFlex Manager versions prior to 4.6.1.0, Dell InsightIQ versions prior to 5.1.1, and Dell Data Lakehouse versions prior to 1.2.0.0 contain an Insecure Storage of Sensitive Information vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure. The attacker may be able to use information disclosed to gain unauthorized access to pods within the cluster.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0

Products Affected

Vendor Product Version
dell insightiq *
dell powerflex_rack_release_certification_matrix *
dell data_lakehouse *
dell powerflex_appliance_intelligent_catalog *
dell powerflex_manager *
CVE-2024-38296

Dell Edge Gateway 3200, versions prior to 15.40.30.2879, and Edge Gateway 5200, versions prior to 12.0.94.2380, contain an Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell intel_management_engine_firmware_update_utility *
CVE-2024-38301

Dell Alienware Command Center, version 5.7.3.0 and prior, contains an improper access control vulnerability. A low privileged attacker could potentially exploit this vulnerability, leading to denial of service on the local system and information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell alienware_command_center *
CVE-2024-38302

Dell Data Lakehouse, version(s) 1.0.0.0, contain(s) a Missing Encryption of Sensitive Data vulnerability in the DDAE (Starburst). A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 2.3 4.0

Products Affected

Vendor Product Version
dell data_lakehouse 1.0.0.0
CVE-2024-38303

Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, contains an Improper Input Validation vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.3 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 0.8 4.0

Products Affected

Vendor Product Version
dell poweredge_r740_firmware *
dell emc_xc_core_xc740xd2_firmware *
dell poweredge_m640_firmware *
dell emc_storage_nx3240_firmware *
dell poweredge_r640_firmware *
dell poweredge_t640_firmware *
dell emc_xc_core_xcxr2_firmware *
dell emc_xc_core_xc740xd_system_firmware *
dell poweredge_r840_firmware *
dell poweredge_t440_firmware *
dell poweredge_r940_firmware *
dell poweredge_xr2_firmware *
dell emc_xc_core_xc940_system_firmware *
dell poweredge_m640_(for_pe_vrtx)_firmware *
dell poweredge_r740xd2_firmware *
dell poweredge_r740xd_firmware *
dell emc_xc_core_6420_system_firmware *
dell poweredge_fc640_firmware *
dell poweredge_r940xa_firmware *
dell emc_xc_core_xc640_system_firmware *
dell poweredge_r540_firmware *
dell emc_storage_nx3340_firmware *
dell poweredge_mx740c_firmware *
dell poweredge_xe7420_firmware *
dell dss_8440_firmware *
dell poweredge_r440_firmware *
dell poweredge_mx840c_firmware *
dell poweredge_c4140_firmware *
dell poweredge_xe2420_firmware *
dell poweredge_c6420_firmware *
dell poweredge_xe7440_firmware *
CVE-2024-38304

Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, contains an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 3.8 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N 2.0 1.4

Products Affected

Vendor Product Version
dell poweredge_r740_firmware *
dell emc_xc_core_xc740xd2_firmware *
dell poweredge_m640_firmware *
dell emc_storage_nx3240_firmware *
dell poweredge_r640_firmware *
dell poweredge_t640_firmware *
dell emc_xc_core_xcxr2_firmware *
dell emc_xc_core_xc740xd_system_firmware *
dell poweredge_r840_firmware *
dell poweredge_t440_firmware *
dell poweredge_r940_firmware *
dell poweredge_xr2_firmware *
dell emc_xc_core_xc940_system_firmware *
dell poweredge_m640_(for_pe_vrtx)_firmware *
dell poweredge_r740xd2_firmware *
dell poweredge_r740xd_firmware *
dell emc_xc_core_6420_system_firmware *
dell poweredge_fc640_firmware *
dell poweredge_r940xa_firmware *
dell emc_xc_core_xc640_system_firmware *
dell poweredge_r540_firmware *
dell emc_storage_nx3340_firmware *
dell poweredge_mx740c_firmware *
dell poweredge_xe7420_firmware *
dell dss_8440_firmware *
dell poweredge_r440_firmware *
dell poweredge_mx840c_firmware *
dell poweredge_c4140_firmware *
dell poweredge_xe2420_firmware *
dell poweredge_c6420_firmware *
dell poweredge_xe7440_firmware *
CVE-2024-38305

Dell SupportAssist for Home PCs Installer exe version 4.0.3 contains a privilege escalation vulnerability in the installer. A local low-privileged authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary executables on the operating system with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

Products Affected

Vendor Product Version
dell supportassist_for_home_pcs 4.0.3
CVE-2024-38485

Dell ECS, versions prior to 3.8.0, contain(s) a Host Header Injection Vulnerability. A remote low-privileged attacker could potentially exploit this vulnerability to trigger redirections that leads to sensitive information leakage.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
dell elastic_cloud_storage *
CVE-2024-38488

Dell RecoverPoint for Virtual Machines 6.0.x contains a vulnerability. An improper Restriction of Excessive Authentication vulnerability where a Network attacker could potentially exploit this vulnerability, leading to a brute force attack or a dictionary attack against the RecoverPoint login form and a complete system compromise. This allows attackers to brute-force the password of valid users in an automated manner.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security_alert@emc.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

Products Affected

Vendor Product Version
dell recoverpoint_for_virtual_machines 6.0
CVE-2024-39576

Dell Power Manager (DPM), versions 3.15.0 and prior, contains an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0

Products Affected

Vendor Product Version
dell power_manager *
CVE-2024-39577

Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability leading to code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.1 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
dell smartfabric_os10 *
CVE-2024-39578

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.1 contains a UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H 0.8 5.5

Products Affected

Vendor Product Version
dell powerscale_onefs 9.8.0.0
dell powerscale_onefs *
CVE-2024-39579

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contains an incorrect privilege assignment vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell powerscale_onefs 9.8.0.0
dell powerscale_onefs *
CVE-2024-39580

Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains an Improper Access Control vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell insightiq *
CVE-2024-39581

Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a File or Directories Accessible to External Parties vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to read, modify, and delete arbitrary files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4

Products Affected

Vendor Product Version
dell insightiq *
CVE-2024-39582

Dell PowerScale InsightIQ, version 5.0, contain a Use of hard coded Credentials vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 2.3 LOW CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N 0.8 1.4

Products Affected

Vendor Product Version
dell insightiq 5.0.0
CVE-2024-39583

Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
dell insightiq *
CVE-2024-39584

Dell Client Platform BIOS contains a Use of Default Cryptographic Key Vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Secure Boot bypass and arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0

Products Affected

Vendor Product Version
dell alienware_m15_r3_firmware *
dell alienware_aurora_r13_firmware *
dell alienware_m17_r3_firmware *
dell inspiron_15_3510_firmware *
dell xps_8950_firmware *
dell alienware_x15_r2_firmware *
dell alienware_area_51m_r2_firmware *
dell aurora_r16_firmware *
dell alienware_x17_r1_firmware *
dell alienware_m17_r4_firmware *
dell inspiron_15_3521_firmware *
dell alienware_m15_r4_firmware *
dell alienware_x17_r2_firmware *
dell inspiron_3502_firmware *
dell alienware_x14_firmware *
dell alienware_aurora_r15_amd_firmware *
dell xps_8960_firmware *
dell alienware_aurora_r15_firmware *
dell alienware_x15_r1_firmware *
dell alienware_aurora_ryzen_edition_r14_firmware *
CVE-2024-42422

Dell NetWorker, version(s) 19.10, contain(s) an Authorization Bypass Through User-Controlled Key vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L 3.9 3.7

Products Affected

Vendor Product Version
dell networker *
CVE-2024-42424

Dell Precision Rack, 14G Intel BIOS versions prior to 2.22.2, contains an Improper Input Validation vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.3 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 0.8 4.0

Products Affected

Vendor Product Version
dell 7920_xl_rack_firmware *
dell precision_7920_rack_firmware *
CVE-2024-42426

Dell PowerScale OneFS Versions 9.5.0.x through 9.8.0.x contain an uncontrolled resource consumption vulnerability. A low privilege remote attacker could potentially exploit this vulnerability, leading to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 2.8 1.4
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
dell powerscale_onefs 9.8.0.0
dell powerscale_onefs *
CVE-2024-42427

Dell ThinOS versions 2402 and 2405, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Elevation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.6 HIGH CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 0.9 6.0

Products Affected

Vendor Product Version
dell wyse_thinos 9.5.1079
dell wyse_thinos 9.5.2109
CVE-2024-45759

Dell PowerProtect Data Domain, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an escalation of privilege vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to unauthorized execution of certain commands to overwrite system config of the application. Exploitation may lead to denial of service of system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.8 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H 1.3 5.5

Products Affected

Vendor Product Version
dell data_domain_operating_system *
CVE-2024-45760

Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper access control vulnerability. A remote low privileged user could potentially exploit this vulnerability via the HTTP GET method leading to unauthorized action with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
security_alert@emc.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4

Products Affected

Vendor Product Version
dell openmanage_server_administrator *
CVE-2024-45761

Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper input validation vulnerability. A remote low-privileged malicious user could potentially exploit this vulnerability to load any web plugins or Java class leading to the possibility of altering the behavior of certain apps/OS or Denial of Service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 2.8 5.2
security_alert@emc.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L 2.8 2.5

Products Affected

Vendor Product Version
dell openmanage_server_administrator *
CVE-2024-45763

Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. This is a critical severity vulnerability so Dell recommends customers to upgrade at the earliest opportunity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

Products Affected

Vendor Product Version
dell enterprise_sonic_distribution *
CVE-2024-45764

Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) a Missing Critical Step in Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. This is a critical severity vulnerability so Dell recommends customers to upgrade at the earliest opportunity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 9.0 CRITICAL CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 2.2 6.0

Products Affected

Vendor Product Version
dell enterprise_sonic_distribution *
CVE-2024-45765

Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. This is a critical severity vulnerability as it allows high privilege OS commands to be executed with a less privileged role; so Dell recommends customers to upgrade at the earliest opportunity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

Products Affected

Vendor Product Version
dell enterprise_sonic_distribution *
CVE-2024-45766

Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Control of Generation of Code ('Code Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.0 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
dell openmanage_enterprise *
CVE-2024-45767

Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
dell openmanage_enterprise *
CVE-2024-47238

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0

Products Affected

Vendor Product Version
dell edge_gateway_3003_firmware *
dell edge_gateway_3200_firmware *
dell edge_gateway_3002_firmware *
dell edge_gateway_3000_firmware *
dell edge_gateway_3001_firmware *
dell embedded_box_pc_3000_firmware *
dell edge_gateway_5100_firmware *
dell edge_gateway_5000_firmware *
CVE-2024-47239

Dell PowerScale OneFS versions 8.2.2.x through 9.9.0.0 contain an uncontrolled resource consumption vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
security_alert@emc.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2024-47240

Dell Secure Connect Gateway (SCG) 5.24 contains an Incorrect Default Permissions vulnerability. A local attacker with low privileges can access the file system and could potentially exploit this vulnerability to gain write access to unauthorized data and cause a version update failure condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L 2.1 3.4

Products Affected

Vendor Product Version
dell secure_connect_gateway 5.24.00.14
CVE-2024-47241

Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.24, contains an Improper Certificate Validation vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access and modification of transmitted data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L 2.1 3.4

Products Affected

Vendor Product Version
dell secure_connect_gateway 5.24.00.14
CVE-2024-47475

Dell PowerScale OneFS 8.2.2.x through 9.8.0.x contains an incorrect permission assignment for critical resource vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H 1.3 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2024-47476

Dell NetWorker Management Console, version(s) 19.11, contain(s) an Improper Verification of Cryptographic Signature vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell networker_management_console 8.0.22
CVE-2024-47480

Dell Inventory Collector Client, versions prior to 12.7.0, contains an Improper Link Resolution Before File Access vulnerability. A low-privilege attacker with local access may exploit this vulnerability, potentially resulting in Elevation of Privileges and unauthorized file system access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell inventory_collector *
CVE-2024-47484

Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security_alert@emc.com 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L 3.9 4.2

Products Affected

Vendor Product Version
dell avamar_server 19.9
dell avamar_server 19.10
dell avamar_server 19.8
dell avamar_server 19.4
dell avamar_server 19.7
CVE-2024-47977

Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L 2.8 4.2
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
dell avamar_server 19.9
dell avamar_server 19.10
dell avamar_server 19.8
dell avamar_server 19.4
dell avamar_server 19.7
CVE-2024-47978

Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell nativeedge_orchestrator *
CVE-2024-47984

Dell RecoverPoint for Virtual Machines 6.0.x contains Denial of Service vulnerability. A User with Remote access could potentially exploit this vulnerability, leading to the disruption of most functionalities of the RPA persistent after reboot, resulting in need of technical support intervention in getting system back to stable state.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.8 3.6
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
dell recoverpoint_for_virtual_machines 6.0
CVE-2024-48008

Dell RecoverPoint for Virtual Machines 6.0.x contains a OS Command Injection vulnerability. An Low privileged remote attacker could potentially exploit this vulnerability leading to information disclosure ,allowing of unintended actions like reading files that may contain sensitive information

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
security_alert@emc.com 5.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 1.8 3.4

Products Affected

Vendor Product Version
dell recoverpoint_for_virtual_machines 6.0
CVE-2024-48010

Dell PowerProtect DD, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to escalation of privilege on the application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 1.2 5.2

Products Affected

Vendor Product Version
dell data_domain_operating_system *
CVE-2024-48011

Dell PowerProtect DD, versions prior to 7.7.5.50, contains an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 3.1 LOW CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N 1.6 1.4

Products Affected

Vendor Product Version
dell data_domain_operating_system *
CVE-2024-48013

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
dell smartfabric_os10 *
CVE-2024-48014

Dell BSAFE Micro Edition Suite, versions prior to 5.0.2.3 contain an Out-of-bounds Write vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
dell bsafe_micro-edition-suite *
CVE-2024-48015

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell smartfabric_os10 *
CVE-2024-48016

Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.24, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure. The attacker may be able to use exposed credentials to access the system with privileges of the compromised account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.6 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L 1.2 3.4

Products Affected

Vendor Product Version
dell secure_connect_gateway 5.24.00.14
CVE-2024-48017

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 1.2 5.2

Products Affected

Vendor Product Version
dell smartfabric_os10 *
CVE-2024-48828

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
dell smartfabric_os10 *
CVE-2024-48829

Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Control of Generation of Code ('Code Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell smartfabric_os10 *
CVE-2024-48830

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell smartfabric_os10 *
CVE-2024-48831

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) a Use of Hard-coded Password vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.5 5.9

Products Affected

Vendor Product Version
dell smartfabric_os10 *
CVE-2024-48837

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell smartfabric_os10 *
CVE-2024-48838

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a Files or Directories Accessible to External Parties vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 1.8 1.4

Products Affected

Vendor Product Version
dell smartfabric_os10 *
CVE-2024-49557

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell smartfabric_os10 *
CVE-2024-49558

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell smartfabric_os10 *
CVE-2024-49559

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Use of Default Password vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
dell smartfabric_os10 *
CVE-2024-49560

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a command injection vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell smartfabric_os10 *
CVE-2024-49561

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell smartfabric_os10 *
CVE-2024-49563

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges and elevation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell unity_operating_environment *
CVE-2024-49564

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges and elevation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell unity_operating_environment *
CVE-2024-49565

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell unity_operating_environment *
CVE-2024-49595

Dell Wyse Management Suite, version WMS 4.4 and before, contain an Authentication Bypass by Capture-replay vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.6 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L 2.3 4.7

Products Affected

Vendor Product Version
dell wyse_management_suite *
CVE-2024-49596

Dell Wyse Management Suite, version WMS 4.4 and prior, contain a Missing Authorization vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service and arbitrary file deletion

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H 0.7 5.2

Products Affected

Vendor Product Version
dell wyse_management_suite *
CVE-2024-49597

Dell Wyse Management Suite, versions WMS 4.4 and prior, contain an Improper Restriction of Excessive Authentication Attempts vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.6 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L 2.3 4.7

Products Affected

Vendor Product Version
dell wyse_management_suite *
CVE-2024-49600

Dell Power Manager (DPM), versions prior to 3.17, contain an improper access control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of Privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell power_manager *
CVE-2024-49601

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
dell unity_operating_environment *
CVE-2024-49602

Dell PowerScale OneFS Versions 8.2.2.x through 9.8.0.x contain an improper resource unlocking vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
dell powerscale_onefs 9.8.0.0
dell powerscale_onefs *
CVE-2024-49603

Dell PowerScale OneFS Versions 8.2.2.x through 9.9.0.x contain an incorrect specified argument vulnerability. A remote low privileged legitimate user could potentially exploit this vulnerability, leading to information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2024-51532

Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2
security_alert@emc.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

Products Affected

Vendor Product Version
dell powerstoreos *
CVE-2024-51534

Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain a path traversal vulnerability. A local low privileged could potentially exploit this vulnerability to gain unauthorized overwrite of OS files stored on the server filesystem. Exploitation could lead to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2
security_alert@emc.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

Products Affected

Vendor Product Version
dell data_domain_operating_system *
CVE-2024-51539

The Dell Secure Connect Gateway (SCG) Application and Appliance, versions prior to 5.28, contains a SQL injection vulnerability due to improper neutralization of special elements used in an SQL command. This vulnerability can only be exploited locally on the affected system. A high-privilege attacker with access to the system could potentially exploit this vulnerability, leading to the disclosure of non-sensitive information that does not include any customer data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 2.3 LOW CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N 0.8 1.4

Products Affected

Vendor Product Version
dell secure_connect_gateway *
CVE-2024-51540

Dell ECS, versions prior to 3.8.1.3 contains an arithmetic overflow vulnerability exists in retention period handling of ECS. An authenticated user with bucket or object-level access and the necessary privileges could potentially exploit this vulnerability to bypass retention policies and delete objects.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6
security_alert@emc.com 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 2.8 5.2

Products Affected

Vendor Product Version
dell elastic_cloud_storage *
CVE-2024-52534

Dell ECS, version(s) prior to ECS 3.8.1.3, contain(s) an Authentication Bypass by Capture-replay vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Session theft.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.8 2.5
security_alert@emc.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

Products Affected

Vendor Product Version
dell elastic_cloud_storage *
CVE-2024-52535

Dell SupportAssist for Home PCs versions 4.6.1 and prior and Dell SupportAssist for Business PCs versions 4.5.0 and prior, contain a symbolic link (symlink) attack vulnerability in the software remediation component. A low-privileged authenticated user could potentially exploit this vulnerability, gaining privileges escalation, leading to arbitrary deletion of files and folders from the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
security_alert@emc.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

Products Affected

Vendor Product Version
dell supportassist_for_home_pcs *
dell supportassist_for_business_pcs *
CVE-2024-52537

Dell Client Platform Firmware Update Utility contains an Improper Link Resolution vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
security_alert@emc.com 6.3 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H 0.3 5.9

Products Affected

Vendor Product Version
dell dock_wd22tb4_firmware_update_utility *
dell dock_wd19_firmware_update_utility *
dell dock_hd22q_firmware_update_utility *
CVE-2024-52538

Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
security_alert@emc.com 7.6 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L 2.8 4.7

Products Affected

Vendor Product Version
dell avamar_server 19.9
dell avamar_server 19.10
dell avamar_server 19.8
dell avamar_server 19.4
dell avamar_server 19.7
CVE-2024-52541

Dell Client Platform BIOS contains a Weak Authentication vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0

Products Affected

Vendor Product Version
dell optiplex_3090_firmware *
dell xps_17_9730_firmware *
dell optiplex_7480_all-in-one_firmware *
dell edge_gateway_3002_firmware *
dell inspiron_3030_firmware *
dell vostro_3710_firmware *
dell inspiron_7710_all-in-one_firmware *
dell latitude_3410_firmware *
dell inspiron_15_3530_firmware *
dell latitude_7390_2-in-1_firmware *
dell inspiron_5400_firmware *
dell optiplex_7400_all-in-one_firmware *
dell vostro_15_3520_firmware *
dell latitude_7210_2-in-1_firmware *
dell xps_13_plus_9320_firmware *
dell optiplex_all-in-one_7410_firmware *
dell latitude_3520_firmware *
dell xps_15_9520_firmware *
dell inspiron_5409_firmware *
dell inspiron_7700_all-in-one_firmware *
dell latitude_7440_firmware *
dell vostro_3020_tower_desktop_firmware *
dell optiplex_micro_7020_firmware *
dell latitude_7480_firmware *
dell xps_15_9530_firmware *
dell xps_9315_2-in-1_firmware *
dell optiplex_tower_7010_firmware *
dell latitude_7230_rugged_extreme_firmware *
dell precision_3630_tower_firmware *
dell precision_7820_tower_firmware *
dell optiplex_7490_all-in-one_firmware *
dell inspiron_24_5430_all-in-one_firmware *
dell precision_tower_7865_firmware *
dell inspiron_5410_all-in-one_firmware *
dell inspiron_16_5640_firmware *
dell latitude_7350_detachable_firmware *
dell alienware_x16_r1_firmware *
dell precision_3430_tower_firmware *
dell optiplex_5400_all-in-one_firmware *
dell latitude_9410_firmware *
dell precision_3240_compact_firmware *
dell inspiron_3030s_firmware *
dell precision_5530_firmware *
dell alienware_m15_r6_firmware *
dell precision_3571_firmware *
dell latitude_5491_firmware *
dell vostro_5502_firmware *
dell precision_5760_firmware *
dell precision_5820_tower_firmware *
dell optiplex_3000_small_form_factor_firmware *
dell vostro_15_3530_firmware *
dell inspiron_16_7620_2-in-1_firmware *
dell inspiron_16_plus_7640_firmware *
dell inspiron_14_7420_2-in-1_firmware *
dell inspiron_3880_firmware *
dell optiplex_7000_small_form_factor_firmware *
dell inspiron_16_7640_2-in-1_firmware *
dell vostro_3400_firmware *
dell edge_gateway_3001_firmware *
dell latitude_7380_firmware *
dell latitude_7420_firmware *
dell latitude_7220_rugged_extreme_firmware *
dell latitude_9440_2-in-1_firmware *
dell xps_17_9710_firmware *
dell optiplex_3090_ultra_firmware *
dell precision_3551_firmware *
dell precision_7680_firmware *
dell xps_15_9510_firmware *
dell optiplex_aio_7420_firmware *
dell optiplex_7070_firmware *
dell latitude_5340_firmware *
dell precision_7740_firmware *
dell vostro_3890_firmware *
dell xps_15_9500_firmware *
dell precision_7560_firmware *
dell precision_7760_firmware *
dell optiplex_5000_tower_firmware *
dell precision_3650_tower_firmware *
dell vostro_13_5310_firmware *
dell latitude_9520_firmware *
dell inspiron_7506_2-in-1_firmware *
dell wyse_5470_all-in-one_firmware *
dell precision_5530_2-in-1_firmware *
dell latitude_7300_firmware *
dell precision_3581_firmware *
dell latitude_3320_firmware *
dell precision_3420_tower_firmware *
dell precision_3580_firmware *
dell latitude_5401_firmware *
dell vostro_3888_firmware *
dell optiplex_micro_7010_firmware *
dell precision_5860_tower_firmware *
dell latitude_5320_firmware *
dell xps_13_9340_firmware *
dell xps_17_9700_firmware *
dell latitude_5290_firmware *
dell latitude_rugged_7220ex_firmware *
dell inspiron_14_plus_7440_firmware *
dell precision_3560_firmware *
dell latitude_7320_detachable_firmware *
dell latitude_3510_firmware *
dell g15_5511_firmware *
dell inspiron_7306_2-in-1_firmware *
dell xps_13_9315_firmware *
dell inspiron_13_5320_firmware *
dell optiplex_xe4_sff_firmware *
dell vostro_3690_firmware *
dell latitude_5510_firmware *
dell xps_17_9720_firmware *
dell latitude_9420_firmware *
dell precision_3450_firmware *
dell latitude_7400_2-in-1_firmware *
dell latitude_7640_firmware *
dell optiplex_3000_thin_client_firmware *
dell latitude_7280_firmware *
dell latitude_7290_firmware *
dell optiplex_5055_ryzen_cpu_firmware *
dell latitude_5300_firmware *
dell inspiron_15_7510_firmware *
dell latitude_7450_firmware *
dell latitude_7320_firmware *
dell latitude_5440_firmware *
dell xps13_9305_firmware *
dell precision_5560_firmware *
dell xps_13_9310_2-in-1_firmware *
dell optiplex_7071_firmware *
dell xps_14_9440_firmware *
dell latitude_3340_firmware *
dell precision_5570_firmware *
dell optiplex_7780_all-in-one_firmware *
dell optiplex_sff_7020_firmware *
dell precision_3431_tower_firmware *
dell latitude_5530_firmware *
dell latitude_7530_firmware *
dell xps_16_9640_firmware *
dell inspiron_5502_firmware *
dell inspiron_5406_2-in-1_firmware *
dell latitude_5290_2-in-1_firmware *
dell latitude_7650_firmware *
dell precision_3440_firmware *
dell xps_13_9310_firmware *
dell optiplex_5055_ryzen_apu_firmware *
dell latitude_5580_firmware *
dell latitude_3120_firmware *
dell latitude_7410_firmware *
dell latitude_3189_firmware *
dell precision_5490_firmware *
dell precision_3460_small_form_factor_firmware *
dell precision_5750_firmware *
dell vostro_3681_firmware *
dell vostro_5320_firmware *
dell vostro_7620_firmware *
dell optiplex_3000_tower_firmware *
dell inspiron_15_3511_firmware *
dell alienware_m16_r2_firmware *
dell latitude_9330_firmware *
dell inspiron_14_5420_firmware *
dell latitude_5495_firmware *
dell optiplex_3080_firmware *
dell latitude_3540_firmware *
dell latitude_7424_rugged_extreme_firmware *
dell g16_7620_firmware *
dell inspiron_5402_firmware *
dell precision_7520_firmware *
dell latitude_3400_firmware *
dell latitude_5531_firmware *
dell vostro_15_5510_firmware *
dell latitude_3180_firmware *
dell vostro_5620_firmware *
dell alienware_x16_r2_firmware *
dell latitude_5500_firmware *
dell latitude_7340_firmware *
dell latitude_5330_firmware *
dell latitude_3440_firmware *
dell xps_9320_firmware *
dell wyse_5070_firmware *
dell chengming_3990_firmware *
dell inspiron_5301_firmware *
dell precision_7960_xl_tower_firmware *
dell precision_3660_firmware *
dell inspiron_3881_firmware *
dell optiplex_xe4_tower_firmware *
dell optiplex_7090_ultra_firmware *
dell inspiron_14_plus_7420_firmware *
dell precision_5860_xl_tower_firmware *
dell precision_3550_firmware *
dell optiplex_3280_all-in-one_firmware *
dell optiplex_5480_all-in-one_firmware *
dell precision_5470_firmware *
dell latitude_3530_firmware *
dell optiplex_small_form_factor_7010_firmware *
dell latitude_7330_firmware *
dell precision_3930_rack_firmware *
dell xps_15_7590_firmware *
dell edge_gateway_3003_firmware *
dell inspiron_15_5518_firmware *
dell precision_3590_firmware *
dell g5_5000_firmware *
dell latitude_5430_rugged_laptop_firmware *
dell precision_7540_firmware *
dell alienware_x14_r2_firmware *
dell latitude_5550_firmware *
dell inspiron_5410_firmware *
dell optiplex_7770_all-in-one_firmware *
dell precision_7875_tower_firmware *
dell vostro_14_5410_firmware *
dell precision_3470_firmware *
dell precision_3591_firmware *
dell latitude_7490_firmware *
dell latitude_7520_firmware *
dell latitude_3310_2-in-1_firmware *
dell latitude_7330_rugged_laptop_firmware *
dell optiplex_3000_micro_firmware *
dell vostro_16_5640_firmware *
dell precision_5480_firmware *
dell latitude_5410_firmware *
dell inspiron_15_3520_firmware *
dell latitude_3430_firmware *
dell inspiron_5401_firmware *
dell optiplex_7470_all-in-one_firmware *
dell optiplex_3050_all-in-one_firmware *
dell optiplex_7000_micro_firmware *
dell edge_gateway_5000_firmware *
dell alienware_m16_r1_firmware *
dell latitude_5411_firmware *
dell optiplex_5090_micro_firmware *
dell precision_3480_firmware *
dell optiplex_xe3_firmware *
dell precision_3570_firmware *
dell vostro_15_3515_firmware *
dell precision_5540_firmware *
dell embedded_box_pc_5000_firmware *
dell precision_7730_firmware *
dell inspiron_7501_firmware *
dell inspiron_15_3510_firmware *
dell latitude_5490_firmware *
dell optiplex_5000_micro_firmware *
dell latitude_5520_firmware *
dell precision_3561_firmware *
dell vostro_14_3430_firmware *
dell latitude_5431_firmware *
dell vostro_3881_firmware *
dell inspiron_5509_firmware *
dell inspiron_16_7630_2-in-1_firmware *
dell latitude_5521_firmware *
dell vostro_3500_firmware *
dell vostro_3501_firmware *
dell optiplex_5080_firmware *
dell precision_5690_firmware *
dell latitude_5420_firmware *
dell inspiron_14_5410_firmware *
dell inspiron_3891_firmware *
dell latitude_7200_2-in-1_firmware *
dell inspiron_3910_firmware *
dell inspiron_14_5430_firmware *
dell precision_3620_tower_firmware *
dell precision_7770_firmware *
dell latitude_3300_firmware *
dell latitude_9510_2in1_firmware *
dell optiplex_5070_firmware *
dell inspiron_16_7610_firmware *
dell latitude_5310_2-in-1_firmware *
dell latitude_7212_rugged_extreme_tablet_firmware *
dell latitude_5540_firmware *
dell latitude_5501_firmware *
dell vostro_15_7510_firmware *
dell vostro_3910_firmware *
dell latitude_7390_firmware *
dell alienware_m18_r1_firmware *
dell inspiron_16_5630_firmware *
dell inspiron_7300_firmware *
dell optiplex_7070_ultra_firmware *
dell optiplex_7080_firmware *
dell inspiron_7400_firmware *
dell inspiron_24_5420_all-in-one_firmware *
dell latitude_3420_firmware *
dell precision_7750_firmware *
dell latitude_3190_firmware *
dell chengming_3991_firmware *
dell xps_13_9300_firmware *
dell latitude_5424_rugged_firmware *
dell precision_5550_firmware *
dell inspiron_7706_2-in-1_firmware *
dell latitude_5300_2-in-1_firmware *
dell precision_7960_tower_firmware *
dell vostro_5880_firmware *
dell optiplex_tower_7020_firmware *
dell alienware_m15_r7_firmware *
dell inspiron_5401_aio_firmware *
dell inspiron_3020_desktop_firmware *
dell latitude_5400_firmware *
dell optiplex_5090_tower_firmware *
dell latitude_5310_firmware *
dell latitude_9450_firmware *
dell inspiron_14_5418_firmware *
dell precision_7550_firmware *
dell precision_3540_firmware *
dell chengming_3900_firmware *
dell inspiron_27_7730_all-in-one_firmware *
dell latitude_3140_firmware *
dell vostro_16_5630_firmware *
dell inspiron_13_5310_firmware *
dell optiplex_5270_all-in-one_firmware *
dell latitude_5430_firmware *
dell precision_7670_firmware *
dell latitude_3450_firmware *
dell optiplex_small_form_factor_plus_7010_firmware *
dell inspiron_14_5440_firmware *
dell optiplex_micro_plus_7010_firmware *
dell precision_7920_tower_firmware *
dell precision_3260_compact_firmware *
dell inspiron_14_7430_2-in-1_firmware *
dell chengming_3910_firmware *
dell alienware_m18_r2_firmware *
dell inspiron_16_plus_7620_firmware *
dell vostro_5301_firmware *
dell latitude_3190_2-in-1_firmware *
dell precision_3541_firmware *
dell precision_5770_firmware *
dell optiplex_7000_tower_firmware *
dell g16_7630_firmware *
dell latitude_5480_firmware *
dell precision_7720_firmware *
dell latitude_3500_firmware *
dell inspiron_16_plus_7630_firmware *
dell latitude_5421_firmware *
dell vostro_5890_firmware *
dell xps_13_7390_2-in-1_firmware *
dell precision_3680_tower_firmware *
dell latitude_3550_firmware *
dell optiplex_7000_xe_micro_firmware *
dell optiplex_5490_all-in-one_firmware *
dell latitude_7310_firmware *
dell vostro_3020_small_desktop_firmware *
dell g15_5530_firmware *
dell optiplex_7090_tower_firmware *
dell optiplex_5055_a-serial_firmware *
dell latitude_12_rugged_extreme_7214_firmware *
dell optiplex_3070_firmware *
dell chengming_3911_firmware *
dell latitude_9430_firmware *
dell vostro_14_3420_firmware *
dell precision_7530_firmware *
dell latitude_7400_firmware *
dell latitude_5350_firmware *
dell wyse_5470_firmware *
dell vostro_5402_firmware *
dell precision_7780_firmware *
dell latitude_7430_firmware *
dell latitude_5591_firmware *
dell vostro_7500_firmware *
dell precision_3460_xe_small_form_factor_firmware *
dell precision_3260_xe_compact_firmware *
dell vostro_3030s_firmware *
dell latitude_3390_2-in-1_firmware *
dell latitude_5420_rugged_firmware *
dell latitude_5488_firmware *
dell embedded_box_pc_3000_firmware *
dell latitude_3330_firmware *
dell vostro_3401_firmware *
dell latitude_7030_rugged_extreme_firmware *
dell latitude_5511_firmware *
dell precision_3530_firmware *
dell inspiron_3501_firmware *
dell g15_5510_firmware *
dell latitude_7350_firmware *
dell latitude_3140_2in1_firmware *
dell latitude_5590_firmware *
dell precision_3640_firmware *
dell inspiron_14_plus_7430_firmware *
dell xps_13_7390_firmware *
dell precision_3280_cff_firmware *
dell wyse_7040_thin_client_firmware *
dell vostro_15_3510_firmware *
dell vostro_3030_firmware *
dell xps_8940_firmware *
dell inspiron_7500_firmware *
dell inspiron_15_5510_firmware *
dell optiplex_tower_plus_7010_firmware *
dell latitude_5450_firmware *
dell precision_5680_firmware *
dell inspiron_27_7720_all-in-one_firmware *
dell g15_5520_firmware *
dell inspiron_13_5330_firmware *
dell inspiron_14_7440_2-in-1_firmware *
dell vostro_14_3440_firmware *
dell latitude_3310_firmware *
dell precision_3490_firmware *
dell optiplex_5000_small_form_factor_firmware *
dell inspiron_3020_small_desktop_firmware *
dell optiplex_5090_small_form_factor_firmware *
dell inspiron_16_5620_firmware *
CVE-2024-52542

Dell AppSync, version 4.6.0.x, contain a Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 1.8 3.6
security_alert@emc.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L 1.8 2.5

Products Affected

Vendor Product Version
dell appsync *
CVE-2024-52543

Dell NativeEdge, version(s) 2.1.0.0, contain(s) a Creation of Temporary File With Insecure Permissions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6
security_alert@emc.com 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H 0.6 5.9

Products Affected

Vendor Product Version
dell nativeedge_orchestrator *
CVE-2024-53289

Dell ThinOS version 2408 contains a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

Products Affected

Vendor Product Version
dell thinos 2408
CVE-2024-53290

Dell ThinOS version 2408 contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Command execution

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.5 5.9
nvd@nist.gov 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.5 5.9

Products Affected

Vendor Product Version
dell thinos 2408
CVE-2024-53291

Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Exposure of Sensitive Information Through Metadata vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 1.6 5.9
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
dell nativeedge_orchestrator *
CVE-2024-53292

Dell VxVerify, versions prior to x.40.405, contain a Plain-text Password Storage Vulnerability in the shell wrapper. A local high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable component with privileges of the compromised account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
security_alert@emc.com 7.2 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H 0.6 6.0

Products Affected

Vendor Product Version
dell vxrail_hyperconverged_infrastructure *
CVE-2024-53295

Dell PowerProtect DD versions prior to 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of privilege.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell data_domain_operating_system *
CVE-2024-53296

Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow vulnerability in the RestAPI. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 2.7 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L 1.2 1.4
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

Products Affected

Vendor Product Version
dell data_domain_operating_system *
CVE-2024-53298

Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1, contains a missing authorization vulnerability in the NFS export. An unauthenticated attacker with remote access could potentially exploit this vulnerability leading to unauthorized filesystem access. The attacker may be able to read, modify, and delete arbitrary files. This vulnerability is considered critical as it can be leveraged to fully compromise the system. Dell recommends customers to upgrade at the earliest opportunity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2025-21101

Dell Display Manager, versions prior to 2.3.2.20, contain a race condition vulnerability. A local malicious user could potentially exploit this vulnerability during installation, leading to arbitrary folder or file deletion.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.3 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H 1.0 5.2
security_alert@emc.com 6.6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H 1.3 5.2

Products Affected

Vendor Product Version
dell display_manager *
CVE-2025-21102

Dell VxRail, versions 7.0.000 through 7.0.532, contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6

Products Affected

Vendor Product Version
dell vxrail_e560_vcf_firmware *
dell vxrail_e665f_firmware *
dell vxrail_p570f_firmware *
dell vxrail_p570f_vcf_firmware *
dell vxrail_p580n_firmware *
dell vxrail_vd-4000w_firmware *
dell vxrail_e660n_firmware *
dell vxrail_e560n_firmware *
dell vxrail_s570_firmware *
dell vxrail_d560_firmware *
dell vxrail_v470_firmware *
dell vxrail_vd-4510c_firmware *
dell vxrail_s570_vcf_firmware *
dell vxrail_v670f_firmware *
dell vxrail_e660_firmware *
dell vxrail_v570_firmware *
dell vxrail_p670f_firmware *
dell vxrail_p675n_firmware *
dell vxrail_s470_firmware *
dell vxrail_p670n_firmware *
dell vxrail_vd-4000r_firmware *
dell vxrail_p675f_firmware *
dell vxrail_e560_firmware *
dell vxrail_e665n_firmware *
dell vxrail_vd-4000z_firmware *
dell vxrail_g560f_firmware *
dell vxrail_s670_firmware *
dell vxrail_p470_firmware *
dell vxrail_p570_vcf_firmware *
dell vxrail_e560f_firmware *
dell vxrail_e660f_firmware *
dell vxrail_g560_vcf_firmware *
dell vxrail_p570_firmware *
dell vxrail_e665_firmware *
dell vxrail_e560n_vcf_firmware *
dell vxrail_g560_firmware *
dell vxrail_d560f_firmware *
dell vxrail_vd-4520c_firmware *
dell vxrail_p580n_vcf_firmware *
dell vxrail_e460_firmware *
dell vxrail_e560f_vcf_firmware *
dell vxrail_v570_vcf_firmware *
CVE-2025-21103

Dell NetWorker Management Console, version(s) 19.11 through 19.11.0.3 & Versions prior to 19.10.0.7 contain(s) an improper neutralization of server-side vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability and run arbitrary code on the server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell networker *
CVE-2025-21104

Dell NetWorker, versions prior to 19.11.0.4 and version 19.12, contains an URL Redirection to Untrusted Site ('Open Redirect') Vulnerability in NetWorker Management Console. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to a targeted application user being redirected to arbitrary web URLs. The vulnerability could be leveraged by attackers to conduct phishing attacks that cause users to divulge sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 2.8 3.6
security_alert@emc.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
dell networker *
dell networker 19.12
CVE-2025-21105

Dell RecoverPoint for Virtual Machines 6.0.X contains a command execution vulnerability. A Low privileged malicious user with local access could potentially exploit this vulnerability by running the specific binary and perform any administrative action permitted by it resulting in shutting down the server, modifying the configuration leading to gain access to unauthorized data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L 1.8 4.7

Products Affected

Vendor Product Version
dell recoverpoint_for_virtual_machines 6.0
CVE-2025-21106

Dell Recover Point for Virtual Machines 6.0.X contains a Weak file system permission vulnerability. A low privileged Local attacker could potentially exploit this vulnerability, leading to impacting only non-sensitive resources in the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
dell recoverpoint_for_virtual_machines 6.0
CVE-2025-21107

Dell NetWorker, version(s) prior to 19.11.0.3, all versions of 19.10 & prior versions contain(s) an Unquoted Search Path or Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell networker *
CVE-2025-21110

Dell Data Lakehouse, versions prior to 1.5.0.0, contains an Execution with Unnecessary Privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H 1.5 4.7
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.8 3.6

Products Affected

Vendor Product Version
dell data_lakehouse *
CVE-2025-21111

Dell VxRail, versions 8.0.000 through 8.0.311, contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 0.8 6.0
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6

Products Affected

Vendor Product Version
dell vxrail_e560_vcf_firmware *
dell vxrail_e665f_firmware *
dell vxrail_p570f_firmware *
dell vxrail_p570f_vcf_firmware *
dell vxrail_p580n_firmware *
dell vxrail_vd-4000w_firmware *
dell vxrail_e660n_firmware *
dell vxrail_e560n_firmware *
dell vxrail_s570_firmware *
dell vxrail_d560_firmware *
dell vxrail_v470_firmware *
dell vxrail_vd-4510c_firmware *
dell vxrail_s570_vcf_firmware *
dell vxrail_v670f_firmware *
dell vxrail_e660_firmware *
dell vxrail_v570_firmware *
dell vxrail_p670f_firmware *
dell vxrail_p675n_firmware *
dell vxrail_s470_firmware *
dell vxrail_p670n_firmware *
dell vxrail_vd-4000r_firmware *
dell vxrail_p675f_firmware *
dell vxrail_e560_firmware *
dell vxrail_e665n_firmware *
dell vxrail_vd-4000z_firmware *
dell vxrail_g560f_firmware *
dell vxrail_s670_firmware *
dell vxrail_p470_firmware *
dell vxrail_p570_vcf_firmware *
dell vxrail_e560f_firmware *
dell vxrail_e660f_firmware *
dell vxrail_g560_vcf_firmware *
dell vxrail_p570_firmware *
dell vxrail_e665_firmware *
dell vxrail_e560n_vcf_firmware *
dell vxrail_g560_firmware *
dell vxrail_d560f_firmware *
dell vxrail_vd-4520c_firmware *
dell vxrail_p580n_vcf_firmware *
dell vxrail_e460_firmware *
dell vxrail_e560f_vcf_firmware *
dell vxrail_v570_vcf_firmware *
CVE-2025-21120

Dell Avamar, versions prior to 19.10 SP1 with patch 338904, contains a Trusting HTTP Permission Methods on the Server-Side vulnerability in Security. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.3 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L 2.8 5.5

Products Affected

Vendor Product Version
dell avamar 19.10
dell avamar 19.8
dell avamar 19.4
dell avamar 19.9
dell avamar 19.7
dell avamar 19.12
CVE-2025-22394

Dell Display Manager, versions prior to 2.3.2.18, contain a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to code execution and possibly privilege escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell display_manager *
CVE-2025-22395

Dell Update Package Framework, versions prior to 22.01.02, contain(s) a Local Privilege Escalation Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary remote scripts on the server. Exploitation may lead to a denial of service by an attacker.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H 1.5 6.0

Products Affected

Vendor Product Version
dell update_package_framework *
CVE-2025-22397

Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G versions 6.10.80.00 through 7.20.10.50 and Dell Integrated Dell Remote Access Controller 10, 17G versions prior to 1.20.25.00, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:H 1.2 5.5

Products Affected

Vendor Product Version
dell idrac9_firmware *
dell idrac10_firmware *
CVE-2025-22398

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution as root. Exploitation may lead to a system take over by an attacker. This vulnerability is considered critical as it can be leveraged to completely compromise the operating system. Dell recommends customers to upgrade at the earliest opportunity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
dell unity_operating_environment *
CVE-2025-22399

Dell UCC Edge, version 2.3.0, contains a Blind SSRF on Add Customer SFTP Server vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Server-side request forgery

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.9 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L 2.5 4.7

Products Affected

Vendor Product Version
dell utility_configuration_collector_edge 2.3.0
CVE-2025-22402

Dell Update Manager Plugin, version(s) 1.5.0 through 1.6.0, contain(s) an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7
security_alert@emc.com 2.6 LOW CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N 1.2 1.4

Products Affected

Vendor Product Version
dell update_manager_plugin *
CVE-2025-22471

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an integer overflow or wraparound vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2025-22472

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to execution of commands with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell smartfabric_os10 *
CVE-2025-22473

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell smartfabric_os10 *
CVE-2025-22474

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) a Server-Side Request Forgery (SSRF) vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N 2.3 4.0

Products Affected

Vendor Product Version
dell smartfabric_os10 *
CVE-2025-22475

Dell PowerProtect DD, versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.10 contains a use of a Cryptographic Primitive with a Risky Implementation vulnerability. A remote attacker could potentially exploit this vulnerability, leading to Information tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
security_alert@emc.com 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 2.2 1.4

Products Affected

Vendor Product Version
dell data_domain_operating_system *
CVE-2025-22476

Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Remote execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2.1 3.4

Products Affected

Vendor Product Version
dell storage_manager 2020
dell storage_manager *
CVE-2025-22477

Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Elevation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.3 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L 2.8 5.5
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
dell storage_manager 2016
dell storage_manager 2020
dell storage_manager 16.3.20
CVE-2025-22478

Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure and Information tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 2.8 5.2
security_alert@emc.com 8.1 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 2.8 5.2

Products Affected

Vendor Product Version
dell storage_manager 2016
dell storage_manager 2020
dell storage_manager 16.3.20
CVE-2025-22479

Dell Storage Center - Dell Storage Manager, version(s) 20.0.21, contain(s) an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 2.8 1.4
security_alert@emc.com 3.5 LOW CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N 2.1 1.4

Products Affected

Vendor Product Version
dell storage_manager 2016
dell storage_manager 2020
dell storage_manager 16.3.20
CVE-2025-22480

Dell SupportAssist OS Recovery versions prior to 5.5.13.1 contain a symbolic link attack vulnerability. A low-privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary file deletion and Elevation of Privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell supportassist_os_recovery *
dell supportassist *
CVE-2025-23374

Dell Networking Switches running Enterprise SONiC OS, version(s) prior to 4.4.1 and 4.2.3, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6
security_alert@emc.com 8.0 HIGH CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 1.3 6.0

Products Affected

Vendor Product Version
dell enterprise_sonic_distribution 4.4.0
dell enterprise_sonic_distribution *
CVE-2025-23375

Dell PowerProtect Data Manager Reporting, version(s) 19.17, contain(s) an Incorrect Use of Privileged APIs vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell powerprotect_data_manager 19.17
CVE-2025-23376

Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper Neutralization of Special Elements Used in a Template Engine vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 2.3 LOW CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N 0.8 1.4
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6

Products Affected

Vendor Product Version
dell powerprotect_data_manager 19.16
dell powerprotect_data_manager 19.18
dell powerprotect_data_manager 19.17
CVE-2025-23377

Dell PowerProtect Data Manager Reporting, version(s) 19.17, 19.18 contain(s) an Improper Encoding or Escaping of Output vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to inject arbitrary web script or html in reporting outputs.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N 0.6 3.6
nvd@nist.gov 3.4 LOW CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N 0.8 2.5

Products Affected

Vendor Product Version
dell powerprotect_data_manager 19.18
dell powerprotect_data_manager 19.17
CVE-2025-23378

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an exposure of information through directory listing vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 1.8 1.4

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2025-23379

Dell Storage Center - Dell Storage Manager, version(s) 21.0.20, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 3.5 LOW CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N 2.1 1.4
nvd@nist.gov 5.2 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.1 2.7

Products Affected

Vendor Product Version
dell storage_manager 2016
dell storage_manager 2020
dell storage_manager 16.3.20
CVE-2025-23382

Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, contain(s) an Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.c

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.5 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L 1.3 3.7
nvd@nist.gov 5.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N 1.3 4.0

Products Affected

Vendor Product Version
dell secure_connect_gateway 5.26.00.20
CVE-2025-23383

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell unity_operating_environment *
CVE-2025-24377

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell unity_operating_environment *
CVE-2025-24378

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell unity_operating_environment *
CVE-2025-24379

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell unity_operating_environment *
CVE-2025-24380

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell unity_operating_environment *
CVE-2025-24381

Dell Unity, version(s) 5.4 and prior, contain(s) an URL Redirection to Untrusted Site ('Open Redirect') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to a targeted application user being redirected to arbitrary web URLs. The vulnerability could be leveraged by attackers to conduct phishing attacks that cause users to divulge sensitive information. Exploitation may allow for session theft.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
dell unity_operating_environment *
CVE-2025-24382

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4

Products Affected

Vendor Product Version
dell unity_operating_environment *
CVE-2025-24383

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to delete arbitrary files. This vulnerability is considered critical as it can be leveraged to delete critical system files as root. Dell recommends customers to upgrade at the earliest opportunity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2

Products Affected

Vendor Product Version
dell unity_operating_environment *
CVE-2025-24385

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell unity_operating_environment *
CVE-2025-24386

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell unity_operating_environment *
CVE-2025-26330

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an incorrect authorization vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability to access the cluster with previous privileges of a disabled user account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 1.0 5.9

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2025-26331

Dell ThinOS 2411 and prior, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell thinos *
CVE-2025-26332

TechAdvisor versions 2.6 through 3.37-30 for Dell XtremIO X2, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0

Products Affected

Vendor Product Version
dell xtremio_management_server *
dell techadvisor *
CVE-2025-26333

Dell BSAFE Crypto-J generates an error message that includes sensitive information about its environment and associated data. A remote attacker could potentially exploit this vulnerability, leading to information exposure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

Products Affected

Vendor Product Version
dell bsafe_crypto-j 7.0
dell bsafe_crypto-j *
CVE-2025-26335

Dell PowerProtect Cyber Recovery, versions prior to 19.18.0.2, contains an Insertion of Sensitive Information Into Sent Data vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 1.3 4.0
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

Products Affected

Vendor Product Version
dell powerprotect_cyber_recovery *
CVE-2025-26336

Dell Chassis Management Controller Firmware for Dell PowerEdge FX2, version(s) prior to 2.40.200.202101130302, and Dell Chassis Management Controller Firmware for Dell PowerEdge VRTX version(s) prior to 3.41.200.202209300499, contain(s) a Stack-based Buffer Overflow vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Remote execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security_alert@emc.com 8.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H 2.8 5.5

Products Affected

Vendor Product Version
dell chassis_management_controller_for_poweredge_vrtx_firmware *
dell chassis_management_controller_for_poweredge_fx2_firmware *
CVE-2025-26475

Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, Enables Live-Restore setting which enhances security by keeping containers running during daemon restarts, reducing attack exposure, preventing accidental misconfigurations, and ensuring security controls remain active.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L 1.3 3.7
security_alert@emc.com 5.5 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L 1.3 3.7

Products Affected

Vendor Product Version
dell secure_connect_gateway 5.26.00.20
CVE-2025-26476

Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0, contain a Use of Hard-coded Cryptographic Key vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.5 5.9

Products Affected

Vendor Product Version
dell elastic_cloud_storage *
dell objectscale 4.0.0.0
CVE-2025-26477

Dell ECS version 3.8.1.4 and prior contain an Improper Input Validation vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
security_alert@emc.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4

Products Affected

Vendor Product Version
dell objectscale *
dell elastic_cloud_storage *
CVE-2025-26478

Dell ECS version 3.8.1.4 and prior contain an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 3.1 LOW CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 1.6 1.4
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
dell objectscale *
dell elastic_cloud_storage *
CVE-2025-26479

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an out-of-bounds write vulnerability. An attacker could potentially exploit this vulnerability in NFS workflows, leading to data integrity issues.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 3.1 LOW CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N 1.6 1.4

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2025-26480

Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.0, contains an uncontrolled resource consumption vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2025-26481

Dell PowerScale OneFS, versions 9.4.0.0 through 9.9.0.0, contains an uncontrolled resource consumption vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2025-26482

Dell PowerEdge Server BIOS and Dell iDRAC9, all versions, contains an Information Disclosure vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information Disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

Products Affected

Vendor Product Version
dell emc_storage_nx3240_firmware *
dell emc_xc_core_xc650_firmware *
dell poweredge_r260_firmware *
dell poweredge_r640_firmware *
dell poweredge_t640_firmware *
dell poweredge_t140_firmware *
dell poweredge_r960_firmware *
dell poweredge_xr8610t_firmware *
dell poweredge_r350_firmware *
dell poweredge_c6620_firmware *
dell poweredge_hs5620_firmware *
dell poweredge_r670_firmware *
dell poweredge_fc640_firmware *
dell poweredge_r940xa_firmware *
dell poweredge_t160_firmware *
dell poweredge_r7515_firmware *
dell poweredge_xe9680_firmware *
dell poweredge_r760xa_firmware *
dell poweredge_r770_firmware *
dell poweredge_mx760c_firmware *
dell poweredge_r650xs_firmware *
dell poweredge_r750_firmware *
dell poweredge_xe2420_firmware *
dell xc_core_xc7625_firmware *
dell poweredge_r6715_firmware *
dell poweredge_xr5610_firmware *
dell poweredge_r6515_firmware *
dell poweredge_t560_firmware *
dell poweredge_r750xa_firmware *
dell poweredge_xe8545_firmware *
dell poweredge_r740_firmware *
dell poweredge_m640_firmware *
dell poweredge_r760xd2_firmware *
dell poweredge_r7615_firmware *
dell emc_xc_core_xc740xd_system_firmware *
dell poweredge_r550_firmware *
dell poweredge_t440_firmware *
dell poweredge_r940_firmware *
dell emc_xc_core_xc940_system_firmware *
dell poweredge_r740xd2_firmware *
dell poweredge_r470_firmware *
dell poweredge_t340_firmware *
dell poweredge_mx740c_firmware *
dell poweredge_hs5610_firmware *
dell poweredge_r6525_firmware *
dell poweredge_xr12_firmware *
dell poweredge_mx840c_firmware *
dell poweredge_c6615_firmware *
dell poweredge_r340_firmware *
dell poweredge_c4140_firmware *
dell poweredge_c6420_firmware *
dell poweredge_xr4510c_firmware *
dell poweredge_xe7440_firmware *
dell poweredge_r760xs_firmware *
dell poweredge_r6615_firmware *
dell emc_xc_core_xc7525_firmware *
dell xc_core_xc760_firmware *
dell poweredge_xe9640_firmware *
dell poweredge_r840_firmware *
dell poweredge_r7715_firmware *
dell poweredge_xr8620t_firmware *
dell poweredge_xe8640_firmware *
dell xc_core_xc760xa_firmware *
dell poweredge_r6415_firmware *
dell poweredge_r660_firmware *
dell emc_nx440_firmware *
dell poweredge_r240_firmware *
dell poweredge_r570_firmware *
dell emc_xc_core_xc640_system_firmware *
dell poweredge_r250_firmware *
dell poweredge_xr4520c_firmware *
dell poweredge_r540_firmware *
dell emc_storage_nx3340_firmware *
dell xc_core_xc660xs_firmware *
dell emc_xc_core_xc750xa_firmware *
dell poweredge_r860_firmware *
dell poweredge_xe9680l_firmware *
dell poweredge_r7415_firmware *
dell poweredge_r450_firmware *
dell emc_xc_core_xc740xd2_firmware *
dell poweredge_r360_firmware *
dell poweredge_r7525_firmware *
dell poweredge_c6525_firmware *
dell emc_xc_core_xc450_firmware *
dell poweredge_r660xs_firmware *
dell poweredge_t350_firmware *
dell poweredge_r760_firmware *
dell emc_xc_core_xcxr2_firmware *
dell xc_core_xc660_firmware *
dell poweredge_xr7620_firmware *
dell poweredge_r7625_firmware *
dell poweredge_xr2_firmware *
dell poweredge_xr11_firmware *
dell poweredge_mx750c_firmware *
dell poweredge_r740xd_firmware *
dell emc_xc_core_6420_system_firmware *
dell poweredge_t550_firmware *
dell emc_xc_core_xc6520_firmware *
dell poweredge_t360_firmware *
dell poweredge_r7725_firmware *
dell idrac9_firmware *
dell poweredge_r650_firmware *
dell poweredge_xe7420_firmware *
dell emc_xc_core_xc750_firmware *
dell dss_8440_firmware *
dell poweredge_r440_firmware *
dell poweredge_r7425_firmware *
dell poweredge_r6725_firmware *
dell poweredge_r750xs_firmware *
dell poweredge_t150_firmware *
dell poweredge_r6625_firmware *
dell poweredge_c6520_firmware *
CVE-2025-26484

Dell CloudLink, versions 8.0 through 8.1.1, contains an Improper Restriction of XML External Entity Reference vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6
security_alert@emc.com 5.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H 1.2 4.2

Products Affected

Vendor Product Version
dell cloudlink *
CVE-2025-27686

Dell Unisphere for PowerMax, version(s) prior to 10.2.0.9 and PowerMax version(s) prior to PowerMax 9.2.4.15, contain an Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 2.7 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L 1.2 1.4
nvd@nist.gov 4.7 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L 1.2 3.4

Products Affected

Vendor Product Version
dell unisphere_for_powermax *
CVE-2025-27688

Dell ThinOS 2408 and prior, contains an improper permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell thinos *
CVE-2025-27689

Dell iDRAC Tools, version(s) prior to 11.3.0.0, contain(s) an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell idrac_tools *
CVE-2025-27690

Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.0, contains a use of default password vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to the takeover of a high privileged user account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2025-27692

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service, Information disclosure, and Remote execution

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
security_alert@emc.com 4.7 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L 1.2 3.4

Products Affected

Vendor Product Version
dell wyse_management_suite *
CVE-2025-27693

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7
security_alert@emc.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

Products Affected

Vendor Product Version
dell wyse_management_suite *
CVE-2025-27694

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insufficient Resource Pool vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
dell wyse_management_suite *
CVE-2025-27695

Dell Wyse Management Suite, versions prior to WMS 5.1 contain an Authentication Bypass by Spoofing vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information Disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

Products Affected

Vendor Product Version
dell wyse_management_suite *
CVE-2025-29981

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Exposure of Sensitive Information Through Data Queries vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
dell wyse_management_suite *
CVE-2025-29982

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insecure Inherited Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.8 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H 1.3 5.5

Products Affected

Vendor Product Version
dell wyse_management_suite *
CVE-2025-29983

Dell Trusted Device, versions prior to 7.0.3.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell trusted_device_agent *
CVE-2025-29984

Dell Trusted Device, versions prior to 7.0.3.0, contain an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

Products Affected

Vendor Product Version
dell trusted_device_agent *
CVE-2025-29985

Dell Common Event Enabler, version(s) CEE 9.0.0.0, contain(s) an Initialization of a Resource with an Insecure Default vulnerability in the Common Anti-Virus Agent (CAVA). An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

Products Affected

Vendor Product Version
dell common_event_enabler 9.0.0.0
CVE-2025-29986

Dell Common Event Enabler, version(s) CEE 9.0.0.0, contain(s) an Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Common Anti-Virus Agent (CAVA). An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L 3.9 3.7

Products Affected

Vendor Product Version
dell common_event_enabler 9.0.0.0
CVE-2025-29987

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could exploit this vulnerability to execute arbitrary commands with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
dell powerprotect_dm5500_firmware *
dell data_domain_operating_system *
dell powerprotect_data_domain *
CVE-2025-29988

Dell Client Platform BIOS contains a Stack-based Buffer Overflow Vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
security_alert@emc.com 6.9 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:H 1.1 5.3

Products Affected

Vendor Product Version
dell 16_plus_2-in-1_db06250_firmware *
dell xps_17_9730_firmware *
dell alienware_x14_r2_firmware *
dell latitude_5550_firmware *
dell pro_laptop_pc16250_firmware *
dell inspiron_3030_firmware *
dell xps_13_9305_firmware *
dell vostro_3710_firmware *
dell inspiron_7710_all-in-one_firmware *
dell precision_7875_tower_firmware *
dell latitude_3410_firmware *
dell vostro_14_5410_firmware *
dell inspiron_15_3530_firmware *
dell precision_3470_firmware *
dell precision_3591_firmware *
dell optiplex_7400_all-in-one_firmware *
dell vostro_15_3520_firmware *
dell xps_13_plus_9320_firmware *
dell optiplex_all-in-one_7410_firmware *
dell latitude_3520_firmware *
dell latitude_7520_firmware *
dell xps_15_9520_firmware *
dell latitude_7440_firmware *
dell vostro_3020_tower_desktop_firmware *
dell optiplex_micro_7020_firmware *
dell xps_15_9530_firmware *
dell latitude_7330_rugged_laptop_firmware *
dell xps_9315_2-in-1_firmware *
dell optiplex_tower_7010_firmware *
dell optiplex_3000_micro_firmware *
dell pro_rugged_13_ra13250_firmware *
dell latitude_7230_rugged_extreme_firmware *
dell optiplex_7490_all-in-one_firmware *
dell vostro_16_5640_firmware *
dell precision_5480_firmware *
dell inspiron_24_5430_all-in-one_firmware *
dell pro_14_premium_pa14250_firmware *
dell precision_tower_7865_firmware *
dell inspiron_5410_all-in-one_firmware *
dell inspiron_15_3520_firmware *
dell tower_plus_ebt2250_firmware *
dell inspiron_16_5640_firmware *
dell latitude_3430_firmware *
dell latitude_7350_detachable_firmware *
dell alienware_x16_r1_firmware *
dell alienware_aurora_act1250_firmware *
dell optiplex_5400_all-in-one_firmware *
dell 14_plus_2-in-1_db04250_firmware *
dell optiplex_7000_micro_firmware *
dell latitude_7455_firmware *
dell inspiron_3030s_firmware *
dell alienware_m16_r1_firmware *
dell alienware_m15_r6_firmware *
dell precision_3571_firmware *
dell optiplex_5090_micro_firmware *
dell precision_5760_firmware *
dell optiplex_3000_small_form_factor_firmware *
dell precision_3480_firmware *
dell pro_16_pc16250_firmware *
dell precision_3570_firmware *
dell vostro_15_3530_firmware *
dell inspiron_16_7620_2-in-1_firmware *
dell inspiron_16_plus_7640_firmware *
dell inspiron_14_7420_2-in-1_firmware *
dell optiplex_5000_micro_firmware *
dell latitude_5520_firmware *
dell precision_3561_firmware *
dell vostro_14_3430_firmware *
dell optiplex_7000_small_form_factor_firmware *
dell latitude_5431_firmware *
dell inspiron_16_7640_2-in-1_firmware *
dell vostro_3400_firmware *
dell inspiron_16_7630_2-in-1_firmware *
dell latitude_5521_firmware *
dell vostro_3500_firmware *
dell precision_5690_firmware *
dell latitude_5420_firmware *
dell latitude_7420_firmware *
dell latitude_9440_2-in-1_firmware *
dell xps_17_9710_firmware *
dell optiplex_3090_ultra_firmware *
dell inspiron_14_5410_firmware *
dell precision_7680_firmware *
dell inspiron_3891_firmware *
dell inspiron_3910_firmware *
dell xps_15_9510_firmware *
dell optiplex_aio_7420_firmware *
dell inspiron_14_5430_firmware *
dell precision_7770_firmware *
dell latitude_5340_firmware *
dell vostro_3890_firmware *
dell xps_15_9500_firmware *
dell precision_7560_firmware *
dell xps_13_9345_firmware *
dell precision_7760_firmware *
dell inspiron_16_7610_firmware *
dell optiplex_5000_tower_firmware *
dell precision_3650_tower_firmware *
dell latitude_5540_firmware *
dell vostro_13_5310_firmware *
dell latitude_9520_firmware *
dell vostro_15_7510_firmware *
dell vostro_3910_firmware *
dell precision_3581_firmware *
dell latitude_3320_firmware *
dell alienware_m18_r1_firmware *
dell precision_3580_firmware *
dell inspiron_14_7441_firmware *
dell inspiron_16_5630_firmware *
dell inspiron_24_5420_all-in-one_firmware *
dell optiplex_micro_7010_firmware *
dell precision_5860_tower_firmware *
dell latitude_3420_firmware *
dell latitude_5320_firmware *
dell xps_13_9340_firmware *
dell pro_13_premium_pa13250_firmware *
dell precision_5550_firmware *
dell inspiron_14_plus_7440_firmware *
dell precision_3560_firmware *
dell precision_7960_tower_firmware *
dell latitude_7320_detachable_firmware *
dell latitude_3510_firmware *
dell g15_5511_firmware *
dell optiplex_tower_7020_firmware *
dell xps_13_9315_firmware *
dell alienware_m15_r7_firmware *
dell inspiron_13_5320_firmware *
dell inspiron_3020_desktop_firmware *
dell latitude_5455_firmware *
dell optiplex_5090_tower_firmware *
dell optiplex_xe4_sff_firmware *
dell inspiron_14_5410_2-in-1_firmware *
dell latitude_9450_firmware *
dell inspiron_14_5418_firmware *
dell vostro_3690_firmware *
dell chengming_3900_firmware *
dell xps_17_9720_firmware *
dell inspiron_27_7730_all-in-one_firmware *
dell latitude_3140_firmware *
dell vostro_16_5630_firmware *
dell inspiron_13_5310_firmware *
dell latitude_9420_firmware *
dell precision_3450_firmware *
dell latitude_5430_firmware *
dell pro_13_plus_pb13250_firmware *
dell precision_7670_firmware *
dell latitude_3450_firmware *
dell optiplex_small_form_factor_plus_7010_firmware *
dell latitude_7640_firmware *
dell optiplex_3000_thin_client_firmware *
dell pro_14_plus_pb14250_firmware *
dell inspiron_14_5440_firmware *
dell optiplex_micro_plus_7010_firmware *
dell inspiron_15_7510_firmware *
dell latitude_7450_firmware *
dell precision_3260_compact_firmware *
dell latitude_7320_firmware *
dell inspiron_14_7430_2-in-1_firmware *
dell 14_plus_db14250_firmware *
dell chengming_3910_firmware *
dell latitude_5440_firmware *
dell precision_5560_firmware *
dell alienware_m18_r2_firmware *
dell inspiron_16_plus_7620_firmware *
dell xps_13_9310_2-in-1_firmware *
dell xps_14_9440_firmware *
dell precision_5770_firmware *
dell optiplex_7000_tower_firmware *
dell pro_16_plus_pb16250_firmware *
dell latitude_3340_firmware *
dell g16_7630_firmware *
dell alienware_area-51_aat2250_firmware *
dell precision_5570_firmware *
dell optiplex_sff_7020_firmware *
dell latitude_5530_firmware *
dell latitude_7530_firmware *
dell inspiron_16_plus_7630_firmware *
dell 27_all-in-one_ec27250_firmware *
dell xps_16_9640_firmware *
dell latitude_5421_firmware *
dell vostro_5890_firmware *
dell latitude_7650_firmware *
dell precision_3680_tower_firmware *
dell latitude_3550_firmware *
dell xps_13_9310_firmware *
dell optiplex_7000_xe_micro_firmware *
dell optiplex_5490_all-in-one_firmware *
dell vostro_3020_small_desktop_firmware *
dell g15_5530_firmware *
dell optiplex_7090_tower_firmware *
dell inspiron_14_5441_firmware *
dell chengming_3911_firmware *
dell pro_laptop_pc14250_firmware *
dell latitude_9430_firmware *
dell vostro_14_3420_firmware *
dell precision_5490_firmware *
dell precision_3460_small_form_factor_firmware *
dell precision_5750_firmware *
dell vostro_5320_firmware *
dell latitude_5350_firmware *
dell vostro_7620_firmware *
dell optiplex_3000_tower_firmware *
dell pro_rugged_14_rb14250_firmware *
dell inspiron_15_3511_firmware *
dell precision_7780_firmware *
dell alienware_m16_r2_firmware *
dell latitude_9330_firmware *
dell inspiron_14_5420_firmware *
dell latitude_7430_firmware *
dell latitude_3540_firmware *
dell g16_7620_firmware *
dell precision_3460_xe_small_form_factor_firmware *
dell precision_3260_xe_compact_firmware *
dell vostro_3030s_firmware *
dell latitude_5531_firmware *
dell vostro_15_5510_firmware *
dell vostro_5620_firmware *
dell alienware_x16_r2_firmware *
dell latitude_7340_firmware *
dell latitude_3330_firmware *
dell latitude_5330_firmware *
dell latitude_7030_rugged_extreme_firmware *
dell inspiron_3501_firmware *
dell g15_5510_firmware *
dell latitude_7350_firmware *
dell latitude_3140_2in1_firmware *
dell latitude_3440_firmware *
dell xps_9320_firmware *
dell inspiron_14_plus_7430_firmware *
dell 16_plus_db16250_firmware *
dell precision_3280_cff_firmware *
dell precision_3660_firmware *
dell vostro_15_3510_firmware *
dell vostro_3030_firmware *
dell optiplex_xe4_tower_firmware *
dell inspiron_15_5510_firmware *
dell optiplex_7090_ultra_firmware *
dell inspiron_14_plus_7420_firmware *
dell optiplex_tower_plus_7010_firmware *
dell latitude_5450_firmware *
dell precision_5680_firmware *
dell precision_5470_firmware *
dell inspiron_27_7720_all-in-one_firmware *
dell latitude_3530_firmware *
dell optiplex_small_form_factor_7010_firmware *
dell latitude_7330_firmware *
dell g15_5520_firmware *
dell 24_all-in-one_ec24250_firmware *
dell inspiron_13_5330_firmware *
dell inspiron_14_7440_2-in-1_firmware *
dell vostro_14_3440_firmware *
dell precision_3490_firmware *
dell inspiron_15_5518_firmware *
dell optiplex_5000_small_form_factor_firmware *
dell inspiron_3020_small_desktop_firmware *
dell precision_3590_firmware *
dell optiplex_5090_small_form_factor_firmware *
dell xps_13_9350_firmware *
dell inspiron_16_5620_firmware *
dell latitude_5430_rugged_laptop_firmware *
dell pro_14_pc14250_firmware *
CVE-2025-29989

Dell Client Platform BIOS contains a Security Version Number Mutable to Older Versions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to BIOS upgrade denial.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.8 3.6
security_alert@emc.com 3.1 LOW CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L 0.6 2.5

Products Affected

Vendor Product Version
dell precision_7865_tower_firmware *
dell precision_7920_tower_firmware *
dell precision_7820_tower_firmware *
dell precision_5820_tower_firmware *
CVE-2025-30096

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell data_domain_operating_system *
CVE-2025-30097

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell data_domain_operating_system *
CVE-2025-30098

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell data_domain_operating_system *
CVE-2025-30099

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell data_domain_operating_system *
CVE-2025-30100

Dell Alienware Command Center 6.x, versions prior to 6.7.37.0 contain an Improper Access Control Vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell alienware_command_center *
CVE-2025-30101

Dell PowerScale OneFS, versions 9.8.0.0 through 9.10.1.0, contain a time-of-check time-of-use (TOCTOU) race condition vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to denial of service and information tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.3 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H 1.0 5.2
security_alert@emc.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L 1.8 2.5

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2025-30102

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.1.0, contains an out-of-bounds write vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
security_alert@emc.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2025-30103

Dell SmartFabric OS10 Software, versions prior to 10.6.0.5 contains a Files or Directories Accessible to External Parties vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
dell smartfabric_os10 *
CVE-2025-30105

Dell XtremIO, version(s) 6.4.0-22, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0

Products Affected

Vendor Product Version
dell xtremio_management_server *
dell techadvisor *
CVE-2025-30475

Dell PowerScale InsightIQ, versions 5.0 through 5.2, contains an improper privilege management vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to elevation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
dell insightiq *
CVE-2025-30476

Dell PowerScale InsightIQ, version 5.2, contains an uncontrolled resource consumption vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
dell insightiq 5.2.0
CVE-2025-30477

Dell PowerScale OneFS, versions prior to 9.11.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.4 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N 0.7 3.6
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2025-30479

Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known password can run command injection to gain control of system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0

Products Affected

Vendor Product Version
dell cloudlink *
CVE-2025-30480

Dell PowerProtect Data Manager, versions prior to 19.19, contain(s) an Improper Input Validation vulnerability in PowerProtect Data Manager. A low privileged attacker with remote access could potentially exploit this vulnerability to read arbitrary files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
dell powerprotect_data_manager *
CVE-2025-30483

Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0 contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
dell objectscale *
dell elastic_cloud_storage *
CVE-2025-32744

Dell AppSync, version(s) 4.6.0.0, contains an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.6 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L 2.3 3.7

Products Affected

Vendor Product Version
dell appsync *
CVE-2025-32752

Dell ThinOS 2502 and prior contain a Cleartext Storage of Sensitive Information vulnerability. A high privileged attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.6 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 0.9 3.6
security_alert@emc.com 5.7 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L 0.9 4.7

Products Affected

Vendor Product Version
dell thinos *
CVE-2025-32753

Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1, contains an improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service, information disclosure, and information tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 5.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 1.8 3.4

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2025-36564

Dell Encryption Admin Utilities versions prior to 11.10.2 contain an Improper Link Resolution vulnerability. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell encryption *
CVE-2025-36565

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution. Exploitation may allow privilege escalation to root.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell data_domain_operating_system *
CVE-2025-36566

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution. Exploitation may allow privilege escalation to root.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell data_domain_operating_system *
CVE-2025-36567

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution. Exploitation may allow privilege escalation to root.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell data_domain_operating_system *
CVE-2025-36569

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell data_domain_operating_system *
CVE-2025-36572

Dell PowerStore, version(s) 4.0.0.0, contain(s) an Use of Hard-coded Credentials vulnerability in the PowerStore image file. A low privileged attacker with remote access, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to gain unauthorized access based on the hardcoded account's privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
dell powerstoreos *
CVE-2025-36573

Dell Smart Dock Firmware, versions prior to 01.00.08.01, contain an Insertion of Sensitive Information into Log File vulnerability. A user with local access could potentially exploit this vulnerability, leading to Information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N 2.5 4.0

Products Affected

Vendor Product Version
dell pro_smart_dock_sd25_firmware *
dell pro_thunderbolt_4_smart_dock_sd25tb4_firmware *
CVE-2025-36574

Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Absolute Path Traversal vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure and Unauthorized access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N 3.9 4.2

Products Affected

Vendor Product Version
dell wyse_management_suite *
CVE-2025-36575

Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Exposure of Sensitive Information Through Data Queries vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
dell wyse_management_suite *
CVE-2025-36576

Dell Wyse Management Suite, versions prior to WMS 5.2, contain a Cross-Site Request Forgery (CSRF) vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 2.7 LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L 1.2 1.4

Products Affected

Vendor Product Version
dell wyse_management_suite *
CVE-2025-36577

Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N 0.9 5.2

Products Affected

Vendor Product Version
dell wyse_management_suite *
CVE-2025-36578

Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Incorrect Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N 1.6 5.2

Products Affected

Vendor Product Version
dell wyse_management_suite *
CVE-2025-36580

Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7
security_alert@emc.com 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N 0.9 5.2

Products Affected

Vendor Product Version
dell wyse_management_suite *
CVE-2025-36581

Dell PowerEdge Platform version(s) 14G AMD BIOS v1.25.0 and prior, contain(s) an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 3.8 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N 2.0 1.4

Products Affected

Vendor Product Version
dell poweredge_r6415_firmware *
dell poweredge_r7425_firmware *
dell poweredge_r7415_firmware *
CVE-2025-36582

Dell NetWorker, versions 19.12.0.1 and prior, contains a Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N 2.2 2.5

Products Affected

Vendor Product Version
dell networker *
CVE-2025-36589

Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to data and resources outside of the intended sphere of control.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.6 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L 2.8 4.7

Products Affected

Vendor Product Version
dell unisphere_for_powermax_virtual_appliance *
dell unisphere_for_powermax 9.2.4.18
CVE-2025-36592

Dell Secure Connect Gateway (SCG) Policy Manager, version(s) 5.20. 5.22, 5.24, 5.26, 5.28, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Script injection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N 2.8 2.5

Products Affected

Vendor Product Version
dell policy_manager_for_secure_connect_gateway *
CVE-2025-36593

Dell OpenManage Network Integration, versions prior to 3.8, contains an Authentication Bypass by Capture-replay vulnerability in the RADIUS protocol. An attacker with local network access could potentially exploit this vulnerability to forge a valid protocol accept message in response to a failed authentication request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
dell openmanage_network_integration *
CVE-2025-36594

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Authentication Bypass by Spoofing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. Remote unauthenticated user can create account that potentially expose customer info, affect system integrity and availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
dell data_domain_operating_system *
CVE-2025-36595

Dell Unisphere for PowerMax vApp, version(s) 9.2.4.x, contain(s) an Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
dell solutions_enabler_virtual_appliance *
dell unisphere_for_powermax_virtual_appliance *
CVE-2025-36599

Dell PowerFlex Manager VM, versions prior to 4.6.2.1, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the system with privileges of the compromised account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
dell powerflex_manager *
CVE-2025-36600

Dell Client Platform BIOS contains an Improper Access Control Applied to Mirrored or Aliased Memory Regions vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0

Products Affected

Vendor Product Version
dell latitude_12_rugged_extreme_7214_firmware *
CVE-2025-36601

Dell PowerScale OneFS, versions 9.5.0.0 through 9.11.0.0, contains an exposure of sensitive information to an unauthorized actor vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to Information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.0 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N 2.2 1.4

Products Affected

Vendor Product Version
dell powerscale_onefs 9.11.0.0
dell powerscale_onefs *
CVE-2025-36603

Dell AppSync, version(s) 4.6.0.0, contains an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure and Information tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.2 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L 0.8 3.4
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L 1.3 3.4

Products Affected

Vendor Product Version
dell appsync *
CVE-2025-36604

Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security_alert@emc.com 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4

Products Affected

Vendor Product Version
dell unity_operating_environment *
CVE-2025-36605

Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
dell unity_operating_environment *
CVE-2025-36606

Dell Unity, version(s) 5.5 and prior, contain(s) an OS Command Injection Vulnerability in its svc_nfssupport utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell unity_operating_environment *
CVE-2025-36607

Dell Unity, version(s) 5.5 and prior, contain(s) an OS Command Injection Vulnerability in its svc_nas utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell unity_operating_environment *
CVE-2025-36608

Dell SmartFabric OS10 Software, versions prior to 10.6.0.5, contains an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
dell smartfabric_os10 *
CVE-2025-36609

Dell SmartFabric OS10 Software, versions prior to 10.6.0.5, contains a Use of Hard-coded Password vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 2.5 LOW CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N 1.0 1.4
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell smartfabric_os10 *
CVE-2025-36611

Dell Encryption and Dell Security Management Server, versions prior to 11.11.0, contain an Improper Link Resolution Before File Access ('Link Following') Vulnerability. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

Products Affected

Vendor Product Version
dell security_management_server *
dell encryption *
CVE-2025-36612

SupportAssist for Business PCs, version(s) 4.5.3 and prior, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell supportassist_for_business_pcs *
CVE-2025-36613

SupportAssist for Home PCs versions 4.6.3 and prior and SupportAssist for Business PCs versions 4.5.3 and prior, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 2.8 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N 1.3 1.4
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell supportassist_for_home_pcs *
dell supportassist_for_business_pcs *
CVE-2025-38738

SupportAssist for Home PCs Installer exe version(s) 4.8.2.29006 and prior, contain(s) an Incorrect Privilege Assignment vulnerability in the Installer. A low privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell supportassist_for_home_pcs *
CVE-2025-38739

Dell Digital Delivery, versions prior to 5.6.1.0, contains an Insufficiently Protected Credentials vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to Information Disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
security_alert@emc.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L 3.9 2.7

Products Affected

Vendor Product Version
dell digital_delivery *
CVE-2025-38741

Dell Enterprise SONiC OS, version 4.5.0, contains a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
dell enterprise_sonic_os 4.5.0
CVE-2025-38742

Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 1.8 3.4

Products Affected

Vendor Product Version
dell emc_idrac_service_module *
CVE-2025-38743

Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains a Buffer Access with Incorrect Length Value vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell emc_idrac_service_module *
CVE-2025-38745

Dell OpenManage Enterprise, versions 3.10, 4.0, 4.1, and 4.2, contains an Insertion of Sensitive Information into Log File vulnerability in the Backup and Restore. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N 1.2 3.6
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
dell openmanage_enterprise 4.1.0
dell openmanage_enterprise 4.0
dell openmanage_enterprise 4.2.0
dell openmanage_enterprise 3.10
CVE-2025-38746

Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contains an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 2.4 LOW CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 0.9 1.4
security_alert@emc.com 3.5 LOW CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 0.9 2.5

Products Affected

Vendor Product Version
dell supportassist_os_recovery *
CVE-2025-38747

Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contain a Creation of Temporary File With Insecure Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading to Elevation of Privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell supportassist_os_recovery *
CVE-2025-43722

Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper privilege management vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2025-43723

Dell PowerScale OneFS, versions prior to 9.10.1.3 and versions 9.11.0.0 through 9.12.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2025-43724

Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an authorization bypass through user-controlled key vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to gain unauthorized access to NFSv4 or SMB shares.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.8 3.6

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2025-43725

Dell PowerProtect Data Manager, Generic Application Agent, version(s) 19.19 and 19.20, contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell powerprotect_data_manager *
CVE-2025-43726

Dell Alienware Command Center 5.x (AWCC), versions prior to 5.10.2.0, contains an Improper Link Resolution Before File Access ('Link Following')" vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell alienware_command_center *
CVE-2025-43727

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an incorrect Implementation of Authentication Algorithm vulnerability in the RestAPI. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
dell data_domain_operating_system *
CVE-2025-43728

Dell ThinOS 10, versions prior to 2508_10.0127, contain a Protection Mechanism Failure vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 9.6 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 2.8 6.0

Products Affected

Vendor Product Version
dell thinos *
CVE-2025-43729

Dell ThinOS 10, versions prior to 2508_10.0127, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A local low-privileged attacker could potentially exploit this vulnerability leading to Elevation of Privileges and Unauthorized Access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell thinos *
CVE-2025-43730

Dell ThinOS 10, versions prior to 2508_10.0127, contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A local unauthenticated user could potentially exploit this vulnerability leading to Elevation of Privileges and Information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.5 5.9

Products Affected

Vendor Product Version
dell thinos *
CVE-2025-43882

Dell ThinOS 10, versions prior to 2508_10.0127, contains an Unverified Ownership vulnerability. A local low-privileged attacker could potentially exploit this vulnerability leading to Unauthorized Access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell thinos *
CVE-2025-43884

Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
security_alert@emc.com 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0

Products Affected

Vendor Product Version
dell powerprotect_data_manager *
CVE-2025-43885

Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell powerprotect_data_manager *
CVE-2025-43886

Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Path Traversal: '.../...//' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.8 3.6
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6

Products Affected

Vendor Product Version
dell powerprotect_data_manager *
CVE-2025-43887

Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

Products Affected

Vendor Product Version
dell powerprotect_data_manager *
CVE-2025-43888

Dell PowerProtect Data Manager, Hyper-V, version(s) 19.19 and 19.20, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell powerprotect_data_manager *
CVE-2025-43889

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4, LTS2024 release Versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UI. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
dell data_domain_operating_system *
CVE-2025-43890

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution. Exploitation may allow privilege escalation to root.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell data_domain_operating_system *
CVE-2025-43891

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an use of a Broken or Risky Cryptographic Algorithm vulnerability in the Authentication. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
security_alert@emc.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
dell data_domain_operating_system *
CVE-2025-43905

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
security_alert@emc.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 2.8 1.4

Products Affected

Vendor Product Version
dell data_domain_operating_system *
CVE-2025-43906

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution. Exploitation may allow privilege escalation to root.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell data_domain_operating_system *
CVE-2025-43907

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain a Path Traversal: '.../...//' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
dell data_domain_operating_system *
CVE-2025-43908

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell data_domain_operating_system *
CVE-2025-43909

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Use of a Broken or Risky Cryptographic Algorithm vulnerability in the DD boost. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
security_alert@emc.com 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 2.2 1.4

Products Affected

Vendor Product Version
dell data_domain_operating_system *
CVE-2025-43910

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain a Stack-based Buffer Overflow vulnerability in the DDSH CLI. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 2.3 LOW CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L 0.8 1.4
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.8 3.6

Products Affected

Vendor Product Version
dell data_domain_operating_system *
CVE-2025-43911

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution. Exploitation may allow privilege escalation to root.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell data_domain_operating_system *
CVE-2025-43912

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain a Heap-based Buffer Overflow vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
dell data_domain_operating_system *
CVE-2025-43913

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Use of a Broken or Risky Cryptographic Algorithm vulnerability in the DDOS. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to information disclosure. The vulnerability could be leveraged by attackers to conduct phishing attacks that cause users to divulge sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N 1.6 3.6
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
dell data_domain_operating_system *
CVE-2025-43914

Dell PowerProtect Data Domain BoostFS for Linux Ubuntu systems of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H 0.8 6.0

Products Affected

Vendor Product Version
dell data_domain_operating_system *
CVE-2025-43934

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service and Unauthorized access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H 0.8 5.2

Products Affected

Vendor Product Version
dell data_domain_operating_system *
CVE-2025-43938

Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to gain unauthorized access with privileges of the compromised account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6
security_alert@emc.com 5.0 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N 0.6 4.0

Products Affected

Vendor Product Version
dell powerprotect_data_manager *
CVE-2025-43939

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell unity_operating_environment *
CVE-2025-43940

Dell Unity, version(s) 5.5 and Prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell unity_operating_environment *
CVE-2025-43941

Dell Unity, version(s) 5.5 and Prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary command with root privileges. This vulnerability only affects systems without a valid license install.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
dell unity_operating_environment *
CVE-2025-43942

Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell unity_operating_environment *
CVE-2025-43943

Dell Cloud Disaster Recovery, version(s) prior to 19.20, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell cloud_disaster_recovery *
CVE-2025-43990

Dell Command Monitor (DCM), versions prior to 10.12.3.28, contains an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

Products Affected

Vendor Product Version
dell command_monitor *
CVE-2025-43991

SupportAssist for Home PCs versions 4.8.2 and prior and SupportAssist for Business PCs versions 4.5.3 and prior, contain an UNIX Symbolic Link (Symlink) following vulnerability. A low privileged attacker with local access to the system could potentially exploit this vulnerability to delete arbitrary files only in that affected system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.3 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H 1.0 5.2

Products Affected

Vendor Product Version
dell supportassist_for_home_pcs *
dell supportassist_for_business_pcs *
CVE-2025-43993

Dell Wireless 5932e and Qualcomm Snapdragon X62 Firmware and GNSS/GPS Driver, versions prior to 3.2.0.22 contain an Unquoted Search Path or Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code Execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell latitutde_5450_firmware *
dell latitude_7350_firmware *
dell latitude_5550_firmware *
dell latitude_9450_2-in-1_firmware *
dell mobile_precision_3591_firmware *
dell latitude_7350_detachable_firmware *
dell latitude_7650_firmware *
dell precision_3490_firmware *
dell latitude_7450_firmware *
dell pro_rugged_13_ra13250_firmware *
dell latitude_5350_firmware *
dell precision_3590_firmware *
dell latitude_7030_rugged_extreme_tablet_firmware *
dell pro_rugged_14_rb14250_firmware *
CVE-2025-43994

Dell Storage Center - Dell Storage Manager, version(s) DSM 20.1.21, contain(s) a Missing Authentication for Critical Function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 3.9 4.7

Products Affected

Vendor Product Version
dell storage_manager 2020
dell storage_manager *
CVE-2025-43995

Dell Storage Center - Dell Storage Manager, version(s) 20.1.21, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. Authentication Bypass in DSM Data Collector. An unauthenticated remote attacker can access APIs exposed by ApiProxy.war in DataCollectorEar.ear by using a special SessionKey and UserId. These userid are special users created in compellentservicesapi for special purposes.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
dell storage_manager 2020
dell storage_manager *
CVE-2025-45375

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain a Stack-based Buffer Overflow vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.8 3.6

Products Affected

Vendor Product Version
dell data_domain_operating_system *
CVE-2025-45376

Dell Repository Manager (DRM), versions 3.4.7 and 3.4.8, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H 0.8 6.0

Products Affected

Vendor Product Version
dell repository_manager *
CVE-2025-45378

Dell CloudLink, versions 8.0 through 8.1.2, contain vulnerability on restricted shell. A Privileged user with known password can break into command shell of CloudLink server and gain access of shell and escalate privilege, gain unauthorized access of system. If ssh is enabled with web credentials of server, attack is possible through network with known privileged user/password.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

Products Affected

Vendor Product Version
dell cloudlink *
CVE-2025-45379

Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known password can run command injection from console to gain shell access of system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.4 HIGH CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.7 6.0

Products Affected

Vendor Product Version
dell cloudlink *
CVE-2025-46362

Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information Tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L 1.8 4.7

Products Affected

Vendor Product Version
dell alienware_command_center *
CVE-2025-46363

Dell Secure Connect Gateway (SCG) 5.0 Application and Appliance version(s) 5.26.00.00 - 5.30.00.00, contain a Relative Path Traversal vulnerability in the SCG exposed for an internal collection download REST API (if this REST API is enabled by Admin user from UI). A low privileged attacker with remote access could potentially exploit this vulnerability, leading to allowing relative path traversal to restricted resources.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
dell secure_connect_gateway *
CVE-2025-46364

Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user with known password can run CLI Escape Vulnerability to gain control of system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

Products Affected

Vendor Product Version
dell cloudlink *
CVE-2025-46365

Dell CloudLink, versions prior 8.1.1, contain a Command Injection vulnerability which can be exploited by an Authenticated attacker to cause Command Injection on an affected Dell CloudLink.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.3 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N 0.8 4.0

Products Affected

Vendor Product Version
dell cloudlink *
CVE-2025-46366

Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user may exploit and gain parallel privilege escalation or access to the database to obtain confidential information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell cloudlink *
CVE-2025-46367

Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contain a Detection of Error Condition Without Action vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary Code Execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell alienware_command_center *
CVE-2025-46368

Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contains an Insecure Temporary File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L 1.8 4.7

Products Affected

Vendor Product Version
dell alienware_command_center *
CVE-2025-46369

Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contains an Insecure Temporary File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Privilege Escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell alienware_command_center *
CVE-2025-46370

Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contain a Process Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information Disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 3.3 LOW CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N 0.8 2.5

Products Affected

Vendor Product Version
dell alienware_command_center *
CVE-2025-46422

Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell unity_operating_environment *
CVE-2025-46423

Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell unity_operating_environment *
CVE-2025-46424

Dell CloudLink, versions prior to 8.2, contain use of a Cryptographic Primitive with a Risky Implementation vulnerability. A high privileged attacker could potentially exploit this vulnerability leading to Denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell cloudlink *
CVE-2025-46425

Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
dell storage_manager 2020
dell storage_manager *
CVE-2025-46427

Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
dell smartfabric_os10 *
CVE-2025-46428

Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
dell smartfabric_os10 *
CVE-2025-46430

Dell Display and Peripheral Manager, versions prior to 2.1.2.12, contains an Execution with Unnecessary Privileges vulnerability in the Installer. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

Products Affected

Vendor Product Version
dell display_and_peripheral_manager *
CVE-2025-46602

Dell SupportAssist OS Recovery, versions prior to 5.5.15.0, contain an Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N 0.8 3.6

Products Affected

Vendor Product Version
dell supportassist_os_recovery *
CVE-2025-46603

Dell CloudBoost Virtual Appliance, versions 19.13.0.0 and prior, contains an Improper Restriction of Excessive Authentication Attempts vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.0 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H 2.2 4.7

Products Affected

Vendor Product Version
dell cloudboost_virtual_appliance *
CVE-2025-46608

Dell Data Lakehouse, versions prior to 1.6.0.0, contain(s) an Improper Access Control vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges. This vulnerability is considered Critical, as it may result in unauthorized access with elevated privileges, compromising system integrity and customer data. Dell recommends customers upgrade to the latest version at the earliest opportunity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

Products Affected

Vendor Product Version
dell data_lakehouse *
CVE-2025-46636

Dell Encryption, versions prior to 11.12.1, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H 1.3 5.2

Products Affected

Vendor Product Version
dell encryption *
CVE-2025-46637

Dell Encryption, versions prior to 11.12.1, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A local malicious user could potentially exploit this vulnerability, leading to Elevation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

Products Affected

Vendor Product Version
dell encryption *
CVE-2025-46684

Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information Tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H 1.3 5.2

Products Affected

Vendor Product Version
dell supportassist_os_recovery *
CVE-2025-46685

Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.5 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H 0.8 6.0

Products Affected

Vendor Product Version
dell supportassist_os_recovery *
CVE-2025-46696

Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application, version(s) versions 5.26 to 5.30, contain(s) an Execution with Unnecessary Privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9

Products Affected

Vendor Product Version
dell secure_connect_gateway *
CVE-2025-46699

Dell Data Protection Advisor, versions prior to 19.12, contains an Improper Neutralization of Special Elements Used in a Template Engine vulnerability in the Server. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
dell data_protection_advisor *
CVE-2026-21417

Dell CloudBoost Virtual Appliance, versions prior to 19.14.0.0, contains a Plaintext Storage of Password vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.0 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H 2.2 4.7

Products Affected

Vendor Product Version
dell cloudboost_virtual_appliance *
CVE-2026-21418

Dell Unity, version(s) 5.5.2 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell unity_operating_environment *
CVE-2026-21420

Dell Repository Manager (DRM), versions prior to 3.4.8, contains an Uncontrolled Search Path Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution and escalation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

Products Affected

Vendor Product Version
dell repository_manager *
CVE-2026-21421

Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2026-21422

Dell PowerScale OneFS, versions 9.10.0.0 through 9.13.1.0, contains an external control of system or configuration setting vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to protection mechanism bypass.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
security_alert@emc.com 3.4 LOW CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L 0.8 2.5

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2026-21423

Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an incorrect default permissions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to code execution, denial of service, elevation of privileges, and information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2026-21424

Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2026-21425

Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an incorrect privilege assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2026-21426

Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service, elevation of privileges, and information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2026-22266

Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Improper Verification of Source of a Communication Channel vulnerability in the REST API. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to protection mechanism bypass.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.7 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L 1.2 3.4

Products Affected

Vendor Product Version
dell powerprotect_data_manager *
CVE-2026-22267

Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 2.8 5.2

Products Affected

Vendor Product Version
dell powerprotect_data_manager *
CVE-2026-22268

Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to denial of service of a Dell Enterprise Support connection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H 2.1 4.2

Products Affected

Vendor Product Version
dell powerprotect_data_manager *
CVE-2026-22269

Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Improper Verification of Source of a Communication Channel vulnerability in the REST API. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to protection mechanism bypass.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.7 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L 1.2 3.4

Products Affected

Vendor Product Version
dell powerprotect_data_manager *
CVE-2026-22270

Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an uncontrolled search path element vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service, elevation of privileges, and information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2026-22277

Dell UnityVSA, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
dell unity_operating_environment *
CVE-2026-22278

Dell PowerScale OneFS versions prior to 9.13.0.0 contains an improper restriction of excessive authentication attempts vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2026-22279

Dell PowerScale OneFS, versions prior 9.13.0.0, contains an insufficient logging vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to information tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 2.8 1.4

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2026-22280

Dell PowerScale OneFS, versions 9.5.0.0 through 9.5.1.5, versions 9.6.0.0 through 9.7.1.10, versions 9.8.0.0 through 9.10.1.3, versions starting from 9.11.0.0 and prior to 9.13.0.0, contains an incorrect permission assignment for critical resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H 1.3 3.6

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2026-22281

Dell PowerScale OneFS, versions 9.5.0.0 through 9.5.1.5, versions 9.6.0.0 through 9.7.1.10, versions 9.8.0.0 through 9.10.1.3, versions starting from 9.11.0.0 and prior to 9.13.0.0, contains a Time-of-check Time-of-use (TOCTOU) race condition vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 3.5 LOW CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 2.1 1.4

Products Affected

Vendor Product Version
dell powerscale_onefs *
CVE-2026-22284

Dell SmartFabric OS10 Software, versions prior to 10.5.6.12, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.6 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.7 5.9

Products Affected

Vendor Product Version
dell smartfabric_os10 *
CVE-2026-22285

Dell Device Management Agent (DDMA), versions prior to 26.02, contain a Plaintext Storage of Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized Access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6

Products Affected

Vendor Product Version
dell device_management_agent *
CVE-2026-22760

Dell Device Management Agent (DDMA), versions prior to 26.02, contain an Improper Check for Unusual or Exceptional Conditions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of Service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
dell device_management_agent *
CVE-2026-22764

Dell OpenManage Network Integration, versions prior to 3.9, contains an Improper Authentication vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
dell openmanage_network_integration *
CVE-2026-22767

Dell AppSync, version(s) 4.6.0, contain(s) an UNIX Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H 1.8 5.5

Products Affected

Vendor Product Version
dell appsync *
CVE-2026-22768

Dell AppSync, version(s) 4.6.0, contain(s) an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

Products Affected

Vendor Product Version
dell appsync *
CVE-2026-22769

Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit this vulnerability leading to unauthorized access to the underlying operating system and root-level persistence. Dell recommends that customers upgrade or apply one of the remediations as soon as possible.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0

Products Affected

Vendor Product Version
dell recoverpoint_for_virtual_machines 6.0
dell recoverpoint_for_virtual_machines *
CVE-2026-23857

Dell Update Package (DUP) Framework, versions 23.12.00 through 24.12.00, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H 1.5 6.0

Products Affected

Vendor Product Version
dell update_package_framework *
CVE-2026-24502

Dell Command | Intel vPro Out of Band, versions prior to 4.7.0, contain an Uncontrolled Search Path Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0

Products Affected

Vendor Product Version
dell command_|_intel_vpro_out_of_band *
CVE-2026-24508

Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 2.5 LOW CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N 1.0 1.4

Products Affected

Vendor Product Version
dell alienware_command_center *
CVE-2026-24509

Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 3.6 LOW CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L 1.0 2.5

Products Affected

Vendor Product Version
dell alienware_command_center *
CVE-2026-24510

Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
dell alienware_command_center *
CVE-2026-25906

Dell Optimizer, versions prior to 6.3.1, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

Products Affected

Vendor Product Version
dell optimizer *
CVE-2026-25907

Dell PowerScale OneFS, version 9.13.0.0, contains an overly restrictive account lockout mechanism vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
security_alert@emc.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
dell powerscale_onefs 9.13.0.0
CVE-2026-26033

UPS Multi-UPS Management Console (MUMC) version 01.06.0001 (A03) contains an Unquoted Search Path or Element (CWE-428) vulnerability, which allows a user with write access to a directory on the system drive to execute arbitrary code with SYSTEM privileges.

Products Affected

Vendor Product Version
dell ups_multi-ups_management_console 01.06.0001_(a03)
CVE-2026-26034

UPS Multi-UPS Management Console (MUMC) version 01.06.0001 (A03) contains an Incorrect Default Permissions (CWE-276) vulnerability that allows an attacker to execute arbitrary code with SYSTEM privileges by causing the application to load a specially crafted DLL.

Products Affected

Vendor Product Version
dell ups_multi-ups_management_console 01.06.0001_(a03)
CVE-2026-26354

Dell PowerProtect Data Domain with Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.60, contain a stack-based Buffer Overflow vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security_alert@emc.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
dell powerprotect_dp_series_appliance *
dell data_domain_operating_system *
CVE-2026-26358

Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
dell unisphere_for_powermax *
CVE-2026-26359

Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the ability to overwrite arbitrary files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
dell unisphere_for_powermax *
CVE-2026-26360

Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to delete arbitrary files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 2.8 5.2

Products Affected

Vendor Product Version
dell unisphere_for_powermax *
CVE-2026-26361

Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
dell unisphere_for_powermax *
CVE-2026-26362

Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Relative Path Traversal vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized modification of critical system files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 2.8 5.2

Products Affected

Vendor Product Version
dell unisphere_for_powermax *
CVE-2026-26949

Dell Device Management Agent (DDMA), versions prior to 26.02, contain an Incorrect Authorization vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
dell device_management_agent *
CVE-2026-27101

Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application version(s) 5.28.00.xx to 5.32.00.xx, contain(s) an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker within the management network could potentially exploit this vulnerability, leading to remote execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.7 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L 1.2 3.4

Products Affected

Vendor Product Version
dell secure_connect_gateway *
CVE-2026-28265

PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security_alert@emc.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L 1.8 2.5

Products Affected

Vendor Product Version
dell powerstoreos *