CVE-2022-31221 : Dell BIOS versions contain an Information Exposure vulnerability. A local authen

Dell BIOS versions contain an Information Exposure vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order access sensitive state information on the system.

Published 2022-09-12 19:15:09

Updated 2022-09-15 19:46:18

Source Dell

View at NVD, CVE.org

Vulnerability category: Information leak

Products affected by CVE-2022-31221

Dell » Inspiron 3910 Firmware
Versions before (<) 1.1.66
cpe:2.3:o:dell:inspiron_3910_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Inspiron 3910 » Version: N/A
Dell » Vostro 3710 Firmware
Versions before (<) 1.1.66
cpe:2.3:o:dell:vostro_3710_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vostro 3710 » Version: N/A
Dell » Vostro 3910 Firmware
Versions before (<) 1.1.66
cpe:2.3:o:dell:vostro_3910_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vostro 3910 » Version: N/A
Dell » Chengming 3900 Firmware
Versions before (<) 1.1.66
cpe:2.3:o:dell:chengming_3900_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Chengming 3900 » Version: N/A
Dell » Inspiron 14 Plus 7420 Firmware
Versions before (<) 1.2.0
cpe:2.3:o:dell:inspiron_14_plus_7420_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Inspiron 14 Plus 7420 » Version: N/A
Dell » Inspiron 16 Plus 7620 Firmware
Versions before (<) 1.2.0
cpe:2.3:o:dell:inspiron_16_plus_7620_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Inspiron 16 Plus 7620 » Version: N/A
Dell » Inspiron 5320 Firmware
Versions before (<) 1.1.0
cpe:2.3:o:dell:inspiron_5320_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Inspiron 5320 » Version: N/A
Dell » Inspiron 5420 Firmware
Versions before (<) 1.4.1
cpe:2.3:o:dell:inspiron_5420_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Inspiron 5420 » Version: N/A
Dell » Inspiron 5620 Firmware
Versions before (<) 1.4.1
cpe:2.3:o:dell:inspiron_5620_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Inspiron 5620 » Version: N/A
Dell » Inspiron 7420 Firmware
Versions before (<) 1.3.0
cpe:2.3:o:dell:inspiron_7420_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Inspiron 7420 » Version: N/A
Dell » Inspiron 7620 Firmware
Versions before (<) 1.3.0
cpe:2.3:o:dell:inspiron_7620_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Inspiron 7620 » Version: N/A
Dell » Optiplex 3000 Firmware
Versions before (<) 1.1.66
cpe:2.3:o:dell:optiplex_3000_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Optiplex 3000 » Version: N/A
Dell » Optiplex 3000 Thin Client Firmware
Versions before (<) 1.0.7
cpe:2.3:o:dell:optiplex_3000_thin_client_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Optiplex 3000 Thin Client » Version: N/A
Dell » Optiplex 5000 Firmware
Versions before (<) 1.3.62
cpe:2.3:o:dell:optiplex_5000_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Optiplex 5000 » Version: N/A
Dell » Optiplex 5400 Firmware
Versions before (<) 1.0.13
cpe:2.3:o:dell:optiplex_5400_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Optiplex 5400 » Version: N/A
Dell » Optiplex 7000 Firmware
Versions before (<) 1.3.62
cpe:2.3:o:dell:optiplex_7000_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Optiplex 7000 » Version: N/A
Dell » Optiplex 7000 Oem Firmware
Versions before (<) 1.3.62
cpe:2.3:o:dell:optiplex_7000_oem_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Optiplex 7000 Oem » Version: N/A
Dell » Optiplex 7400 Firmware
Versions before (<) 1.0.13
cpe:2.3:o:dell:optiplex_7400_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Optiplex 7400 » Version: N/A
Dell » Precision 3460 Small Form Factor Firmware
Versions before (<) 1.3.62
cpe:2.3:o:dell:precision_3460_small_form_factor_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Precision 3460 Small Form Factor » Version: N/A
Dell » Precision 3660 Tower Firmware
Versions before (<) 1.3.71
cpe:2.3:o:dell:precision_3660_tower_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Precision 3660 Tower » Version: N/A
Dell » Precision 5770 Firmware
Versions before (<) 1.6.0
cpe:2.3:o:dell:precision_5770_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Precision 5770 » Version: N/A
Dell » Vostro 5320 Firmware
Versions before (<) 1.1.0
cpe:2.3:o:dell:vostro_5320_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vostro 5320 » Version: N/A
Dell » Vostro 5620 Firmware
Versions before (<) 1.4.1
cpe:2.3:o:dell:vostro_5620_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vostro 5620 » Version: N/A
Dell » Vostro 7620 Firmware
Versions before (<) 1.2.0
cpe:2.3:o:dell:vostro_7620_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vostro 7620 » Version: N/A
Dell » Xps 17 9720 Firmware
Versions before (<) 1.6.0
cpe:2.3:o:dell:xps_17_9720_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Xps 17 9720 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2022-31221

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 8 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-31221

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.3	LOW	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N	0.8	1.4	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None
2.3	LOW	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N	0.8	1.4	Dell
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

CWE ids for CVE-2022-31221

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Assigned by:
- nvd@nist.gov (Primary)
- security_alert@emc.com (Secondary)

References for CVE-2022-31221

https://www.dell.com/support/kbdoc/000202196

Access Denied
Patch;Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2022-31221

Products affected by CVE-2022-31221

Exploit prediction scoring system (EPSS) score for CVE-2022-31221

CVSS scores for CVE-2022-31221

CWE ids for CVE-2022-31221

References for CVE-2022-31221