CVE-2022-31225 : Dell BIOS versions contain an Unchecked Return Value vulnerability. A local auth

Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause unexpected failures.

Published 2022-09-12 19:15:09

Updated 2022-09-15 19:11:45

Source Dell

View at NVD, CVE.org

Products affected by CVE-2022-31225

Dell » Inspiron 3910 Firmware
Versions before (<) 1.1.66
cpe:2.3:o:dell:inspiron_3910_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Inspiron 3910 » Version: N/A
Dell » Vostro 3710 Firmware
Versions before (<) 1.1.66
cpe:2.3:o:dell:vostro_3710_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vostro 3710 » Version: N/A
Dell » Vostro 3910 Firmware
Versions before (<) 1.1.66
cpe:2.3:o:dell:vostro_3910_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vostro 3910 » Version: N/A
Dell » Chengming 3900 Firmware
Versions before (<) 1.1.66
cpe:2.3:o:dell:chengming_3900_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Chengming 3900 » Version: N/A
Dell » Inspiron 14 Plus 7420 Firmware
Versions before (<) 1.2.0
cpe:2.3:o:dell:inspiron_14_plus_7420_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Inspiron 14 Plus 7420 » Version: N/A
Dell » Inspiron 16 Plus 7620 Firmware
Versions before (<) 1.2.0
cpe:2.3:o:dell:inspiron_16_plus_7620_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Inspiron 16 Plus 7620 » Version: N/A
Dell » Inspiron 5320 Firmware
Versions before (<) 1.1.0
cpe:2.3:o:dell:inspiron_5320_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Inspiron 5320 » Version: N/A
Dell » Inspiron 5420 Firmware
Versions before (<) 1.4.1
cpe:2.3:o:dell:inspiron_5420_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Inspiron 5420 » Version: N/A
Dell » Inspiron 5620 Firmware
Versions before (<) 1.4.1
cpe:2.3:o:dell:inspiron_5620_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Inspiron 5620 » Version: N/A
Dell » Inspiron 7420 Firmware
Versions before (<) 1.3.0
cpe:2.3:o:dell:inspiron_7420_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Inspiron 7420 » Version: N/A
Dell » Inspiron 7620 Firmware
Versions before (<) 1.3.0
cpe:2.3:o:dell:inspiron_7620_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Inspiron 7620 » Version: N/A
Dell » Optiplex 3000 Firmware
Versions before (<) 1.1.66
cpe:2.3:o:dell:optiplex_3000_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Optiplex 3000 » Version: N/A
Dell » Optiplex 3000 Thin Client Firmware
Versions before (<) 1.0.7
cpe:2.3:o:dell:optiplex_3000_thin_client_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Optiplex 3000 Thin Client » Version: N/A
Dell » Optiplex 5000 Firmware
Versions before (<) 1.3.62
cpe:2.3:o:dell:optiplex_5000_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Optiplex 5000 » Version: N/A
Dell » Optiplex 5400 Firmware
Versions before (<) 1.0.13
cpe:2.3:o:dell:optiplex_5400_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Optiplex 5400 » Version: N/A
Dell » Optiplex 7000 Firmware
Versions before (<) 1.3.62
cpe:2.3:o:dell:optiplex_7000_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Optiplex 7000 » Version: N/A
Dell » Optiplex 7000 Oem Firmware
Versions before (<) 1.3.62
cpe:2.3:o:dell:optiplex_7000_oem_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Optiplex 7000 Oem » Version: N/A
Dell » Optiplex 7400 Firmware
Versions before (<) 1.0.13
cpe:2.3:o:dell:optiplex_7400_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Optiplex 7400 » Version: N/A
Dell » Precision 3460 Small Form Factor Firmware
Versions before (<) 1.3.62
cpe:2.3:o:dell:precision_3460_small_form_factor_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Precision 3460 Small Form Factor » Version: N/A
Dell » Precision 3660 Tower Firmware
Versions before (<) 1.3.71
cpe:2.3:o:dell:precision_3660_tower_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Precision 3660 Tower » Version: N/A
Dell » Precision 5770 Firmware
Versions before (<) 1.6.0
cpe:2.3:o:dell:precision_5770_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Precision 5770 » Version: N/A
Dell » Vostro 5320 Firmware
Versions before (<) 1.1.0
cpe:2.3:o:dell:vostro_5320_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vostro 5320 » Version: N/A
Dell » Vostro 5620 Firmware
Versions before (<) 1.4.1
cpe:2.3:o:dell:vostro_5620_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vostro 5620 » Version: N/A
Dell » Vostro 7620 Firmware
Versions before (<) 1.2.0
cpe:2.3:o:dell:vostro_7620_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Vostro 7620 » Version: N/A
Dell » Xps 17 9720 Firmware
Versions before (<) 1.6.0
cpe:2.3:o:dell:xps_17_9720_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Xps 17 9720 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2022-31225

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 8 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-31225

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.1	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H	0.8	4.2	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: High
3.0	LOW	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L	0.5	2.5	Dell
Attack Vector: Local Attack Complexity: High Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: Low

CWE ids for CVE-2022-31225

CWE-252 Unchecked Return Value

The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.
Assigned by:
- nvd@nist.gov (Primary)
- security_alert@emc.com (Secondary)

References for CVE-2022-31225

https://www.dell.com/support/kbdoc/000202196

Access Denied
Patch;Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2022-31225

Products affected by CVE-2022-31225

Exploit prediction scoring system (EPSS) score for CVE-2022-31225

CVSS scores for CVE-2022-31225

CWE ids for CVE-2022-31225

References for CVE-2022-31225