CVE-2022-34405 : An improper access control vulnerability was identified in the Realtek audio dri

An improper access control vulnerability was identified in the Realtek audio driver. A local authenticated malicious user may potentially exploit this vulnerability by waiting for an administrator to launch the application and attach to the process to elevate privileges on the system.

Published 2023-01-26 21:15:43

Updated 2023-07-21 18:49:03

Source Dell

View at NVD, CVE.org

Vulnerability category: BypassGain privilege

Products affected by CVE-2022-34405

Dell » Realtek High Definition Audio Driver
Versions before (<) 6.0.9407.1
cpe:2.3:a:dell:realtek_high_definition_audio_driver:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » G7 7500 » Version: N/A
When used together with: Dell » G7 7700 » Version: N/A
Dell » Realtek High Definition Audio Driver
Versions before (<) 6.0.9400.1
cpe:2.3:a:dell:realtek_high_definition_audio_driver:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Alienware M15 R6 » Version: N/A
When used together with: Dell » G15 5510 » Version: N/A
When used together with: Dell » G15 5511 » Version: N/A
Dell » Realtek High Definition Audio Driver
Versions before (<) 6.0.9254.1
cpe:2.3:a:dell:realtek_high_definition_audio_driver:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » G3 3590 » Version: N/A
Dell » Realtek High Definition Audio Driver
Versions before (<) 6.0.9422.1
cpe:2.3:a:dell:realtek_high_definition_audio_driver:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » G3 3500 » Version: N/A
When used together with: Dell » G5 5500 » Version: N/A
Dell » Realtek High Definition Audio Driver
Versions before (<) 6.0.9394.1
cpe:2.3:a:dell:realtek_high_definition_audio_driver:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Alienware Area 51m R1 » Version: N/A
When used together with: Dell » Alienware Area 51m R2 » Version: N/A
When used together with: Dell » Alienware Aurora R10 » Version: N/A
When used together with: Dell » Alienware Aurora R11 » Version: N/A
When used together with: Dell » Alienware Aurora R12 » Version: N/A
When used together with: Dell » Alienware Aurora R8 » Version: N/A
When used together with: Dell » Alienware Aurora R9 » Version: N/A
When used together with: Dell » Alienware M15 R1 » Version: N/A
When used together with: Dell » Alienware M15 R2 » Version: N/A
When used together with: Dell » Alienware M15 R3 » Version: N/A
When used together with: Dell » Alienware M15 R4 » Version: N/A
When used together with: Dell » Alienware M17 R1 » Version: N/A
When used together with: Dell » Alienware M17 R2 » Version: N/A
When used together with: Dell » Alienware M17 R3 » Version: N/A
When used together with: Dell » Alienware M17 R4 » Version: N/A
When used together with: Dell » G5 5000 » Version: N/A
When used together with: Dell » G5 5090 » Version: N/A
When used together with: Dell » G5 5590 » Version: N/A
When used together with: Dell » G7 7590 » Version: N/A
When used together with: Dell » G7 7790 » Version: N/A
Dell » Realtek High Definition Audio Driver
Versions before (<) 6.0.9433.1
cpe:2.3:a:dell:realtek_high_definition_audio_driver:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Alienware M15 Ryzen Edition R5 » Version: N/A
When used together with: Dell » G15 5515 » Version: N/A
Dell » Realtek High Definition Audio Driver
Versions before (<) 6.0.9388.1
cpe:2.3:a:dell:realtek_high_definition_audio_driver:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » Alienware Aurora R13 » Version: N/A
When used together with: Dell » Alienware X15 R1 » Version: N/A
When used together with: Dell » Alienware X17 R1 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2022-34405

EPSS FAQ

0.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 18 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-34405

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.3	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H	1.3	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High
7.3	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H	1.3	5.9	Dell
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2022-34405

CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

Assigned by: security_alert@emc.com (Secondary)
CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2022-34405

https://www.dell.com/support/kbdoc/en-us/000205721/dsa-2022-316-dell-client-security-update-for-a-realtek-high-definition-audio-driver-vulnerability

Access Denied
Vendor Advisory

Jump to

Vulnerability Details : CVE-2022-34405

Products affected by CVE-2022-34405

Exploit prediction scoring system (EPSS) score for CVE-2022-34405

CVSS scores for CVE-2022-34405

CWE ids for CVE-2022-34405

References for CVE-2022-34405