CVE-2022-24415 Dell BIOS contains an improper input validation vulnerability

CVE-2022-24415 Dell BIOS contains an improper input validation vulnerability

This vulnerability may be exploited by a local user or remote attacker by sending an SMI to the system. To exploit the issue, an attacker must be logged in as an administrator, be able to send messages to the affected system, and have permissions to install SMI packages. End users and remote attackers cannot exploit this issue. To correct this issue, update your system’s BIOS to the latest version. Note: It may take up to 90 days for all systems with an older BIOS to be updated. Dell has provided updated instructions on how to update the BIOS on your system.

Mitigation Strategies:

Eliminating the Risk
The following mitigation strategies may help mitigate the risk of this vulnerability:
- Increasing network segmentation by configuring more firewalls to enforce user authentication.
- Updating all systems to the latest BIOS versions.

Vulnerability scopes

This update only affects Dell XPS 15 systems with the following BIOS versions:
BIOS version A08
BIOS version A09
BIOS version A10
BIOS version A11

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe