Dell BIOS versions contain an Improper Neutralization of Null Byte vulnerability. A local authenticated administrator user could potentially exploit this vulnerability by sending unexpected null bytes in order to read memory on the system.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00046.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Dell
  • Chengming 3900
  • Chengming 3900 Firmware
  • Inspiron 14 Plus 7420
  • Inspiron 14 Plus 7420 Firmware
  • Inspiron 16 Plus 7620
  • Inspiron 16 Plus 7620 Firmware
  • Inspiron 3910
  • Inspiron 3910 Firmware
  • Inspiron 5320
  • Inspiron 5320 Firmware
  • Inspiron 5420
  • Inspiron 5420 Firmware
  • Inspiron 5620
  • Inspiron 5620 Firmware
  • Inspiron 7420
  • Inspiron 7420 Firmware
  • Inspiron 7620
  • Inspiron 7620 Firmware
  • Optiplex 3000
  • Optiplex 3000 Firmware
  • Optiplex 3000 Thin Client
  • Optiplex 3000 Thin Client Firmware
  • Optiplex 5000
  • Optiplex 5000 Firmware
  • Optiplex 5400
  • Optiplex 5400 Firmware
  • Optiplex 7000
  • Optiplex 7000 Firmware
  • Optiplex 7000 Oem
  • Optiplex 7000 Oem Firmware
  • Optiplex 7400
  • Optiplex 7400 Firmware
  • Precision 3460 Small Form Factor
  • Precision 3460 Small Form Factor Firmware
  • Precision 3660 Tower
  • Precision 3660 Tower Firmware
  • Precision 5770
  • Precision 5770 Firmware
  • Vostro 3710
  • Vostro 3710 Firmware
  • Vostro 3910
  • Vostro 3910 Firmware
  • Vostro 5320
  • Vostro 5320 Firmware
  • Vostro 5620
  • Vostro 5620 Firmware
  • Vostro 7620
  • Vostro 7620 Firmware
  • Xps 17 9720
  • Xps 17 9720 Firmware

Configuration 1 [-]

AND
cpe:2.3:o:dell:chengming_3900_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:chengming_3900:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:dell:inspiron_14_plus_7420_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_14_plus_7420:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:dell:inspiron_16_plus_7620_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_16_plus_7620:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:dell:inspiron_3910_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_3910:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:dell:inspiron_5320_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_5320:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:dell:inspiron_5420_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_5420:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:dell:inspiron_5620_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_5620:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:dell:inspiron_7420_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_7420:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:dell:inspiron_7620_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:inspiron_7620:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:dell:optiplex_3000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_3000:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:dell:optiplex_3000_thin_client_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_3000_thin_client:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:dell:optiplex_5000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_5000:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:dell:optiplex_5400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_5400:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:dell:optiplex_7000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_7000:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:dell:optiplex_7000_oem_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_7000_oem:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:dell:optiplex_7400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_7400:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
cpe:2.3:o:dell:precision_3460_small_form_factor_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_3460_small_form_factor:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND
cpe:2.3:o:dell:precision_3660_tower_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_3660_tower:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND
cpe:2.3:o:dell:precision_5770_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_5770:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND
cpe:2.3:o:dell:vostro_3710_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_3710:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND
cpe:2.3:o:dell:vostro_3910_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_3910:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND
cpe:2.3:o:dell:vostro_5320_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_5320:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND
cpe:2.3:o:dell:vostro_5620_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_5620:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND
cpe:2.3:o:dell:vostro_7620_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:vostro_7620:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND
cpe:2.3:o:dell:xps_17_9720_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:xps_17_9720:-:*:*:*:*:*:*:*

No data.

No data.

Advisories
Source ID Title
EUVD EUVD EUVD-2022-52807 Dell BIOS versions contain an Improper Neutralization of Null Byte vulnerability. A local authenticated administrator user could potentially exploit this vulnerability by sending unexpected null bytes in order to read memory on the system.
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://www.dell.com/support/kbdoc/000202196 cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2024-09-16T22:36:37.761Z

Reserved: 2022-05-19T00:00:00

Link: CVE-2022-31223

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-09-12T19:15:09.177

Modified: 2024-11-21T07:04:10.240

Link: CVE-2022-31223

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.