SB2023082235 - Multiple vulnerabilities in Dell PowerEdge T30 Mini Tower Server

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023082235

SB2023082235 - Multiple vulnerabilities in Dell PowerEdge T30 Mini Tower Server

Published: August 22, 2023

Security Bulletin ID SB2023082235
Severity
Medium
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 43% Low 57%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2022-36392)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted traffic to the system and perform a denial of service (DoS) attack.


2) Input validation error (CVE-ID: CVE-2022-38102)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A local user can perform a denial of service (DoS) attack.


3) Improper access control (CVE-ID: CVE-2022-29871)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper access restrictions. A local user can execute arbitrary code with elevated privileges.


4) Input validation error (CVE-ID: CVE-2022-44611)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input in the BIOS firmware. A remote attacker on the local network can send specially crafted input to the application and compromise the affected system.


5) Buffer overflow (CVE-ID: CVE-2022-27879)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a boundary error within the BIOS firmware. A local user can trigger memory corruption and gain access to sensitive information.


6) Insufficient control flow management (CVE-ID: CVE-2022-43505)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient control flow management in the BIOS firmware. A local user can perform a denial of service (DoS) attack.


7) Information exposure through microarchitectural state after transient execution (CVE-ID: CVE-2022-40982)

The vulnerability allows a malicious guest to escalate privileges on the system.

The vulnerability exists due to the way data is shared between threads whereby the AVX GATHER instructions on Intel processors can forward the content of stale vector registers to dependent instructions. A malicious guest can infer data from different contexts on the same core and execute arbitrary code with elevated privileges.


Remediation

Install update from vendor's website.

References