{"vulnerability": "CVE-2022-3439", "sightings": [{"uuid": "8b746f3c-63d2-417f-80fc-736f67934e9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34397", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8361", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-34397\n\ud83d\udd25 CVSS Score: 6.9 (cvssV3_1, Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N)\n\ud83d\udd39 Description: \nDell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 and below contains an authorization bypass vulnerability, allowing users to perform actions in which they are not authorized.\n\n\n\ud83d\udccf Published: 2023-02-13T09:06:03.573Z\n\ud83d\udccf Modified: 2025-03-21T14:49:28.192Z\n\ud83d\udd17 References:\n1. https://www.dell.com/support/kbdoc/en-us/000207177/dsa-2022-340-dell-unisphere-for-powermax-dell-unisphere-for-powermax-vapp-dell-solutions-enabler-vapp-dell-unisphere-360-dell-vasa-provider-vapp-and-dell-powermax-emb-mgmt-security-update-for-multiple-vulnerabilities", "creation_timestamp": "2025-03-21T15:19:41.000000Z"}, {"uuid": "15163b60-f11e-4e3b-94b7-b74ecf1c72b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34399", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10305", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-34399\n\ud83d\udd25 CVSS Score: 5.1 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N)\n\ud83d\udd39 Description: \nDell Alienware m17 R5 BIOS version prior to 1.2.2 contain a buffer access vulnerability. A malicious user with admin privileges could potentially exploit this vulnerability by sending input larger than expected in order to leak certain sections of SMRAM.\n\n\n\n\n\n\n\ud83d\udccf Published: 2023-01-18T11:20:21.705Z\n\ud83d\udccf Modified: 2025-04-03T18:06:10.706Z\n\ud83d\udd17 References:\n1. https://www.dell.com/support/kbdoc/en-us/000205329/dsa-2022-317-dell-client-security-update-for-dell-client-bios", "creation_timestamp": "2025-04-03T18:35:34.000000Z"}, {"uuid": "872bec30-f95e-4bfc-8010-d2bcddf79255", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34392", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8859", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-34392\n\ud83d\udd25 CVSS Score: 5.5 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: \nSupportAssist for Home PCs (versions 3.11.4 and prior) contain an insufficient session expiration Vulnerability. An authenticated non-admin user can be able to obtain the refresh token and that leads to reuse the access token and fetch sensitive information.\n\n\n\n\n\n\n\ud83d\udccf Published: 2023-02-10T20:26:21.460Z\n\ud83d\udccf Modified: 2025-03-26T15:19:54.301Z\n\ud83d\udd17 References:\n1. https://www.dell.com/support/kbdoc/000204114", "creation_timestamp": "2025-03-26T15:26:01.000000Z"}, {"uuid": "0f586588-7ef8-4620-87aa-97733f0b210d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34394", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17076", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-34394\n\ud83d\udd25 CVSS Score: 3.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: Dell OS10, version 10.5.3.4, contains an Improper Certificate Validation vulnerability in Support Assist. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to limited switch configuration data. The vulnerability could be leveraged by attackers to conduct man-in-the-middle attacks to gain access to the Support Assist information.\n\ud83d\udccf Published: 2022-09-28T20:30:17.663Z\n\ud83d\udccf Modified: 2025-05-20T20:30:24.017Z\n\ud83d\udd17 References:\n1. https://www.dell.com/support/kbdoc/en-us/000202974/dsa-2022-293-dell-networking-os10-security-update-for-a-support-assist-vulnerability", "creation_timestamp": "2025-05-20T20:41:09.000000Z"}, {"uuid": "b354c55f-7d81-4cce-bf10-5aafbd15e2e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34390", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16031", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-34390\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.\n\ud83d\udccf Published: 2022-10-12T19:25:48.428Z\n\ud83d\udccf Modified: 2025-05-12T18:51:12.333Z\n\ud83d\udd17 References:\n1. https://www.dell.com/support/kbdoc/000203882", "creation_timestamp": "2025-05-12T19:29:21.000000Z"}, {"uuid": "db1fb37b-273a-43c9-bddc-7875a0f8b781", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34393", "type": "seen", "source": "https://t.me/cibsecurity/56653", "content": "\u203c CVE-2022-34393 \u203c\n\nDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-18T12:20:44.000000Z"}, {"uuid": "0ef6b4f9-f05e-439e-ab38-fe37e64a6b69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34398", "type": "seen", "source": "https://t.me/cibsecurity/57258", "content": "\u203c CVE-2022-34398 \u203c\n\nDell BIOS contains a Time-of-check Time-of-use vulnerability. A local authenticated malicious user could\\u00a0potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI to gain arbitrary code execution on the system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-01T12:13:58.000000Z"}, {"uuid": "2a90b34d-d2bc-4c47-a457-0035231430d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34394", "type": "seen", "source": "https://t.me/cibsecurity/50629", "content": "\u203c CVE-2022-34394 \u203c\n\nDell OS10, version 10.5.3.4, contains an Improper Certificate Validation vulnerability in Support Assist. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to limited switch configuration data. The vulnerability could be leveraged by attackers to conduct man-in-the-middle attacks to gain access to the Support Assist information.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-29T00:34:34.000000Z"}, {"uuid": "45f6a2c0-be9a-4474-8bbc-37a45a9e3ef5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3439", "type": "seen", "source": "https://t.me/cibsecurity/51401", "content": "\u203c CVE-2022-3439 \u203c\n\nAllocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-14T16:28:46.000000Z"}]}