Security News > 2021 > June > BIOS Disconnect: New High-Severity Bugs Affect 128 Dell PC and Tablet Models
Cybersecurity researchers on Thursday disclosed a chain of vulnerabilities affecting the BIOSConnect feature within Dell Client BIOS that could be abused by a privileged network adversary to gain arbitrary code execution at the BIOS/UEFI level of the affected device.
In all, the flaws affect 128 Dell models spanning across consumer and business laptops, desktops, and tablets, totalling an estimated 30 million individual devices.
BIOSConnect offers network-based boot recovery, allowing the BIOS to connect to Dell's backend servers via HTTPS to download an operating system image, thereby enabling users to recover their systems when the local disk image is corrupted, replaced, or absent.
CVE-2021-21571 - Dell UEFI BIOS HTTPS stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability.
Dell has also released client-side BIOS firmware updates to address the remaining two flaws.
"Successfully compromising the BIOS of a device would give an attacker a high degree of control over a device," Eclypsium researchers said.
News URL
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-06-24 | CVE-2021-21571 | Improper Certificate Validation vulnerability in Dell products Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability. | 6.5 |