Security News > 2021 > June > BIOS Disconnect: New High-Severity Bugs Affect 128 Dell PC and Tablet Models

BIOS Disconnect: New High-Severity Bugs Affect 128 Dell PC and Tablet Models
2021-06-24 20:04

Cybersecurity researchers on Thursday disclosed a chain of vulnerabilities affecting the BIOSConnect feature within Dell Client BIOS that could be abused by a privileged network adversary to gain arbitrary code execution at the BIOS/UEFI level of the affected device.

In all, the flaws affect 128 Dell models spanning across consumer and business laptops, desktops, and tablets, totalling an estimated 30 million individual devices.

BIOSConnect offers network-based boot recovery, allowing the BIOS to connect to Dell's backend servers via HTTPS to download an operating system image, thereby enabling users to recover their systems when the local disk image is corrupted, replaced, or absent.

CVE-2021-21571 - Dell UEFI BIOS HTTPS stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability.

Dell has also released client-side BIOS firmware updates to address the remaining two flaws.

"Successfully compromising the BIOS of a device would give an attacker a high degree of control over a device," Eclypsium researchers said.


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/R4ianvi98CE/bios-disconnect-new-high-severity-flaws.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-06-24 CVE-2021-21571 Improper Certificate Validation vulnerability in Dell products
Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability.
network
dell CWE-295
5.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Dell 1173 62 185 77 50 374