Security News > 2021 > June > Dell SupportAssist contained RCE flaw allowing miscreants to remotely reflash your BIOS with code of their creation

Dell SupportAssist contained RCE flaw allowing miscreants to remotely reflash your BIOS with code of their creation
2021-06-25 17:45

A chain of four vulnerabilities in Dell's SupportAssist remote firmware update utility could let malicious people run arbitrary code in no fewer than 129 different PCs and laptops models - while impersonating Dell to remotely upload a tampered BIOS. A remote BIOS reflasher built into a pre-installed Dell support tool, SupportAssist, would accept "Any valid wildcard certificate" from a pre-defined list of certificate authorities, giving attackers a vital foothold deep inside targeted machines - though Dell insists the exploit is only viable if a logged-in user runs the SupportAssist utility and in combination with a man-in-the-middle attack.

Updates for SupportAssist are available from Dell to mitigate the vulns, which infosec firm Eclypsium reckons affect about 30 million laptops and PCs. The company, which blogged about the vulns, said: "Such code may alter the initial state of an operating system, violating common assumptions on the hardware/firmware layers and breaking OS-level security controls."

BIOSConnect would accept any wildcard certificate from a list of certificate authorities as valid instead of the actual certificate for the Dell downloads site, said Eclypsium.

"To exploit the vulnerability chain in BIOSConnect, a malicious actor must separately perform additional steps before a successful exploit, including: compromise a user's network, obtain a certificate that is trusted by one of the Dell UEFI BIOS https stack's built-in Certificate Authorities, and wait for a user who is physically present at the system to use the BIOSConnect feature," sniffed an unimpressed Dell.

Bharat Jogi, Qualys senior manager of vulnerability and threat research, commented: "The four vulnerabilities on Dell devices are highly concerning. BIOS is critical for a device boot process and its security is vital to ensure safety of the entire device. This is especially important in the current environment due to the increased wave of supply chain attacks. This chain of security vulnerabilities allow for bypass of Secure Boot protections, can be exploited to take complete control of the device and hence organisations should prioritise patching."

If you don't fancy upgrading SupportAssist, an effective mitigation is simply to delete the utility, according to Dell.


News URL

https://go.theregister.com/feed/www.theregister.com/2021/06/25/dell_secureassist_biosconnect_vulns_rce/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Dell 1764 98 476 312 95 981