Vulnerabilities > CVE-2015-2890 - Local Security vulnerability in Dell BIOS Implementation

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

dell

NVD

Published: 2015-08-01

Updated: 2019-09-27

Summary

The BIOS implementation on Dell Latitude, OptiPlex, Precision Mobile Workstation, and Precision Workstation Client Solutions (CS) devices with model-dependent firmware before A21 does not enforce a BIOS_CNTL locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging console access, a similar issue to CVE-2015-3692.

Vulnerable Configurations

Part	Description	Count
OS	Dell Dell Bios A10 Dell Bios A11 Dell Bios A12 Dell Bios A13 Dell Bios A14 Dell Bios A15 Dell Bios A17 Dell Bios A18 Dell Bios A20	9
Hardware	Dell Dell Latitude E6420 ATG * Dell Latitude E6420 XFR * Dell Latitude E6220 * Dell Latitude XT3 * Dell Latitude E4310 * Dell Latitude E5410 * Dell Latitude E5510 * Dell Latitude E6410 ATG * Dell Latitude E6510 * Dell Precision Mobile M4600 * Dell Precision T1600 * Dell Latitude E6320 * Dell Latitude E6520 * Dell Precision Mobile M4500 * Dell Precision Mobile M6600 * Dell Latitude E5420 * Dell Latitude E5520 * Dell Precision T3600 * Dell Precision T5600 * Dell Precision T5600 XL * Dell Optiplex 390 * Dell Optiplex 790 * Dell Optiplex 990 *	23

Summary

Vulnerable Configurations

References