• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Spain awarded €12.3 million in contracts to Huawei

 | 

Patch immediately: CVE-2025-25257 PoC enables remote code execution on Fortinet FortiWeb

 | 

Wing FTP Server flaw actively exploited shortly after technical details were made public

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 53

 | 

Security Affairs newsletter Round 532 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

McDonald’s job app exposes data of 64 Million applicants

 | 

Athlete or Hacker? Russian basketball player accused in U.S. ransomware case

 | 

U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog

 | 

UK NCA arrested four people over M&S, Co-op cyberattacks

 | 

PerfektBlue Bluetooth attack allows hacking infotainment systems of Mercedes, Volkswagen, and Skoda

 | 

Qantas data breach impacted 5.7 million individuals

 | 

DoNot APT is expanding scope targeting European foreign ministries

 | 

Nippon Steel Solutions suffered a data breach following a zero-day attack

 | 

Iranian group Pay2Key.I2P ramps Up ransomware attacks against Israel and US with incentives for affiliates

 | 

Hackers weaponize Shellter red teaming tool to spread infostealers

 | 

Microsoft Patch Tuesday security updates for July 2025 fixed a zero-day

 | 

Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant

 | 

U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

 | 

IT Worker arrested for selling access in $100M PIX cyber heist

 | 

New Batavia spyware targets Russian industrial enterprises

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Breaking News
  • Security
  • Flaws in Dell BIOSConnect feature affect 128 device models

Flaws in Dell BIOSConnect feature affect 128 device models

Pierluigi Paganini June 24, 2021

Flaws affecting the BIOSConnect feature of Dell Client BIOS could be exploited by a privileged attacker to execute arbitrary code at the BIOS/UEFI level of the impacted device.

Researchers from cybersecurity firm Eclypsium discovered multiple vulnerabilities affecting the BIOSConnect feature of Dell Client BIOS that could be exploited by a privileged attacker to execute arbitrary code at the BIOS/UEFI level of the affected device.

“This chain of vulnerabilities has a cumulative CVSS score of 8.3 (High) because it allows a privileged network adversary to impersonate Dell.com and gain arbitrary code execution at the BIOS/UEFI level of the affected device.” reads the post published by Eclypsium. “Such an attack would enable adversaries to control the device’s boot process and subvert the operating system and higher-layer security controls.”

Below the list of vulnerability diclosed by the Eclypsium experts:

  • CVE-2021-21571 – Insecure TLS connection from BIOS to Dell, allows threat actors to impersonate Dell.com and deliver malicious code to the victim’s device. The attack is possible because TLS connection from BIOSConnect will accept any valid wildcard certificate.
  • CVE-2021-21572, CVE-2021-21573, and CVE-2021-21574 – Overflow vulnerabilities enabling arbitrary code execution.
Dell BIOSConnect

The flaw affects 129 models of consumer and business Dell laptops, desktops, and tablets, it also impacts devices protected by Secure Boot and Dell Secured-core PCs.

BIOSConnect provides network-based boot recovery, it allows users to recover their computer’s recovery partition in case of hard drive failure or corruption of the original partition. It allows the BIOS to connect to Dell’s servers via HTTPS to download an image of the operating system.

Experts pointed out that the successful exploitation of the issue could cause the loss of integrity of the devices ad opens the door to the remote execution of malicious code in the pre-boot environment bypassing security protections at the OS level.

The flaws were reported on March 3 and at the end of May, the vendor has released server-side updates to address CVE-2021-21573 and CVE-2021-21574. The PC maker released client-side BIOS firmware updates to address the other two flaws.

Dell also provides workarounds to disable both the BIOSConnect and HTTPS Boot features.

“Technology vendors of all types are increasingly implementing over-the-air update processes to make it as easy as possible for their customers to keep their firmware up to date and recover from system failures. And while this is a valuable option, any vulnerabilities in these processes, such as those we’ve seen here in Dell’s BIOSConnect can have serious consequences.” concludes the report. “The specific vulnerabilities covered here allow an attacker to remotely exploit the UEFI firmware of a host and gain control over the most privileged code on the device.”

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]


facebook linkedin twitter

BIOSConnect Cybersecurity cybersecurity news Dell Hacking hacking news information security news malware Pierluigi Paganini Security Affairs Security News

you might also like

Pierluigi Paganini July 14, 2025
Spain awarded €12.3 million in contracts to Huawei
Read more
Pierluigi Paganini July 13, 2025
Patch immediately: CVE-2025-25257 PoC enables remote code execution on Fortinet FortiWeb
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Spain awarded €12.3 million in contracts to Huawei

    Intelligence / July 14, 2025

    Patch immediately: CVE-2025-25257 PoC enables remote code execution on Fortinet FortiWeb

    Security / July 13, 2025

    Wing FTP Server flaw actively exploited shortly after technical details were made public

    Hacking / July 13, 2025

    SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 53

    Breaking News / July 13, 2025

    Security Affairs newsletter Round 532 by Pierluigi Paganini – INTERNATIONAL EDITION

    Breaking News / July 13, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT