• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

China Presses Nvidia Over Alleged Backdoors in H20 Chips Amid Tech Tensions

 | 

Malicious AI-generated npm package hits Solana users

 | 

Meta Offers $1M bounty at Pwn2Own Ireland 2025 for WhatsApp exploits

 | 

ToolShell under siege: Check Point analyzes Chinese APT Storm-2603

 | 

CISA released Thorium platform to support malware and forensic analysis

 | 

Russia-linked APT Secret Blizzard targets foreign embassies in Moscow with ApolloShadow malware

 | 

Dahua Camera flaws allow remote hacking. Update firmware now

 | 

Researchers released a decryptor for the FunkSec ransomware

 | 

Apple fixed a zero-day exploited in attacks against Google Chrome users

 | 

PyPI maintainers alert users to email verification phishing attack

 | 

FBI seizes 20 BTC from Chaos Ransomware affiliate targeting Texas firms

 | 

Critical SAP flaw exploited to launch Auto-Color Malware attack on U.S. company

 | 

Orange reports major cyberattack, warns of service disruptions

 | 

Hackers leak images and comments from women dating safety app Tea

 | 

Pro-Ukraine hacktivists claim cyberattack on Russian Airline Aeroflot that caused the cancellation of +100 flights

 | 

Seychelles Commercial Bank Reported Cybersecurity Incident

 | 

Microsoft uncovers macOS flaw allowing bypass TCC protections and exposing sensitive data

 | 

U.S. CISA adds Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities catalog

 | 

Critical WordPress Post SMTP plugin flaw exposes 200K+ sites to full takeover

 | 

Scattered Spider targets VMware ESXi in using social engineering

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Breaking News
  • Security
  • Flaws in Dell BIOSConnect feature affect 128 device models

Flaws in Dell BIOSConnect feature affect 128 device models

Pierluigi Paganini June 24, 2021

Flaws affecting the BIOSConnect feature of Dell Client BIOS could be exploited by a privileged attacker to execute arbitrary code at the BIOS/UEFI level of the impacted device.

Researchers from cybersecurity firm Eclypsium discovered multiple vulnerabilities affecting the BIOSConnect feature of Dell Client BIOS that could be exploited by a privileged attacker to execute arbitrary code at the BIOS/UEFI level of the affected device.

“This chain of vulnerabilities has a cumulative CVSS score of 8.3 (High) because it allows a privileged network adversary to impersonate Dell.com and gain arbitrary code execution at the BIOS/UEFI level of the affected device.” reads the post published by Eclypsium. “Such an attack would enable adversaries to control the device’s boot process and subvert the operating system and higher-layer security controls.”

Below the list of vulnerability diclosed by the Eclypsium experts:

  • CVE-2021-21571 – Insecure TLS connection from BIOS to Dell, allows threat actors to impersonate Dell.com and deliver malicious code to the victim’s device. The attack is possible because TLS connection from BIOSConnect will accept any valid wildcard certificate.
  • CVE-2021-21572, CVE-2021-21573, and CVE-2021-21574 – Overflow vulnerabilities enabling arbitrary code execution.
Dell BIOSConnect

The flaw affects 129 models of consumer and business Dell laptops, desktops, and tablets, it also impacts devices protected by Secure Boot and Dell Secured-core PCs.

BIOSConnect provides network-based boot recovery, it allows users to recover their computer’s recovery partition in case of hard drive failure or corruption of the original partition. It allows the BIOS to connect to Dell’s servers via HTTPS to download an image of the operating system.

Experts pointed out that the successful exploitation of the issue could cause the loss of integrity of the devices ad opens the door to the remote execution of malicious code in the pre-boot environment bypassing security protections at the OS level.

The flaws were reported on March 3 and at the end of May, the vendor has released server-side updates to address CVE-2021-21573 and CVE-2021-21574. The PC maker released client-side BIOS firmware updates to address the other two flaws.

Dell also provides workarounds to disable both the BIOSConnect and HTTPS Boot features.

“Technology vendors of all types are increasingly implementing over-the-air update processes to make it as easy as possible for their customers to keep their firmware up to date and recover from system failures. And while this is a valuable option, any vulnerabilities in these processes, such as those we’ve seen here in Dell’s BIOSConnect can have serious consequences.” concludes the report. “The specific vulnerabilities covered here allow an attacker to remotely exploit the UEFI firmware of a host and gain control over the most privileged code on the device.”

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]


facebook linkedin twitter

BIOSConnect Cybersecurity cybersecurity news Dell Hacking hacking news information security news malware Pierluigi Paganini Security Affairs Security News

you might also like

Pierluigi Paganini August 02, 2025
China Presses Nvidia Over Alleged Backdoors in H20 Chips Amid Tech Tensions
Read more
Pierluigi Paganini August 01, 2025
Malicious AI-generated npm package hits Solana users
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    China Presses Nvidia Over Alleged Backdoors in H20 Chips Amid Tech Tensions

    Intelligence / August 02, 2025

    Malicious AI-generated npm package hits Solana users

    Malware / August 01, 2025

    Meta Offers $1M bounty at Pwn2Own Ireland 2025 for WhatsApp exploits

    Hacking / August 01, 2025

    ToolShell under siege: Check Point analyzes Chinese APT Storm-2603

    APT / August 01, 2025

    CISA released Thorium platform to support malware and forensic analysis

    Cyber Crime / August 01, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT