Researchers from cybersecurity firm Eclypsium discovered multiple vulnerabilities affecting the BIOSConnect feature of Dell Client BIOS that could be exploited by a privileged attacker to execute arbitrary code at the BIOS/UEFI level of the affected device.
“This chain of vulnerabilities has a cumulative CVSS score of 8.3 (High) because it allows a privileged network adversary to impersonate Dell.com and gain arbitrary code execution at the BIOS/UEFI level of the affected device.” reads the post published by Eclypsium. “Such an attack would enable adversaries to control the device’s boot process and subvert the operating system and higher-layer security controls.”
Below the list of vulnerability diclosed by the Eclypsium experts:
The flaw affects 129 models of consumer and business Dell laptops, desktops, and tablets, it also impacts devices protected by Secure Boot and Dell Secured-core PCs.
BIOSConnect provides network-based boot recovery, it allows users to recover their computer’s recovery partition in case of hard drive failure or corruption of the original partition. It allows the BIOS to connect to Dell’s servers via HTTPS to download an image of the operating system.
Experts pointed out that the successful exploitation of the issue could cause the loss of integrity of the devices ad opens the door to the remote execution of malicious code in the pre-boot environment bypassing security protections at the OS level.
The flaws were reported on March 3 and at the end of May, the vendor has released server-side updates to address CVE-2021-21573 and CVE-2021-21574. The PC maker released client-side BIOS firmware updates to address the other two flaws.
Dell also provides workarounds to disable both the BIOSConnect and HTTPS Boot features.
“Technology vendors of all types are increasingly implementing over-the-air update processes to make it as easy as possible for their customers to keep their firmware up to date and recover from system failures. And while this is a valuable option, any vulnerabilities in these processes, such as those we’ve seen here in Dell’s BIOSConnect can have serious consequences.” concludes the report. “The specific vulnerabilities covered here allow an attacker to remotely exploit the UEFI firmware of a host and gain control over the most privileged code on the device.”
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, ransomware)
[adrotate banner=”5″]
[adrotate banner=”13″]
The National Police Agency in South Korea warns that North Korea-linked threat actors are targeting…
The U.S. Department of State imposed visa restrictions on 13 individuals allegedly linked to the…
A cyber attack has been disrupting operations at Synlab Italia, a leading provider of medical…
Russia-linked APT28 group used a previously unknown tool, dubbed GooseEgg, to exploit Windows Print Spooler…
A financially motivated group named GhostR claims the theft of a sensitive database from World-Check…
Researcher demonstrated how to exploit vulnerabilities in the Windows DOS-to-NT path conversion process to achieve…
This website uses cookies.