Dell devices contain four high-severity security flaws that could allow remote attackers to carry out arbitrary code execution in the pre-boot environment of the devices. The vulnerabilities affect 30 million individual Dell endpoints, Eclypsium researchers discovered. The said vulnerabilities are CVE-2021-21573, CVE-2021-21574, CVE-2021-21571, CVE-2021-21572.
In other words, multiple severe flaws affect the BIOSConnect feature within Dell Client BIOS.
This chain of vulnerabilities has a cumulative CVSS score of 8.3 (High) because it allows a privileged network adversary to impersonate Dell.com and gain arbitrary code execution at the BIOS/UEFI level of the affected device. Such an attack would enable adversaries to control the device’s boot process and subvert the operating system and higher-layer security controls.
The issue affects 128 Dell models of consumer and business laptops, desktops, and tablets, including devices protected by Secure Boot and Dell Secured-core PCs, Eclypsium’s report revealed.
The flaws are very dangerous, as they can enable an attacker to remotely execute code in the pre-boot environment of affected Dell endpoints. The RCE may alter the initial state of the targeted operating system, violating common assumptions on the hardware and firmware layers and breaking OS-level security controls, Eclypsium noted.
“As attackers increasingly shift their focus to vendor supply chains and system firmware, it is more important than ever that organizations have independent visibility and control over the integrity of their devices,” the report added.
What Is BIOSConnect?
It is a feature of SupportAssist allowing users to perform remote recovery of the operating system or update the device’s firmware. In both cases, the feature enables the system’s BIOS to reach out to Dell’s backend services over the Internet to coordinate the particular process.
Shortly said, the researchers located four separate security flaws that could allow a privileged network attacker to perform RCE within the BIOS of vulnerable Dell endpoints. It is noteworthy that the vulnerabilities were originally discovered on a Dell Secured-core PC Latitude 5310 using Secure Boot. The issues were later confirmed on other models of desktops and laptops.
Are the BIOSConnect vulnerabilities patched?
According to the report, CVE-2021-21573 and CVE-2021-21574 were remediated on the server side on May 28, 2021 and require no additional customer action. CVE-2021-21571 and CVE-2021-21572, however, require Dell Client BIOS updates in order to be patched.
In 2019, CVE-2019-3719, an RCE vulnerability in Dell’s SupportAssist Client software was discovered. The bug could allow remote unauthenticated attackers on the same Network Access layer to execute arbitrary code on vulnerable Dell machines.