Loading table of contents...
Researchers discovered four vulnerabilities in the BIOSConnect feature of Dell SupportAssist. When chained together, the flaws could enable arbitrary code execution at the BIOS/Unified Extensible Firmware Interface (UEFI) level. Timely patching is recommended.
Details
- On 24 June 2021, Dell issued an advisory with technical details and remediation steps for the flaws.
- The first vulnerability, tracked as CVE-2021-21571, could be leveraged as the first step in an attack chain to remotely deliver malicious content to a victim.
- The root cause is a TLS connection from BIOSConnect accepting any valid wildcard certificate.
- The other three are buffer overflow vulnerabilities (CVE-2021-21572, CVE-2021-21573, CVE-2021-21574); threat actors could use these as the second step to arbitrarily execute code at the BIOS/UEFI level.
- Dell has released most of the patches on June 24, 2021, with other updates scheduled for July.
Recommendations
- If you are using the vulnerable products, we recommend applying BIOS updates by following the Dell advisory.
- If you are unable to apply BIOS updates now, we recommend following the mitigation steps in Dell’s advisory to reduce the risk of exploitation.
References
