Researchers discovered four vulnerabilities in the BIOSConnect feature of Dell SupportAssist. When chained together, the flaws could enable arbitrary code execution at the BIOS/Unified Extensible Firmware Interface (UEFI) level. Timely patching is recommended.
On 24 June 2021, Dell issued an advisory with technical details and remediation steps for the flaws.
The first vulnerability, tracked as CVE-2021-21571, could be leveraged as the first step in an attack chain to remotely deliver malicious content to a victim.
The root cause is a TLS connection from BIOSConnect accepting any valid wildcard certificate.
The other three are buffer overflow vulnerabilities (CVE-2021-21572, CVE-2021-21573, CVE-2021-21574); threat actors could use these as the second step to arbitrarily execute code at the BIOS/UEFI level.
Dell has released most of the patches on June 24, 2021, with other updates scheduled for July.
If you are using the vulnerable products, we recommend applying BIOS updates by following the Dell advisory.
If you are unable to apply BIOS updates now, we recommend following the mitigation steps in Dell’s advisory to reduce the risk of exploitation.