[German]Dell systems have several vulnerabilities in BIOS/UEFI that could allow attackers to execute code on the systems. Dell has provided firmware updates for the BIOS/UEFI for various products, which users and administrators should install for security reasons. Here is a brief overview of the details disclosed by security researchers at Eclypsium.
Advertising
The topic came to my attention some time before in the following tweet. The issue is detailed by security researchers from Eclypsium in this blog post. Eclypsium experts have identified multiple vulnerabilities affecting the BIOSConnect function in Dell's client BIOS.
This chain of vulnerabilities has a cumulative CVSS score of 8.3 (High), as it allows a privileged network attacker to impersonate Dell.com and gain arbitrary code execution at the BIOS/UEFI level of the affected device.
Such an attack would allow attackers to control the boot process of the device and subvert the operating system and higher-level security controls. The issue affects 129 Dell models of consumer and business laptops, desktops and tablets, including devices protected by Secure Boot and Dell Secured Core PCs..
Security assumptions can be circumvented
Security researchers' classification: these vulnerabilities allow an attacker to remotely execute code in the pre-boot environment. Such code can manipulate an operating system at boot time, violating common assumptions about hardware/firmware security models and bypassing operating system-level security controls. As attackers increasingly shift their focus to vendor supply chains and system firmware, it is more important than ever that enterprises have independent visibility and control over the integrity of their devices.
Advertising
Dell Support Assistant involved again
Dell Support-Assistant is once again involved in the problem. Dell SupportAssist is an overarching support solution that comes pre-installed on most Windows-based Dell devices. SupportAssist covers a range of support functions, such as hardware and software issue monitoring, troubleshooting and recovery assistance.
BIOSConnect is a feature of SupportAssist that allows users to perform remote OS recovery or update the firmware on the device. In both cases (firmware upgrade or OS recovery), BIOSConnect allows the system's BIOS to contact Dell's back-end services over the Internet and coordinate the upgrade or recovery process.
Security researchers found a number of vulnerabilities in this mechanism right away. These range from the use of an insecure TLS connection from the BIOS to Dell (CVE-2021-21571) to overflow vulnerabilities that allow arbitrary code execution. Dell has published this security advisory, which describes the vulnerabilities, the affected products, and the remedies in the form of BIOS updates.
Similar articles:
Windows driver with vulnerabilities (CVE-2021-21551) puts millions of Dell systems at risk
Dell Security Advisory for Realtek driver vulnerability
Critical Vulnerability in Dell SupportAssist (Feb. 2020)
Advertising