TLP White
Dell Boot Recovery Remote Code Execution (RCE) Vulnerability Impacts Millions of Devices
Finished Intelligence Reports Jun 24, 2021, 09:19 AM
Eclypsium security researchers have discovered a vulnerability in the Dell BIOSConnect feature available on at least 180 models of consumer and business laptops, desktops, and tablets, including devices protected by Secure Boot and Secured-core PCs. This undesignated vulnerability has a calculated CVSS score of 8.3 (High), potentially impacting millions of devices. The vulnerability can enable an attacker to remotely execute code in the pre-boot environment. Such code may alter the initial state for an operating system, potentially violating common assumptions on the hardware/firmware layers and breaking OS-level security controls.
Read report in it’s entirety below:
Dell Boot Recovery Remote Code Execution (RCE) Vulnerability Impacts Millions of Devices