Cybersecurity researchers on Thursday disclosed a series of vulnerabilities affecting the BIOSConnect function inside Dell Consumer BIOS that might be abused by a privileged community adversary to achieve arbitrary code execution on the BIOS/UEFI stage of the affected machine.
“Because the attacker has the flexibility to remotely execute code within the pre-boot setting, this can be utilized to subvert the working system and undermine basic belief within the machine,” researchers from enterprise machine safety agency Eclypsium said. “The nearly limitless management over a tool that this assault can present makes the fruit of the labor nicely value it for the attacker.”
In all, the failings have an effect on 128 Dell fashions spanning throughout shopper and enterprise laptops, desktops, and tablets, totalling an estimated 30 million particular person units. Worse, the weaknesses additionally impression computer systems which have Secure Boot enabled, a safety function designed to stop rootkits from being installed at boot time in reminiscence.
BIOSConnect affords network-based boot restoration, permitting the BIOS to connect with Dell’s backend servers by way of HTTPS to obtain an working system picture, thereby enabling customers to get well their techniques when the native disk picture is corrupted, changed, or absent.
Profitable exploitation of the failings might imply lack of machine integrity, what with the attacker able to remotely executing malicious code within the pre-boot setting that might alter the preliminary state of the working system and break OS-level safety protections.
The checklist of 4 flaws uncovered by Eclypsium is as follows —
- CVE-2021-21571 – Insecure TLS connection from BIOS to Dell, permitting a foul actor to stage a impersonate Dell.com and supply malicious code again to the sufferer’s machine
- CVE-2021-21572, CVE-2021-21573, and CVE-2021-21574 – Overflow vulnerabilities enabling arbitrary code execution
The mix of distant exploitation as nicely the flexibility to achieve management over probably the most privileged code on the machine might make such vulnerabilities a profitable goal for attackers, the researchers mentioned.
The problems had been reported to Dell by the Oregon-based firm on March 3, following which server-side updates had been rolled out on Might 28 to remediate CVE-2021-21573 and CVE-2021-21574. Dell has additionally released client-side BIOS firmware updates to deal with the remaining two flaws.
Moreover, the PC maker has launched workarounds to disable each the BIOSConnect and HTTPS Boot options for purchasers who’re unable to use the patches instantly.
“Efficiently compromising the BIOS of a tool would give an attacker a excessive diploma of management over a tool,” Eclypsium researchers mentioned. “The attacker might management the method of loading the host working system and disable protections in an effort to stay undetected. This may permit an attacker to ascertain ongoing persistence whereas controlling the best privileges on the machine.”