[Dismas]

If you have any dell laptops or prebuilds, you might be affected. Updates are being rolled out.

The vulnerabilities affect 128 Dell models of consumer and business laptops, desktops, and tablets, including devices protected by Secure Boot and Dell Secured-core PCs.

The problem resides in the BIOSConnect feature of Dell SupportAssist, a solution that comes preinstalled on most Windows-based Dell machines and helps users troubleshoot and resolve hardware and software problems.

BIOSConnect helps perform a remote OS recovery or update the firmware on the device, and it does so by connecting to Dell backend services over the internet, downloading the needed software/firmware, and coordinating the recovery/update process.

Unfortunately, as the researchers found, these processes can be subverted to deliver malicious content to a target machine.

Eclypsium uncovered four vulnerabilities.

CVE-2021-21571 stems from the fact that the TLS connection from BIOSConnect to the backend Dell HTTP server will accept any valid wildcard certificate issued by any of the built-in CA’s contained within the BIOSConnect feature. The problem is in the certificate verification code, which is also present in some of the HTTPS Boot configurations.

“This allows an attacker with a privileged network position to impersonate Dell and deliver attacker-controlled content back to the victim device,” the researchers explained.

CVE-2021- 21572, CVE-2021-21573, CVE-2021-21574 are three overflow vulnerabilities, two of which affect the OS recovery process, and one the firmware update process. Each one of these could lead to arbitrary code execution in the pre-boot environment.

Concatenated, these vulnerabilities may allow a privileged network adversary (e.g., executing a Machine-in-the-Middle attack) to gain control of the target device’s boot process and subvert the operating system and higher-layer security controls.

Read More: https://www.helpnetsecurity.com/2021/06/...dell-bios/