Main Vulnerability Database SB2021062505

SB2021062505 - Multiple vulnerabilities in Dell BIOSConnect and HTTPS Boot features

Published: June 25, 2021

Security Bulletin ID SB2021062505

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 4

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 4 vulnerabilities.

1) Improper certificate validation (CVE-ID: CVE-2021-21571)

CWE-ID: CWE-295 - Improper Certificate Validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to improper certificate validation within the Dell BIOSConnect and Dell HTTPS Boot features. A remote attacker can perform MitM attack and cause a denial of service or tamper with the system boot.

2) Buffer overflow (CVE-ID: CVE-2021-21572)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to compromise the affected system.

The vulnerability exists due to a boundary error within Dell BIOSConnect feature. A local user with privileged access to the system can bypass UEFI restrictions and execute arbitrary code.

3) Buffer overflow (CVE-ID: CVE-2021-21573)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to compromise the affected system.

The vulnerability exists due to a boundary error within Dell BIOSConnect feature. A local user with privileged access to the system can bypass UEFI restrictions and execute arbitrary code.

4) Buffer overflow (CVE-ID: CVE-2021-21574)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to compromise the affected system.

The vulnerability exists due to a boundary error within Dell BIOSConnect feature. A local user with privileged access to the system can bypass UEFI restrictions and execute arbitrary code.

Remediation

Install update from vendor's website.

References

https://www.dell.com/support/kbdoc/en-us/000188682

Vulnerable Software

Alienware m15 R6: before 1.3.3
Dell G15 5510: before 1.4.0
Dell G15 5511: before 1.3.3
Inspiron 14 5418: before 2.1.0 A06
Inspiron 15 5518: before 2.1.0 A06
Inspiron 15 7510: before 1.0.4
Inspiron 3891: before 1.0.11
Inspiron 5310: before 2.1.0
Inspiron 5410 2-in-1: before 2.1.0
Inspiron 7610: before 1.0.4
Latitude 3320: before 1.4.0
Latitude 5320: before 1.7.1
Latitude 5320 2-in-1: before 1.7.1
Latitude 5420: before 1.8.0
Latitude 5520: before 1.7.1
Latitude 5521: before 1.3.0 A03
Latitude 7320: before 1.7.1
Latitude 7320 Detachable: before 1.4.0 A04
Latitude 7420: before 1.7.1
Latitude 7520: before 1.7.1
Latitude 9420: before 1.4.1
Latitude 9520: before 1.5.2
Latitude 5421: before 1.3.0 A03
OptiPlex 3090 UFF: before 1.2.0
OptiPlex 5090 Tower: before 1.1.35
OptiPlex 5490 AIO: before 1.3.0
OptiPlex 7090 Tower: before 1.1.35
OptiPlex 7090 UFF: before 1.2.0
OptiPlex 7490 All-in-One: before 1.3.0
Precision 3450: before 1.1.35
Precision 3560: before 1.7.1
Precision 3561: before 1.3.0 A03
Precision 3650 MT: before 1.2.0
Precision 5560: before 1.3.2
Precision 5760: before 1.1.3
Precision 7560: before 1.1.2
Precision 7760: before 1.1.2
Vostro 14 5410: before 2.1.0 A06
Vostro 15 5510: before 2.1.0 A06
Vostro 15 7510: before 1.0.4
Vostro 3690: before 1.0.11
Vostro 3890: before 1.0.11
Vostro 5310: before 2.1.0
Vostro 5890: before 1.0.11
XPS 15 9510: before 1.3.2
XPS 17 9710: before 1.1.3
ChengMing 3990: before 1.4.1
ChengMing 3991: before 1.4.1
Dell G3 3500: before 1.9.0
Dell G5 5500: before 1.9.0
Dell G7 7500: before 1.9.0
Dell G7 7700: before 1.9.0
Inspiron 3501: before 1.6.0
Inspiron 3880: before 1.4.1
Inspiron 3881: before 1.4.1
Inspiron 5300: before 1.7.1
Inspiron 5301: before 1.8.1
Inspiron 5400 2n1: before 1.7.0
Inspiron 5400 AIO: before 1.4.0
Inspiron 5401: before 1.7.2
Inspiron 5401 AIO: before 1.4.0
Inspiron 5402: before 1.5.1
Inspiron 5406 2n1: before 1.5.1
Inspiron 5408: before 1.7.2
Inspiron 5409: before 1.5.1
Inspiron 5501: before 1.7.2
Inspiron 5502: before 1.5.1
Inspiron 5508: before 1.7.2
Inspiron 5509: before 1.5.1
Inspiron 7300: before 1.8.1
Inspiron 7300 2n1: before 1.3.0
Inspiron 7306 2n1: before 1.5.1
Inspiron 7400: before 1.8.1
Inspiron 7500: before 1.8.0
Inspiron 7500 2n1 - Black: before 1.3.0
Inspiron 7500 2n1 - Silver: before 1.3.0
Inspiron 7501: before 1.8.0
Inspiron 7506 2n1: before 1.5.1
Inspiron 7700 AIO: before 1.4.0
Inspiron 7706 2n1: before 1.5.1
Latitude 3120: before 1.1.0
Latitude 3410: before 1.9.0
Latitude 3420: before 1.8.0
Latitude 3510: before 1.9.0
Latitude 3520: before 1.8.0
Latitude 5310: before 1.7.0
Latitude 5310 2 in 1: before 1.7.0
Latitude 5410: before 1.6.0
Latitude 5411: before 1.6.0
Latitude 5510: before 1.6.0
Latitude 5511: before 1.6.0
Latitude 7210 2-in-1: before 1.7.0
Latitude 7310: before 1.7.0
Latitude 7410: before 1.7.0
Latitude 9410: before 1.7.0
Latitude 9510: before 1.6.0
OptiPlex 3080: before 2.1.1
OptiPlex 3280 All-in-One: before 1.7.0
OptiPlex 5080: before 1.4.0
OptiPlex 7080: before 1.4.0
OptiPlex 7480 All-in-One: before 1.7.0
OptiPlex 7780 All-in-One: before 1.7.0
Precision 17 M5750: before 1.8.2
Precision 3440: before 1.4.0
Precision 3550: before 1.6.0
Precision 3551: before 1.6.0
Precision 3640: before 1.6.2
Precision 5550: before 1.8.1
Precision 7550: before 1.8.0
Precision 7750: before 1.8.0
Vostro 3400: before 1.6.0
Vostro 3500: before 1.6.0
Vostro 3501: before 1.6.0
Vostro 3681: before 2.4.0
Vostro 3881: before 2.4.0
Vostro 3888: before 2.4.0
Vostro 5300: before 1.7.1
Vostro 5301: before 1.8.1
Vostro 5401: before 1.7.2
Vostro 5402: before 1.5.1
Vostro 5501: before 1.7.2
Vostro 5502: before 1.5.1
Vostro 5880: before 1.4.0
Vostro 7500: before 1.8.0
XPS 13 9305: before 1.0.8
XPS 13 2in1 9310: before 2.3.3
XPS 13 9310: before 3.0.0
XPS 15 9500: before 1.8.1
XPS 17 9700: before 1.8.2

SB2021062505 - Multiple vulnerabilities in Dell BIOSConnect and HTTPS Boot features

Breakdown by Severity

Description

Remediation

References

Please verify you're human