Vulnerability identifier: #VU54382
Vulnerability risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-295
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Alienware m15 R6
Hardware solutions /
Firmware
Dell G15 5510
Hardware solutions /
Firmware
Dell G15 5511
Hardware solutions /
Firmware
Inspiron 14 5418
Hardware solutions /
Firmware
Inspiron 15 5518
Hardware solutions /
Firmware
Inspiron 15 7510
Hardware solutions /
Firmware
Inspiron 3891
Hardware solutions /
Firmware
Inspiron 5310
Hardware solutions /
Firmware
Inspiron 5410 2-in-1
Hardware solutions /
Firmware
Inspiron 7610
Hardware solutions /
Firmware
Latitude 3320
Hardware solutions /
Firmware
Latitude 5320
Hardware solutions /
Firmware
Latitude 5320 2-in-1
Hardware solutions /
Firmware
Latitude 5420
Hardware solutions /
Firmware
Latitude 5520
Hardware solutions /
Firmware
Latitude 5521
Hardware solutions /
Firmware
Latitude 7320
Hardware solutions /
Firmware
Latitude 7320 Detachable
Hardware solutions /
Firmware
Latitude 7420
Hardware solutions /
Firmware
Latitude 7520
Hardware solutions /
Firmware
Latitude 9420
Hardware solutions /
Firmware
Latitude 9520
Hardware solutions /
Firmware
Latitude 5421
Hardware solutions /
Firmware
OptiPlex 3090 UFF
Hardware solutions /
Firmware
OptiPlex 5090 Tower
Hardware solutions /
Firmware
OptiPlex 5490 AIO
Hardware solutions /
Firmware
OptiPlex 7090 Tower
Hardware solutions /
Firmware
OptiPlex 7090 UFF
Hardware solutions /
Firmware
OptiPlex 7490 All-in-One
Hardware solutions /
Firmware
Precision 3450
Hardware solutions /
Firmware
Precision 3560
Hardware solutions /
Firmware
Precision 3561
Hardware solutions /
Firmware
Precision 3650 MT
Hardware solutions /
Firmware
Precision 5560
Hardware solutions /
Firmware
Precision 5760
Hardware solutions /
Firmware
Precision 7560
Hardware solutions /
Firmware
Precision 7760
Hardware solutions /
Firmware
Vostro 14 5410
Hardware solutions /
Firmware
Vostro 15 5510
Hardware solutions /
Firmware
Vostro 15 7510
Hardware solutions /
Firmware
Vostro 3690
Hardware solutions /
Firmware
Vostro 3890
Hardware solutions /
Firmware
Vostro 5310
Hardware solutions /
Firmware
Vostro 5890
Hardware solutions /
Firmware
XPS 15 9510
Hardware solutions /
Firmware
XPS 17 9710
Hardware solutions /
Firmware
ChengMing 3990
Hardware solutions /
Firmware
ChengMing 3991
Hardware solutions /
Firmware
Dell G3 3500
Hardware solutions /
Firmware
Dell G5 5500
Hardware solutions /
Firmware
Dell G7 7500
Hardware solutions /
Firmware
Dell G7 7700
Hardware solutions /
Firmware
Inspiron 3501
Hardware solutions /
Firmware
Inspiron 3880
Hardware solutions /
Firmware
Inspiron 3881
Hardware solutions /
Firmware
Inspiron 5300
Hardware solutions /
Firmware
Inspiron 5301
Hardware solutions /
Firmware
Inspiron 5400 2n1
Hardware solutions /
Firmware
Inspiron 5400 AIO
Hardware solutions /
Firmware
Inspiron 5401
Hardware solutions /
Firmware
Inspiron 5401 AIO
Hardware solutions /
Firmware
Inspiron 5402
Hardware solutions /
Firmware
Inspiron 5406 2n1
Hardware solutions /
Firmware
Inspiron 5408
Hardware solutions /
Firmware
Inspiron 5409
Hardware solutions /
Firmware
Inspiron 5501
Hardware solutions /
Firmware
Inspiron 5502
Hardware solutions /
Firmware
Inspiron 5508
Hardware solutions /
Firmware
Inspiron 5509
Hardware solutions /
Firmware
Inspiron 7300
Hardware solutions /
Firmware
Inspiron 7300 2n1
Hardware solutions /
Firmware
Inspiron 7306 2n1
Hardware solutions /
Firmware
Inspiron 7400
Hardware solutions /
Firmware
Inspiron 7500
Hardware solutions /
Firmware
Inspiron 7500 2n1 - Black
Hardware solutions /
Firmware
Inspiron 7500 2n1 - Silver
Hardware solutions /
Firmware
Inspiron 7501
Hardware solutions /
Firmware
Inspiron 7506 2n1
Hardware solutions /
Firmware
Inspiron 7700 AIO
Hardware solutions /
Firmware
Inspiron 7706 2n1
Hardware solutions /
Firmware
Latitude 3120
Hardware solutions /
Firmware
Latitude 3410
Hardware solutions /
Firmware
Latitude 3420
Hardware solutions /
Firmware
Latitude 3510
Hardware solutions /
Firmware
Latitude 3520
Hardware solutions /
Firmware
Latitude 5310
Hardware solutions /
Firmware
Latitude 5310 2 in 1
Hardware solutions /
Firmware
Latitude 5410
Hardware solutions /
Firmware
Latitude 5411
Hardware solutions /
Firmware
Latitude 5510
Hardware solutions /
Firmware
Latitude 5511
Hardware solutions /
Firmware
Latitude 7210 2-in-1
Hardware solutions /
Firmware
Latitude 7310
Hardware solutions /
Firmware
Latitude 7410
Hardware solutions /
Firmware
Latitude 9410
Hardware solutions /
Firmware
Latitude 9510
Hardware solutions /
Firmware
OptiPlex 3080
Hardware solutions /
Firmware
OptiPlex 3280 All-in-One
Hardware solutions /
Firmware
OptiPlex 5080
Hardware solutions /
Firmware
OptiPlex 7080
Hardware solutions /
Firmware
OptiPlex 7480 All-in-One
Hardware solutions /
Firmware
OptiPlex 7780 All-in-One
Hardware solutions /
Firmware
Precision 17 M5750
Hardware solutions /
Firmware
Precision 3440
Hardware solutions /
Firmware
Precision 3550
Hardware solutions /
Firmware
Precision 3551
Hardware solutions /
Firmware
Precision 3640
Hardware solutions /
Firmware
Precision 5550
Hardware solutions /
Firmware
Precision 7550
Hardware solutions /
Firmware
Precision 7750
Hardware solutions /
Firmware
Vostro 3400
Hardware solutions /
Firmware
Vostro 3500
Hardware solutions /
Firmware
Vostro 3501
Hardware solutions /
Firmware
Vostro 3681
Hardware solutions /
Firmware
Vostro 3881
Hardware solutions /
Firmware
Vostro 3888
Hardware solutions /
Firmware
Vostro 5300
Hardware solutions /
Firmware
Vostro 5301
Hardware solutions /
Firmware
Vostro 5401
Hardware solutions /
Firmware
Vostro 5402
Hardware solutions /
Firmware
Vostro 5501
Hardware solutions /
Firmware
Vostro 5502
Hardware solutions /
Firmware
Vostro 5880
Hardware solutions /
Firmware
Vostro 7500
Hardware solutions /
Firmware
XPS 13 9305
Hardware solutions /
Firmware
XPS 13 2in1 9310
Hardware solutions /
Firmware
XPS 13 9310
Hardware solutions /
Firmware
XPS 15 9500
Hardware solutions /
Firmware
XPS 17 9700
Hardware solutions /
Firmware
Vendor:
Description
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to improper certificate validation within the Dell BIOSConnect and Dell HTTPS Boot features. A remote attacker can perform MitM attack and cause a denial of service or tamper with the system boot.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
External links
http://www.dell.com/support/kbdoc/en-us/000188682
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.