Dell Boot Recovery Remote Code Execution (RCE)
TLP White
Dell Boot Recovery Remote Code Execution (RCE) Vulnerability Impacts Millions of Devices
Finished Intelligence Reports Jun 24, 2021, 09:19 AM
Eclypsium security researchers have discovered a vulnerability in the Dell BIOSConnect feature available on at least 180 models of consumer and business laptops, desktops, and tablets, including devices protected by Secure Boot and Secured-core PCs. This undesignated vulnerability has a calculated CVSS score of 8.3 (High), potentially impacting millions of devices. The vulnerability can enable an attacker to remotely execute code in the pre-boot environment. Such code may alter the initial state for an operating system, potentially violating common assumptions on the hardware/firmware layers and breaking OS-level security controls.
Read report in it’s entirety below:
- Related Resources & News
- Cyber Threats Know No Borders
- Health-ISAC Hacking Healthcare 1-10-2025
- Google’s rural healthcare cybersecurity initiative
- Gen Z is stealing your health data—and the consequences may be worse than you think
- Left to Our Own Devices Podcast #71: Errol Weiss
- 2025 Newsletter – January
- The Year Ahead: What Can We Expect Within the Cybersecurity Landscape?
- HHS Urges Health Sector to Beef Up OT, IoMT Security
- Defending Healthcare Facilities Against Ransomware Attacks
- Health-ISAC Hacking Healthcare 12-16-2024