Skip to main content

Dell Boot Recovery Remote Code Execution (RCE)

TLP White

Dell Boot Recovery Remote Code Execution (RCE) Vulnerability Impacts Millions of Devices

Finished Intelligence Reports Jun 24, 2021, 09:19 AM

Eclypsium security researchers have discovered a vulnerability in the Dell BIOSConnect feature available on at least 180 models of consumer and business laptops, desktops, and tablets, including devices protected by Secure Boot and Secured-core PCs. This undesignated vulnerability has a calculated CVSS score of 8.3 (High), potentially impacting millions of devices. The vulnerability can enable an attacker to remotely execute code in the pre-boot environment. Such code may alter the initial state for an operating system, potentially violating common assumptions on the hardware/firmware layers and breaking OS-level security controls.

 

Read report in it’s entirety below:

Download

This site is registered on Toolset.com as a development site.