Dell Boot Recovery Remote Code Execution (RCE)
TLP White
Dell Boot Recovery Remote Code Execution (RCE) Vulnerability Impacts Millions of Devices
Finished Intelligence Reports Jun 24, 2021, 09:19 AM
Eclypsium security researchers have discovered a vulnerability in the Dell BIOSConnect feature available on at least 180 models of consumer and business laptops, desktops, and tablets, including devices protected by Secure Boot and Secured-core PCs. This undesignated vulnerability has a calculated CVSS score of 8.3 (High), potentially impacting millions of devices. The vulnerability can enable an attacker to remotely execute code in the pre-boot environment. Such code may alter the initial state for an operating system, potentially violating common assumptions on the hardware/firmware layers and breaking OS-level security controls.
Read report in it’s entirety below:
- Related Resources & News
- Potential Terror Threat Targeted at Health Sector – AHA & Health-ISAC Joint Threat Bulletin
- New Cybersecurity Policies Could Protect Patient Health Data
- CyberWire Podcast: PHP flaw sparks global attack wave
- Health-ISAC Hacking Healthcare 3-14-2025
- HSCC Aiming to Identify Healthcare Workflow Chokepoints
- New Healthcare Security Benchmark Highlights Key Investment Priorities and Risks
- Are Efforts to Help Secure Rural Hospitals Doing Any Good?
- CISA cuts $10 million annually from ISAC funding for states amid wider cyber cuts
- 2024 Health-ISAC Discussion Based Exercise Series After-Action Report
- Cobalt Strike takedown effort cuts cracked versions by 80%