Dell Boot Recovery Remote Code Execution (RCE)
TLP White
Dell Boot Recovery Remote Code Execution (RCE) Vulnerability Impacts Millions of Devices
Finished Intelligence Reports Jun 24, 2021, 09:19 AM
Eclypsium security researchers have discovered a vulnerability in the Dell BIOSConnect feature available on at least 180 models of consumer and business laptops, desktops, and tablets, including devices protected by Secure Boot and Secured-core PCs. This undesignated vulnerability has a calculated CVSS score of 8.3 (High), potentially impacting millions of devices. The vulnerability can enable an attacker to remotely execute code in the pre-boot environment. Such code may alter the initial state for an operating system, potentially violating common assumptions on the hardware/firmware layers and breaking OS-level security controls.
Read report in it’s entirety below:
[pdf-embedder url=”https://h-isac.org/tmp24/wp-content/uploads/2021/06/Dell-Boot-Recovery-Remote-Code-Execution-RCE-Vulnerability-Impacts-Millions-of-Devices.pdf” title=”Dell Boot Recovery Remote Code Execution (RCE) Vulnerability Impacts Millions of Devices”]
- Related Resources & News
- Health-ISAC Hacking Healthcare 8-26-2024
- What is Threat Intelligence? A Comprehensive Overview
- Why Cybercriminals Target Healthcare Data and How Organisations Can Protect Themselves
- Federal Authorities Work to Boost Health-Care Cybersecurity
- Health-ISAC Hacking Healthcare 8-9-2024
- Health-ISAC Medical Device Blog – VEX
- Podcast: Health-ISAC Featured in Cyberwire Daily episode 2021
- Health-ISAC Hacking Healthcare 8-2-2024
- Protecting Healthcare Organizations with Human-Centric Email Security
- American Hospital Association and Health-ISAC Joint Threat Bulletin