Published: 24/06/2021 Updated: 02/07/2021

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 4.2 | Exploitability Score: 2.2

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P

Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability using a person-in-the-middle attack which may lead to a denial of service and payload tampering.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dell alienware_m15_r6_firmware
dell chengming_3990_firmware
dell chengming_3991_firmware
dell g15_5510_firmware
dell g15_5511_firmware
dell g3_3500_firmware
dell g5_5500_firmware
dell g7_7500_firmware
dell g7_7700_firmware
dell inspiron_14_5418_firmware
dell inspiron_15_5518_firmware
dell inspiron_15_7510_firmware
dell inspiron_3501_firmware
dell inspiron_3880_firmware
dell inspiron_3881_firmware
dell inspiron_3891_firmware
dell inspiron_5300_firmware
dell inspiron_5301_firmware
dell inspiron_5310_firmware
dell inspiron_5400_2-in-1_firmware
dell inspiron_5400_aio_firmware
dell inspiron_5401_firmware
dell inspiron_5401_aio_firmware
dell inspiron_5402_firmware
dell inspiron_5406_2n1_firmware
dell inspiron_5408_firmware
dell inspiron_5409_firmware
dell inspiron_5410_2-in-1_firmware
dell inspiron_5501_firmware
dell inspiron_5502_firmware
dell inspiron_5508_firmware
dell inspiron_5509_firmware
dell inspiron_7300_firmware
dell inspiron_7300_2-in-1_firmware
dell inspiron_7306_2-in-1_firmware
dell inspiron_7400_firmware
dell inspiron_7500_firmware
dell inspiron_7500_2-in-1_firmware
dell inspiron_7501_firmware
dell inspiron_7506_firmware
dell inspiron_7610_firmware
dell inspiron_7700_aio_firmware
dell inspiron_7706_2-in-1_firmware
dell latitude_3120_firmware
dell latitude_3320_firmware
dell latitude_3410_firmware
dell latitude_3420_firmware
dell latitude_3510_firmware
dell latitude_3520_firmware
dell latitude_5310_firmware
dell latitude_5310_2-in-1_firmware
dell latitude_5320_firmware
dell latitude_5320_2-in-1_firmware
dell latitude_5410_firmware
dell latitude_5411_firmware
dell latitude_5420_firmware
dell latitude_5510_firmware
dell latitude_5511_firmware
dell latitude_5520_firmware
dell latitude_5521_firmware
dell latitude_7210_2-in-1_firmware
dell latitude_7310_firmware
dell latitude_7320_firmware
dell latitude_7320_detachable_firmware
dell latitude_7410_firmware
dell latitude_7420_firmware
dell latitude_7520_firmware
dell latitude_9410_firmware
dell latitude_9420_firmware
dell latitude_9510_firmware
dell latitude_9520_firmware
dell latitude_5421_firmware
dell optiplex_3080_firmware
dell optiplex_3090_uff_firmware
dell optiplex_3280_all-in-one_firmware
dell optiplex_5080_firmware
dell optiplex_5090_tower_firmware
dell optiplex_5490_aio_firmware
dell optiplex_7080_firmware
dell optiplex_7090_tower_firmware
dell optiplex_7090_uff_firmware
dell optiplex_7480_all-in-one_firmware
dell optiplex_7490_all-in-one_firmware
dell optiplex_7780_all-in-one_firmware
dell precision_17_m5750_firmware
dell precision_3440_firmware
dell precision_3450_firmware
dell precision_3550_firmware
dell precision_3551_firmware
dell precision_3560_firmware
dell precision_3561_firmware
dell precision_3640_firmware
dell precision_3650_mt_firmware
dell precision_5550_firmware
dell precision_5560_firmware
dell precision_5760_firmware
dell precision_7550_firmware
dell precision_7560_firmware
dell precision_7750_firmware
dell precision_7760_firmware
dell vostro_14_5410_firmware
dell vostro_15_5510_firmware
dell vostro_15_7510_firmware
dell vostro_3400_firmware
dell vostro_3500_firmware
dell vostro_3501_firmware
dell vostro_3681_firmware
dell vostro_3690_firmware
dell vostro_3881_firmware
dell vostro_3888_firmware
dell vostro_3890_firmware
dell vostro_5300_firmware
dell vostro_5301_firmware
dell vostro_5310_firmware
dell vostro_5401_firmware
dell vostro_5402_firmware
dell vostro_5501_firmware
dell vostro_5502_firmware
dell vostro_5880_firmware
dell vostro_5890_firmware
dell vostro_7500_firmware
dell xps_13_9305_firmware
dell xps_13_2in1_9310_firmware
dell xps_13_9310_firmware
dell xps_15_9500_firmware
dell xps_15_9510_firmware
dell xps_17_9700_firmware
dell xps_17_9710_firmware

Dell SecureAssist contained RCE flaw allowing miscreants to remotely reflash your BIOS with code of their creation

The Register • Gareth Corfield • 25 Jun 2021

And it affects 129 models of PC and laptop... or about 30 million computers Votes cast on this argument

A chain of four vulnerabilities in Dell's SupportAssist remote firmware update utility could let malicious people run arbitrary code in no fewer than 129 different PCs and laptops models – while impersonating Dell to remotely upload a tampered BIOS. A remote BIOS reflasher built into a pre-installed Dell support tool, SupportAssist, would accept "any valid wildcard certificate" from a pre-defined list of certificate authorities, giving attackers a vital foothold deep inside targeted machines �...

CVE-2021-21571

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect