Published: 24/06/2021 Updated: 30/06/2021

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

CVSS v3 Base Score: 7.5 | Impact Score: 6 | Exploitability Score: 0.8

VMScore: 615

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dell alienware_m15_r6_firmware
dell chengming_3990_firmware
dell chengming_3991_firmware
dell g15_5510_firmware
dell g15_5511_firmware
dell g3_3500_firmware
dell g5_5500_firmware
dell g7_7500_firmware
dell g7_7700_firmware
dell inspiron_14_5418_firmware
dell inspiron_15_5518_firmware
dell inspiron_15_7510_firmware
dell inspiron_3501_firmware
dell inspiron_3880_firmware
dell inspiron_3881_firmware
dell inspiron_3891_firmware
dell inspiron_5300_firmware
dell inspiron_5301_firmware
dell inspiron_5310_firmware
dell inspiron_5400_2-in-1_firmware
dell inspiron_5400_aio_firmware
dell inspiron_5401_firmware
dell inspiron_5401_aio_firmware
dell inspiron_5402_firmware
dell inspiron_5406_2n1_firmware
dell inspiron_5408_firmware
dell inspiron_5409_firmware
dell inspiron_5410_2-in-1_firmware
dell inspiron_5501_firmware
dell inspiron_5502_firmware
dell inspiron_5508_firmware
dell inspiron_5509_firmware
dell inspiron_7300_firmware
dell inspiron_7300_2-in-1_firmware
dell inspiron_7306_2-in-1_firmware
dell inspiron_7400_firmware
dell inspiron_7500_firmware
dell inspiron_7500_2-in-1_firmware
dell inspiron_7501_firmware
dell inspiron_7506_firmware
dell inspiron_7610_firmware
dell inspiron_7700_aio_firmware
dell inspiron_7706_2-in-1_firmware
dell latitude_3120_firmware
dell latitude_3320_firmware
dell latitude_3410_firmware
dell latitude_3420_firmware
dell latitude_3510_firmware
dell latitude_3520_firmware
dell latitude_5310_firmware
dell latitude_5310_2-in-1_firmware
dell latitude_5320_firmware
dell latitude_5320_2-in-1_firmware
dell latitude_5410_firmware
dell latitude_5411_firmware
dell latitude_5420_firmware
dell latitude_5510_firmware
dell latitude_5511_firmware
dell latitude_5520_firmware
dell latitude_5521_firmware
dell latitude_7210_2-in-1_firmware
dell latitude_7310_firmware
dell latitude_7320_firmware
dell latitude_7320_detachable_firmware
dell latitude_7410_firmware
dell latitude_7420_firmware
dell latitude_7520_firmware
dell latitude_9410_firmware
dell latitude_9420_firmware
dell latitude_9510_firmware
dell latitude_9520_firmware
dell latitude_5421_firmware
dell optiplex_3080_firmware
dell optiplex_3090_uff_firmware
dell optiplex_3280_all-in-one_firmware
dell optiplex_5080_firmware
dell optiplex_5090_tower_firmware
dell optiplex_5490_aio_firmware
dell optiplex_7080_firmware
dell optiplex_7090_tower_firmware
dell optiplex_7090_uff_firmware
dell optiplex_7480_all-in-one_firmware
dell optiplex_7490_all-in-one_firmware
dell optiplex_7780_all-in-one_firmware
dell precision_17_m5750_firmware
dell precision_3440_firmware
dell precision_3450_firmware
dell precision_3550_firmware
dell precision_3551_firmware
dell precision_3560_firmware
dell precision_3561_firmware
dell precision_3640_firmware
dell precision_3650_mt_firmware
dell precision_5550_firmware
dell precision_5560_firmware
dell precision_5760_firmware
dell precision_7550_firmware
dell precision_7560_firmware
dell precision_7750_firmware
dell precision_7760_firmware
dell vostro_14_5410_firmware
dell vostro_15_5510_firmware
dell vostro_15_7510_firmware
dell vostro_3400_firmware
dell vostro_3500_firmware
dell vostro_3501_firmware
dell vostro_3681_firmware
dell vostro_3690_firmware
dell vostro_3881_firmware
dell vostro_3888_firmware
dell vostro_3890_firmware
dell vostro_5300_firmware
dell vostro_5301_firmware
dell vostro_5310_firmware
dell vostro_5401_firmware
dell vostro_5402_firmware
dell vostro_5501_firmware
dell vostro_5502_firmware
dell vostro_5880_firmware
dell vostro_5890_firmware
dell vostro_7500_firmware
dell xps_13_9305_firmware
dell xps_13_2in1_9310_firmware
dell xps_13_9310_firmware
dell xps_15_9500_firmware
dell xps_15_9510_firmware
dell xps_17_9700_firmware
dell xps_17_9710_firmware

Dell SecureAssist contained RCE flaw allowing miscreants to remotely reflash your BIOS with code of their creation

The Register • Gareth Corfield • 25 Jun 2021

And it affects 129 models of PC and laptop... or about 30 million computers Votes cast on this argument

A chain of four vulnerabilities in Dell's SupportAssist remote firmware update utility could let malicious people run arbitrary code in no fewer than 129 different PCs and laptops models – while impersonating Dell to remotely upload a tampered BIOS. A remote BIOS reflasher built into a pre-installed Dell support tool, SupportAssist, would accept "any valid wildcard certificate" from a pre-defined list of certificate authorities, giving attackers a vital foothold deep inside targeted machines �...

CVE-2021-21573

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect