Detections
Analytics
Dell Client BIOS Multiple Vulnerabilities (DSA-2021-106)
high Nessus Plugin ID 153223
Language:
Synopsis
The remote device is missing a vendor-supplied security patchDescription
According to its self-reported version, Dell BIOS is affected by multiple vulnerabilities.- Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability using a person-in-the-middle attack which may lead to a denial of service and payload tampering. (CVE-2021-21571)
- Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions.
(CVE-2021-21572, CVE-2021-21573, CVE-2021-21574)
Please see the included Dell Security Advisory for more information.
Solution
Check vendor advisory.See Also
Plugin Details
Severity: High
ID: 153223
File Name: dell_bios_dsa-2021-106.nasl
Version: 1.4
Type: local
Agent: windows
Family: Windows
Published: 9/13/2021
Updated: 12/7/2022
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.5
CVSS v2
Risk Factor: Medium
Base Score: 6.9
Temporal Score: 5.1
Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2021-21574
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.5
Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:microsoft:windows
Required KB Items: BIOS/Version, BIOS/Vendor, BIOS/Model
Exploit Ease: No known exploits are available
Patch Publication Date: 6/24/2020
Vulnerability Publication Date: 6/24/2020
Reference Information
CVE: CVE-2021-21571, CVE-2021-21572, CVE-2021-21573, CVE-2021-21574