Total of 4 separate security bugs would give attackers almost complete control and persistence over targeted devices.
A high-severity series of four vulnerabilities can allow remote adversaries to gain arbitrary code execution in the pre-boot environment on Dell devices.
The first vulnerability (CVE-2021-21571) is the beginning of a chain that can lead to remote code execution (RCE).
The other 2 of the vulnerabilities affect the OS recovery process, while the last one affects the firmware update process.
[*] Searching cve-[['2021-21571', '2021-21572', '2021-21573', '2021-21574']] vulnerability definitions within Kenna.VI+....
[ CVE Description ]
[*] CVE_ID : CVE-2021-21571
[_] Desc : Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability using a person-in-the-middle attack which may lead to a denial of service and payload tampering.
[_] C:2021-01-04 / P:2021-06-24 / L:2021-06-24
[*] Vuln Risk : 20.4333
[*] Exploited [trend] : 0 [holding]
[_] Exploit/likehood : False/0.0017% confidence
[*] Malware sample : 0
[*] Exploits/POC : [0]
[_] Fixes : [1]
[_] Threat Actors : [0]
[_] CVSS2 / CVSS3 : [ 6.1 / 5.9 ]
[_] Vuln Products : [0]
[ CVE Malware Family Info : None ]
[ CVE Description ]
[*] CVE_ID : CVE-2021-21572
[_] Desc : Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions.
[_] C:2021-01-04 / P:2021-06-24 / L:2021-06-24
[*] Vuln Risk : 19.5045
[*] Exploited [trend] : 0 [holding] [Pre_NVD]
[_] Exploit/likehood : False/0.0873% confidence
[*] Malware sample : 0
[*] Exploits/POC : [0]
[_] Fixes : [1]
[_] Threat Actors : [0]
[_] CVSS2 / CVSS3 : [ 5.9 / 7.2 ]
[_] Vuln Products : [0]
[ CVE Malware Family Info : None ]
[ CVE Description ]
[*] CVE_ID : CVE-2021-21573
[_] Desc : Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions.
[_] C:2021-01-04 / P:2021-06-24 / L:2021-06-24
[*] Vuln Risk : 19.5045
[*] Exploited [trend] : 0 [holding] [Pre_NVD]
[_] Exploit/likehood : False/0.0873% confidence
[*] Malware sample : 0
[*] Exploits/POC : [0]
[_] Fixes : [1]
[_] Threat Actors : [0]
[_] CVSS2 / CVSS3 : [ 5.9 / 7.2 ]
[_] Vuln Products : [0]
[ CVE Malware Family Info : None ]
[ CVE Description ]
[*] CVE_ID : CVE-2021-21574
[_] Desc : Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions.
[_] C:2021-01-04 / P:2021-06-24 / L:2021-06-24
[*] Vuln Risk : 19.5045
[*] Exploited [trend] : 0 [holding] [Pre_NVD]
[_] Exploit/likehood : False/0.0873% confidence
[*] Malware sample : 0
[*] Exploits/POC : [0]
[_] Fixes : [1]
[_] Threat Actors : [0]
[_] CVSS2 / CVSS3 : [ 5.9 / 7.2 ]
[_] Vuln Products : [0]
[ CVE Malware Family Info : None ]
[ High_Profile_Vulnerability ]
[!!!] CVE-2021-21571 (20.4333) : []
[!!!] CVE-2021-21572 (19.5045) : []
[!!!] CVE-2021-21573 (19.5045) : []
[!!!] CVE-2021-21574 (19.5045) : []
** [5] threads completed [8 tasks] / [7.97 KB] within [10.64 sec].