Vulnerabilities in Dell devices allowing MITM attack for firmware substitution

In implementing Dell-promoted-based OS recovery technologies and firmware updates (BioSconnect and HTTPS BOOT) Read Vulnerabilities , allowing you to achieve the substitution of installed BIOS / UEFI firmware updates and remotely execute the code at the firmware level. The running code can change the initial state of the operating system and are used to bypass the applied protection mechanisms. Vulnerabilities affect 129 models of various laptops, tablets and DELL PCs, including those protected using UEFI Secure Boot and Dell Securd-Core technologies.

Vulnerability CVE-2021-21571 is caused by incorrect verification of the dell.com domain certificate in the HTTPS stack used in UEFI / BIOS firmware supporting Dell BioSconnect and Dell HTTPS Boot. The problem makes it possible to an unauthentified external attacking to organize a MITM attack, issue yourself for dell.com and replace the transmitted data. When connecting the BIOS to the Dell server in
BioSConnect is accepted by any correct TLS certificate covering a group of subdomains on a mask (WildCard).

CVE-2021-21572, CVE-2021-21573 and CVE-2021-21573 and CVE-2021-21574 are associated with buffer overflows in the Dell BioSConnect code and allow the local administrator or a remote attacking that used the CVE-2021-2157 vulnerability, execute its code at the level Firmware and bypass UEFI restrictions. Vulnerabilities CVE-2021-21573 and CVE-2021-21574 are present on the side of the Dell server infrastructure and are already eliminated. Vulnerabilities CVE-2021-21571 and CVE-2021-21572 are present on the user side and require firmware updates. As a workaround of protection, you can disable BiosConnect technology support in BIOS.



/Media reports.