Four major security vulnerabilities were found in the BIOSConnect feature of Dell SupportAssist that allows attackers to remotely execute code within the BIOS of impacted devices.
The SupportAssist software is preinstalled on most Dell devices running Windows operating system while BIOSConnect provides remote firmware update and OS recovery features.
The bugs that have a CVSS base score of 8.3/10 were discovered by Eclypsium researchers. It enables privileged remote attackers to impersonate Dell.com and take control of the target device’s boot process to break OS-level security controls.
The researchers stated that such an attack would help the threat actors to control the device’s boot process and subvert the operating system and higher-layer security controls.
The issue affects 129 Dell models of consumer and business laptops, desktops, and tablets, including devices protected by Secure Boot and Dell Secured-core PCs. Around 30 million individual devices are exposed to attacks.
A vulnerability dubbed CVE-2021-21571 was identified that leads to an insecure TLS connection from BIOS to Dell.
Three overflow vulnerabilities (CVE-2021-21572, CVE-2021-21573, and CVE-2021-21574) were identified, of which two affect the OS recovery process, while the third affects the firmware update process. All three vulnerabilities are independent, and each one could lead to arbitrary code execution in BIOS.
The users must update the system BIOS/UEFI for all affected systems. The researchers also recommend using an alternate method other than the SupportAssist’s BIOSConnect feature to apply BIOS updates on their devices.
Dell is providing BIOS/UEFI updates for impacted systems and updates to affected executables on Dell.com.
The issues, CVE-2021-21573 and CVE-2021-21574 were already addressed server side on May 28, 2021. But, the CVE-2021-21571 and CVE-2021-21572 vulnerabilities require Dell Client BIOS updates to be fully addressed.
Those users who cannot immediately update their systems must disable BIOSConnect from the BIOS setup page or using the Dell Command | Configure (DCC)’s Remote System Management tool.
