Recently, security researchers discovered four security vulnerabilities in the BIOSConnect feature of Dell SupportAssist. These vulnerabilities allow attackers to remotely execute code in the BIOS of the affected device.
According to the official Dell website, SupportAssist software is pre-installed on most Dell devices running Windows operating system, and BIOSConnect is used to provide remote firmware updates and operating system recovery functions.
The basic CVSS score of the series of vulnerabilities discovered this time is 8.3/10, allowing remote attackers to impersonate Dell.com and control the startup process of the target device to undermine operating system-level security controls.
Eclypsium researchers said the issues discovered this time affected 129 Dell consumer and business laptops, desktops, and tablets. According to statistics, about 30 million personal devices have been affected. According to its security report, the vulnerability is divided into one vulnerability (CVE-2021-21571) that causes an insecure TLS connection from BIOS to Dell and three overflow vulnerabilities (CVE-2021-21572, CVE-2021-21573, CVE-2021-21574).
Among the overflow vulnerabilities, two affect the operating system recovery process, and the other affects the firmware update process. And these three vulnerabilities are independent of each other, each of which can lead to arbitrary code execution in the BIOS. Currently, CVE-2021-21573 and CVE-2021-21574 have been resolved on the server-side on May 28, 2021, while the CVE-2021-21571 and CVE-2021-21572 vulnerabilities need to update the Dell client BIOS.
In addition, the researchers also recommend that users do not use BIOSConnect to update their BIOS, and users who cannot update the system immediately can disable BIOSConnect from the BIOS settings page or use Dell Command | and configure (DCC) remote system management tools.