Dell SupportAssist Bugs Affects 30 Million PCs

Share post:

According to reports, security researchers recently discovered four major vulnerabilities in BIOSConnect, a feature of Dell SupportAssist that provides firmware updates and OS recovery features.

Eclypsium researchers, the researchers behind the discovery explained that an identified problem tracked as CVE-2021-21571 led to an insecure TLS connection from BIOS to Dell along with three overflow vulnerabilities tracked as CVE-2021-21572, CVE-2021-21573 and CVE-2021-21574.

The vulnerabilities also come with a CVSS base value of 8.3/10 that allows privileged remote attackers to imitate Dell.com while taking control of the target device boot process to break OS-level security controls.

In a report shared with Bleeping Computer, the researchers from Eclypsium said: “Such an attack would enable adversaries to control the device’s boot process and subvert the operating system and higher-layer security controls. The issue affects 129 Dell models of consumer and business laptops, desktops, and tablets, including devices protected by Secure Boot and Dell Secured-core PCs.”

The researchers also gave a rough estimate of the devices exposed during the attack at about 30 million.

For more information, read the original story in Bleeping Computer.

SUBSCRIBE NOW

Related articles

FBI’s Operation Level Up Ends Cyber Scams and Saves Millions of Dollars and Lives

We should send a love note out to The Federal Bureau of Investigation (FBI) who launched Operation Level...

DOGE’s Teen Hacker Stirs Concern Over Musk Team’s Access to Federal Databases

A 19-year-old named Edward “Big Balls” Coristine has raised red flags after Wired revealed he holds a key...

Deep Seek and Open Source AI – Without the Hype: Discussion with Robert Falzon, Head of Engineering, Check Point

DeepSeek AI is shaking up the cybersecurity world—are we prepared for the risks? Join host Jim Love and...

Researchers Jailbreak DeepSeek AI, Expose System Prompt and Raise Security Concerns

Security researchers at Wallarm have successfully jailbroken DeepSeek, a recently released open-source AI model from China. The jailbreak...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways