漏洞类别:Local
漏洞等级: 
漏洞信息
The BIOS implementation on Dell Latitude, OptiPlex, Precision Mobile Workstation, and Precision Workstation Client Solutions (CS) devices with model-dependent firmware before A21 does not enforce a BIOS_CNTL locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging console access.
Affected Versions:
BIOS implementation on Dell devices versions prior to A21
漏洞危害
A local attacker with console access could exploit this vulnerability to gain elevated privileges on the system and reflash the BIOS of the system to an arbitrary image to gain full access over the system.
解决方案
Customers are advised to update the BIOS to latest version. Refer to Dell Support for more information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论