There is a Dell Client Platform Security Update for devices around multiple vulnerabilities in the BIOSConnect and HTTPS boot functions as part of the Dell Client BIOS. Dell is releasing fixes for its PC devices for multiple security vulnerabilities that affect the BIOSConnect and HTTPS boot functions.
Dell UEFI BIOS https stack used by the Dell BIOSConnect function and Dell HTTPS Boot function contains a vulnerability for incorrect certificate validation. An unauthenticated remote attacker could exploit this vulnerability through a person-in-the-middle attack, which could lead to a denial of service and payload tampering.
Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious administrator with local access to the system could potentially exploit this vulnerability to execute arbitrary code and bypass UEFI restrictions.
–
