Page 13 of 65 results (0.028 seconds)

CVSS: 7.5EPSS: 0%CPEs: 256EXPL: 0

Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions. La funcionalidad Dell BIOSConnect contiene una vulnerabilidad de desbordamiento del búfer. Un usuario administrador malicioso autenticado con acceso local al sistema puede explotar potencialmente esta vulnerabilidad para ejecutar código arbitrario y omitir las restricciones de la UEFI • https://www.dell.com/support/kbdoc/en-us/000188682 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 6.5EPSS: 0%CPEs: 256EXPL: 0

Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability using a person-in-the-middle attack which may lead to a denial of service and payload tampering. La pila https de la UEFI de Dell aprovechada por la funcionalidad Dell BIOSConnect y la funcionalidad Dell HTTPS Boot contiene una vulnerabilidad de combrobación de certificados inapropiada. Un atacante remoto no autenticado puede explotar esta vulnerabilidad usando un ataque de tipo person-in-the-middle que puede conllevar a una denegación de servicio y la manipulación de la carga útil • https://www.dell.com/support/kbdoc/en-us/000188682 • CWE-295: Improper Certificate Validation •

CVSS: 7.1EPSS: 0%CPEs: 708EXPL: 0

Dell Client Consumer and Commercial platforms include an improper authorization vulnerability in the Dell Manageability interface for which an unauthorized actor, with local system access with OS administrator privileges, could bypass the BIOS Administrator authentication to restore BIOS Setup configuration to default values. Plataformas Dell Client Consumer and Commercial, incluyen una vulnerabilidad de autorización inapropiada en la interfaz de Administración de Dell para la cual un actor no autorizado, con acceso al sistema local con privilegios de administrador del Sistema Operativo, podría omitir la autenticación del Administrador del BIOS para restaurar la configuración de BIOS Setup a los valores predeterminados • https://www.dell.com/support/article/SLN321726 • CWE-285: Improper Authorization CWE-862: Missing Authorization •

CVSS: 6.1EPSS: 0%CPEs: 348EXPL: 0

Affected Dell Client platforms contain a BIOS Setup configuration authentication bypass vulnerability in the pre-boot Intel Rapid Storage Response Technology (iRST) Manager menu. An attacker with physical access to the system could perform unauthorized changes to the BIOS Setup configuration settings without requiring the BIOS Admin password by selecting the Optimized Defaults option in the pre-boot iRST Manager. Las plataformas afectadas de Dell Client contienen una vulnerabilidad de omisión de autenticación de la configuración de BIOS Setup en el menú de pre-arranque de Intel Rapid Storage Response Technology (iRST). Un atacante con acceso físico al sistema, podría realizar cambios no autorizados en la configuración del BIOS sin requerir la contraseña de BIOS Admin al seleccionar la opción Optimized Defaults en el pre-arranque de iRST Manager. • https://www.dell.com/support/article/SLN320337 • CWE-306: Missing Authentication for Critical Function •

CVSS: 7.2EPSS: 0%CPEs: 482EXPL: 0

Select Dell Client Commercial and Consumer platforms contain an Improper Access Vulnerability. An unauthenticated attacker with physical access to the system could potentially bypass intended Secure Boot restrictions to run unsigned and untrusted code on expansion cards installed in the system during platform boot. Refer to https://www.dell.com/support/article/us/en/04/sln317683/dsa-2019-043-dell-client-improper-access-control-vulnerability?lang=en for versions affected by this vulnerability. Las plataformas Select Dell Client Commercial and Consumer contienen una vulnerabilidad de Acceso Inapropiado. • https://www.dell.com/support/article/us/en/04/sln317683/dsa-2019-043-dell-client-improper-access-control-vulnerability?lang=en •