CVE-2015-2890

Severity Score

6.0

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The BIOS implementation on Dell Latitude, OptiPlex, Precision Mobile Workstation, and Precision Workstation Client Solutions (CS) devices with model-dependent firmware before A21 does not enforce a BIOS_CNTL locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging console access, a similar issue to CVE-2015-3692.

Vulnerabilidad en la implementación de la BIOS en dispositivos Dell Latitude, OptiPlex, Precisision Mobile Workstation y Precision Workstation Client Solutions (CS) con modelo dependiente del firmware anterior a A21, no impone un mecanismo de protección de bloqueo BIOS_CNTL al ser despertado de la suspensión, lo que permite a usuarios locales conducir ataques de flash EFI mediante el aprovechamiento de acceso a la consola, un problema similar a CVE-2015-3692.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2015-04-03 CVE Reserved
2015-08-01 CVE Published
2023-03-08 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (2)

URL	Tag	Source
http://www.kb.cert.org/vuls/id/577140	Third Party Advisory
http://www.kb.cert.org/vuls/id/BLUU-9XXQ9L	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Dell Search vendor "Dell"	Bios Search vendor "Dell" for product "Bios"	<= a20 Search vendor "Dell" for product "Bios" and version " <= a20"	-	Affected	in	Dell Search vendor "Dell"	Latitude E6420 Atg Search vendor "Dell" for product "Latitude E6420 Atg"	*	-	Safe
Dell Search vendor "Dell"	Bios Search vendor "Dell" for product "Bios"	<= a20 Search vendor "Dell" for product "Bios" and version " <= a20"	-	Affected	in	Dell Search vendor "Dell"	Latitude E6420 Xfr Search vendor "Dell" for product "Latitude E6420 Xfr"	*	-	Safe
Dell Search vendor "Dell"	Bios Search vendor "Dell" for product "Bios"	<= a12 Search vendor "Dell" for product "Bios" and version " <= a12"	-	Affected	in	Dell Search vendor "Dell"	Latitude E6220 Search vendor "Dell" for product "Latitude E6220"	*	-	Safe
Dell Search vendor "Dell"	Bios Search vendor "Dell" for product "Bios"	<= a12 Search vendor "Dell" for product "Bios" and version " <= a12"	-	Affected	in	Dell Search vendor "Dell"	Latitude Xt3 Search vendor "Dell" for product "Latitude Xt3"	*	-	Safe
Dell Search vendor "Dell"	Bios Search vendor "Dell" for product "Bios"	<= a15 Search vendor "Dell" for product "Bios" and version " <= a15"	-	Affected	in	Dell Search vendor "Dell"	Latitude E4310 Search vendor "Dell" for product "Latitude E4310"	*	-	Safe
Dell Search vendor "Dell"	Bios Search vendor "Dell" for product "Bios"	<= a15 Search vendor "Dell" for product "Bios" and version " <= a15"	-	Affected	in	Dell Search vendor "Dell"	Latitude E5410 Search vendor "Dell" for product "Latitude E5410"	*	-	Safe
Dell Search vendor "Dell"	Bios Search vendor "Dell" for product "Bios"	<= a15 Search vendor "Dell" for product "Bios" and version " <= a15"	-	Affected	in	Dell Search vendor "Dell"	Latitude E5510 Search vendor "Dell" for product "Latitude E5510"	*	-	Safe
Dell Search vendor "Dell"	Bios Search vendor "Dell" for product "Bios"	<= a15 Search vendor "Dell" for product "Bios" and version " <= a15"	-	Affected	in	Dell Search vendor "Dell"	Latitude E6410 Atg Search vendor "Dell" for product "Latitude E6410 Atg"	*	-	Safe
Dell Search vendor "Dell"	Bios Search vendor "Dell" for product "Bios"	<= a15 Search vendor "Dell" for product "Bios" and version " <= a15"	-	Affected	in	Dell Search vendor "Dell"	Latitude E6510 Search vendor "Dell" for product "Latitude E6510"	*	-	Safe
Dell Search vendor "Dell"	Bios Search vendor "Dell" for product "Bios"	<= a15 Search vendor "Dell" for product "Bios" and version " <= a15"	-	Affected	in	Dell Search vendor "Dell"	Precision Mobile M4600 Search vendor "Dell" for product "Precision Mobile M4600"	*	-	Safe
Dell Search vendor "Dell"	Bios Search vendor "Dell" for product "Bios"	<= a15 Search vendor "Dell" for product "Bios" and version " <= a15"	-	Affected	in	Dell Search vendor "Dell"	Precision T1600 Search vendor "Dell" for product "Precision T1600"	*	-	Safe
Dell Search vendor "Dell"	Bios Search vendor "Dell" for product "Bios"	<= a18 Search vendor "Dell" for product "Bios" and version " <= a18"	-	Affected	in	Dell Search vendor "Dell"	Latitude E6320 Search vendor "Dell" for product "Latitude E6320"	*	-	Safe
Dell Search vendor "Dell"	Bios Search vendor "Dell" for product "Bios"	<= a18 Search vendor "Dell" for product "Bios" and version " <= a18"	-	Affected	in	Dell Search vendor "Dell"	Latitude E6520 Search vendor "Dell" for product "Latitude E6520"	*	-	Safe
Dell Search vendor "Dell"	Bios Search vendor "Dell" for product "Bios"	<= a14 Search vendor "Dell" for product "Bios" and version " <= a14"	-	Affected	in	Dell Search vendor "Dell"	Precision Mobile M4500 Search vendor "Dell" for product "Precision Mobile M4500"	*	-	Safe
Dell Search vendor "Dell"	Bios Search vendor "Dell" for product "Bios"	<= a14 Search vendor "Dell" for product "Bios" and version " <= a14"	-	Affected	in	Dell Search vendor "Dell"	Precision Mobile M6600 Search vendor "Dell" for product "Precision Mobile M6600"	*	-	Safe
Dell Search vendor "Dell"	Bios Search vendor "Dell" for product "Bios"	a13 Search vendor "Dell" for product "Bios" and version "a13"	-	Affected	in	Dell Search vendor "Dell"	Latitude E4310 Search vendor "Dell" for product "Latitude E4310"	*	-	Safe
Dell Search vendor "Dell"	Bios Search vendor "Dell" for product "Bios"	a13 Search vendor "Dell" for product "Bios" and version "a13"	-	Affected	in	Dell Search vendor "Dell"	Latitude E5420 Search vendor "Dell" for product "Latitude E5420"	*	-	Safe
Dell Search vendor "Dell"	Bios Search vendor "Dell" for product "Bios"	a13 Search vendor "Dell" for product "Bios" and version "a13"	-	Affected	in	Dell Search vendor "Dell"	Latitude E5520 Search vendor "Dell" for product "Latitude E5520"	*	-	Safe
Dell Search vendor "Dell"	Bios Search vendor "Dell" for product "Bios"	<= a11 Search vendor "Dell" for product "Bios" and version " <= a11"	-	Affected	in	Dell Search vendor "Dell"	Precision T3600 Search vendor "Dell" for product "Precision T3600"	*	-	Safe
Dell Search vendor "Dell"	Bios Search vendor "Dell" for product "Bios"	<= a11 Search vendor "Dell" for product "Bios" and version " <= a11"	-	Affected	in	Dell Search vendor "Dell"	Precision T5600 Search vendor "Dell" for product "Precision T5600"	*	-	Safe
Dell Search vendor "Dell"	Bios Search vendor "Dell" for product "Bios"	<= a11 Search vendor "Dell" for product "Bios" and version " <= a11"	-	Affected	in	Dell Search vendor "Dell"	Precision T5600 Xl Search vendor "Dell" for product "Precision T5600 Xl"	*	-	Safe
Dell Search vendor "Dell"	Bios Search vendor "Dell" for product "Bios"	<= a10 Search vendor "Dell" for product "Bios" and version " <= a10"	-	Affected	in	Dell Search vendor "Dell"	Optiplex 390 Search vendor "Dell" for product "Optiplex 390"	*	-	Safe
Dell Search vendor "Dell"	Bios Search vendor "Dell" for product "Bios"	<= a17 Search vendor "Dell" for product "Bios" and version " <= a17"	-	Affected	in	Dell Search vendor "Dell"	Optiplex 790 Search vendor "Dell" for product "Optiplex 790"	*	-	Safe
Dell Search vendor "Dell"	Bios Search vendor "Dell" for product "Bios"	<= a17 Search vendor "Dell" for product "Bios" and version " <= a17"	-	Affected	in	Dell Search vendor "Dell"	Optiplex 990 Search vendor "Dell" for product "Optiplex 990"	*	-	Safe