// For flags

CVE-2015-2890

 

Severity Score

6.0
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The BIOS implementation on Dell Latitude, OptiPlex, Precision Mobile Workstation, and Precision Workstation Client Solutions (CS) devices with model-dependent firmware before A21 does not enforce a BIOS_CNTL locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging console access, a similar issue to CVE-2015-3692.

Vulnerabilidad en la implementación de la BIOS en dispositivos Dell Latitude, OptiPlex, Precisision Mobile Workstation y Precision Workstation Client Solutions (CS) con modelo dependiente del firmware anterior a A21, no impone un mecanismo de protección de bloqueo BIOS_CNTL al ser despertado de la suspensión, lo que permite a usuarios locales conducir ataques de flash EFI mediante el aprovechamiento de acceso a la consola, un problema similar a CVE-2015-3692.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-04-03 CVE Reserved
  • 2015-08-01 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (2)
URL Tag Source
http://www.kb.cert.org/vuls/id/577140 Third Party Advisory
http://www.kb.cert.org/vuls/id/BLUU-9XXQ9L Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Dell
Search vendor "Dell"
Bios
Search vendor "Dell" for product "Bios"
<= a20
Search vendor "Dell" for product "Bios" and version " <= a20"
-
Affected
in Dell
Search vendor "Dell"
Latitude E6420 Atg
Search vendor "Dell" for product "Latitude E6420 Atg"
*-
Safe
Dell
Search vendor "Dell"
Bios
Search vendor "Dell" for product "Bios"
<= a20
Search vendor "Dell" for product "Bios" and version " <= a20"
-
Affected
in Dell
Search vendor "Dell"
Latitude E6420 Xfr
Search vendor "Dell" for product "Latitude E6420 Xfr"
*-
Safe
Dell
Search vendor "Dell"
Bios
Search vendor "Dell" for product "Bios"
<= a12
Search vendor "Dell" for product "Bios" and version " <= a12"
-
Affected
in Dell
Search vendor "Dell"
Latitude E6220
Search vendor "Dell" for product "Latitude E6220"
*-
Safe
Dell
Search vendor "Dell"
Bios
Search vendor "Dell" for product "Bios"
<= a12
Search vendor "Dell" for product "Bios" and version " <= a12"
-
Affected
in Dell
Search vendor "Dell"
Latitude Xt3
Search vendor "Dell" for product "Latitude Xt3"
*-
Safe
Dell
Search vendor "Dell"
Bios
Search vendor "Dell" for product "Bios"
<= a15
Search vendor "Dell" for product "Bios" and version " <= a15"
-
Affected
in Dell
Search vendor "Dell"
Latitude E4310
Search vendor "Dell" for product "Latitude E4310"
*-
Safe
Dell
Search vendor "Dell"
Bios
Search vendor "Dell" for product "Bios"
<= a15
Search vendor "Dell" for product "Bios" and version " <= a15"
-
Affected
in Dell
Search vendor "Dell"
Latitude E5410
Search vendor "Dell" for product "Latitude E5410"
*-
Safe
Dell
Search vendor "Dell"
Bios
Search vendor "Dell" for product "Bios"
<= a15
Search vendor "Dell" for product "Bios" and version " <= a15"
-
Affected
in Dell
Search vendor "Dell"
Latitude E5510
Search vendor "Dell" for product "Latitude E5510"
*-
Safe
Dell
Search vendor "Dell"
Bios
Search vendor "Dell" for product "Bios"
<= a15
Search vendor "Dell" for product "Bios" and version " <= a15"
-
Affected
in Dell
Search vendor "Dell"
Latitude E6410 Atg
Search vendor "Dell" for product "Latitude E6410 Atg"
*-
Safe
Dell
Search vendor "Dell"
Bios
Search vendor "Dell" for product "Bios"
<= a15
Search vendor "Dell" for product "Bios" and version " <= a15"
-
Affected
in Dell
Search vendor "Dell"
Latitude E6510
Search vendor "Dell" for product "Latitude E6510"
*-
Safe
Dell
Search vendor "Dell"
Bios
Search vendor "Dell" for product "Bios"
<= a15
Search vendor "Dell" for product "Bios" and version " <= a15"
-
Affected
in Dell
Search vendor "Dell"
Precision Mobile M4600
Search vendor "Dell" for product "Precision Mobile M4600"
*-
Safe
Dell
Search vendor "Dell"
Bios
Search vendor "Dell" for product "Bios"
<= a15
Search vendor "Dell" for product "Bios" and version " <= a15"
-
Affected
in Dell
Search vendor "Dell"
Precision T1600
Search vendor "Dell" for product "Precision T1600"
*-
Safe
Dell
Search vendor "Dell"
Bios
Search vendor "Dell" for product "Bios"
<= a18
Search vendor "Dell" for product "Bios" and version " <= a18"
-
Affected
in Dell
Search vendor "Dell"
Latitude E6320
Search vendor "Dell" for product "Latitude E6320"
*-
Safe
Dell
Search vendor "Dell"
Bios
Search vendor "Dell" for product "Bios"
<= a18
Search vendor "Dell" for product "Bios" and version " <= a18"
-
Affected
in Dell
Search vendor "Dell"
Latitude E6520
Search vendor "Dell" for product "Latitude E6520"
*-
Safe
Dell
Search vendor "Dell"
Bios
Search vendor "Dell" for product "Bios"
<= a14
Search vendor "Dell" for product "Bios" and version " <= a14"
-
Affected
in Dell
Search vendor "Dell"
Precision Mobile M4500
Search vendor "Dell" for product "Precision Mobile M4500"
*-
Safe
Dell
Search vendor "Dell"
Bios
Search vendor "Dell" for product "Bios"
<= a14
Search vendor "Dell" for product "Bios" and version " <= a14"
-
Affected
in Dell
Search vendor "Dell"
Precision Mobile M6600
Search vendor "Dell" for product "Precision Mobile M6600"
*-
Safe
Dell
Search vendor "Dell"
Bios
Search vendor "Dell" for product "Bios"
a13
Search vendor "Dell" for product "Bios" and version "a13"
-
Affected
in Dell
Search vendor "Dell"
Latitude E4310
Search vendor "Dell" for product "Latitude E4310"
*-
Safe
Dell
Search vendor "Dell"
Bios
Search vendor "Dell" for product "Bios"
a13
Search vendor "Dell" for product "Bios" and version "a13"
-
Affected
in Dell
Search vendor "Dell"
Latitude E5420
Search vendor "Dell" for product "Latitude E5420"
*-
Safe
Dell
Search vendor "Dell"
Bios
Search vendor "Dell" for product "Bios"
a13
Search vendor "Dell" for product "Bios" and version "a13"
-
Affected
in Dell
Search vendor "Dell"
Latitude E5520
Search vendor "Dell" for product "Latitude E5520"
*-
Safe
Dell
Search vendor "Dell"
Bios
Search vendor "Dell" for product "Bios"
<= a11
Search vendor "Dell" for product "Bios" and version " <= a11"
-
Affected
in Dell
Search vendor "Dell"
Precision T3600
Search vendor "Dell" for product "Precision T3600"
*-
Safe
Dell
Search vendor "Dell"
Bios
Search vendor "Dell" for product "Bios"
<= a11
Search vendor "Dell" for product "Bios" and version " <= a11"
-
Affected
in Dell
Search vendor "Dell"
Precision T5600
Search vendor "Dell" for product "Precision T5600"
*-
Safe
Dell
Search vendor "Dell"
Bios
Search vendor "Dell" for product "Bios"
<= a11
Search vendor "Dell" for product "Bios" and version " <= a11"
-
Affected
in Dell
Search vendor "Dell"
Precision T5600 Xl
Search vendor "Dell" for product "Precision T5600 Xl"
*-
Safe
Dell
Search vendor "Dell"
Bios
Search vendor "Dell" for product "Bios"
<= a10
Search vendor "Dell" for product "Bios" and version " <= a10"
-
Affected
in Dell
Search vendor "Dell"
Optiplex 390
Search vendor "Dell" for product "Optiplex 390"
*-
Safe
Dell
Search vendor "Dell"
Bios
Search vendor "Dell" for product "Bios"
<= a17
Search vendor "Dell" for product "Bios" and version " <= a17"
-
Affected
in Dell
Search vendor "Dell"
Optiplex 790
Search vendor "Dell" for product "Optiplex 790"
*-
Safe
Dell
Search vendor "Dell"
Bios
Search vendor "Dell" for product "Bios"
<= a17
Search vendor "Dell" for product "Bios" and version " <= a17"
-
Affected
in Dell
Search vendor "Dell"
Optiplex 990
Search vendor "Dell" for product "Optiplex 990"
*-
Safe