The BIOS implementation on Dell Latitude, OptiPlex, Precision Mobile Workstation, and Precision Workstation Client Solutions (CS) devices with model-dependent firmware before A21 does not enforce a BIOS_CNTL locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging console access, a similar issue to CVE-2015-3692.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Dell
  • Bios
  • Latitude E4310
  • Latitude E5410
  • Latitude E5420
  • Latitude E5510
  • Latitude E5520
  • Latitude E6220
  • Latitude E6320
  • Latitude E6410 Atg
  • Latitude E6420 Atg
  • Latitude E6420 Xfr
  • Latitude E6510
  • Latitude E6520
  • Latitude Xt3
  • Optiplex 390
  • Optiplex 790
  • Optiplex 990
  • Precision Mobile M4500
  • Precision Mobile M4600
  • Precision Mobile M6600
  • Precision T1600
  • Precision T3600
  • Precision T5600
  • Precision T5600 Xl

Configuration 1 [-]

AND
cpe:2.3:o:dell:bios:*:*:*:*:*:*:*:*
OR cpe:2.3:h:dell:latitude_e6420_atg:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_e6420_xfr:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:dell:bios:*:*:*:*:*:*:*:*
OR cpe:2.3:h:dell:latitude_e6220:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_xt3:*:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:dell:bios:*:*:*:*:*:*:*:*
OR cpe:2.3:h:dell:latitude_e4310:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_e5410:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_e5510:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_e6410_atg:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_e6510:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_mobile_m4600:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_t1600:*:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:dell:bios:*:*:*:*:*:*:*:*
OR cpe:2.3:h:dell:latitude_e6320:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_e6520:*:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:dell:bios:*:*:*:*:*:*:*:*
OR cpe:2.3:h:dell:precision_mobile_m4500:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_mobile_m6600:*:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:dell:bios:a13:*:*:*:*:*:*:*
OR cpe:2.3:h:dell:latitude_e4310:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_e5420:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_e5520:*:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:dell:bios:*:*:*:*:*:*:*:*
OR cpe:2.3:h:dell:precision_t3600:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_t5600:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_t5600_xl:*:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:dell:bios:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_390:*:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:dell:bios:*:*:*:*:*:*:*:*
OR cpe:2.3:h:dell:optiplex_790:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_990:*:*:*:*:*:*:*:*

No data.

References
Link Providers
http://www.kb.cert.org/vuls/id/577140 cve-icon cve-icon
http://www.kb.cert.org/vuls/id/BLUU-9XXQ9L cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2015-08-01T01:00:00

Updated: 2024-08-06T05:32:20.350Z

Reserved: 2015-04-03T00:00:00

Link: CVE-2015-2890

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2015-08-01T01:59:13.943

Modified: 2024-11-21T02:28:16.517

Link: CVE-2015-2890

cve-icon Redhat

No data.