PT-2015-5955 · Dell · Precision Workstation+3

Corey Kallenberg

Publicado

2015-08-01

Atualizado

2019-09-27

CVE-2015-2890

CVSS v2.0

7.2

Alta

Vetor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Dell Latitude, OptiPlex, Precision Mobile Workstation, and Precision Workstation Client Solutions (CS) devices with model-dependent firmware before A21

Description The BIOS implementation does not enforce a BIOS CNTL locking protection mechanism upon being woken from sleep, allowing local users to conduct EFI flash attacks by leveraging console access.

Recommendations For Dell Latitude, OptiPlex, Precision Mobile Workstation, and Precision Workstation Client Solutions (CS) devices with model-dependent firmware before A21, update the firmware to version A21 or later to resolve the issue.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2015-2890

Produtos afetados

Dell Latitude

Optiplex

Precision Mobile Workstation

Precision Workstation

PT-2015-5955 · Dell · Precision Workstation+3

CVE-2015-2890

Identificadores relacionados

Produtos afetados

Referências · 3