PT-2015-5955 · Dell · Precision Workstation+3

Corey Kallenberg

Published

2015-08-01

Updated

2019-09-27

CVE-2015-2890

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Dell Latitude, OptiPlex, Precision Mobile Workstation, and Precision Workstation Client Solutions (CS) devices with model-dependent firmware before A21

Description The BIOS implementation does not enforce a BIOS CNTL locking protection mechanism upon being woken from sleep, allowing local users to conduct EFI flash attacks by leveraging console access.

Recommendations For Dell Latitude, OptiPlex, Precision Mobile Workstation, and Precision Workstation Client Solutions (CS) devices with model-dependent firmware before A21, update the firmware to version A21 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2015-2890

Affected Products

Dell Latitude

Optiplex

Precision Mobile Workstation

Precision Workstation

PT-2015-5955 · Dell · Precision Workstation+3

CVE-2015-2890

Related Identifiers

Affected Products

References · 3