The chain of flaws discovered by Eclypsium researchers comes with a CVSS base score of 8.3/10 and enables privileged remote attackers to impersonate and take control of the target device's boot process to break OS-level security controls. According to Dell's website, the SupportAssist software is 'preinstalled on most Dell devices running Windows operating system,' while BIOSConnect provides remote firmware update and OS recovery features.
AmiMoJo writes: Security researchers have found four major security vulnerabilities in the BIOSConnect feature of Dell SupportAssist, allowing attackers to remotely execute code within the BIOS of impacted devices.
