Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-2890

The BIOS implementation on Dell Latitude, OptiPlex, Precision Mobile Workstation, and Precision Workstation Client Solutions (CS) devices with model-dependent firmware before A21 does not enforce a BIOS_CNTL locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging console access, a similar issue to CVE-2015-3692.

Published

2015-08-01T01:59:13.943

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 6.0 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	dell	bios	≤ a20	Yes
Hardware	dell	latitude_e6420_atg	*	No
Hardware	dell	latitude_e6420_xfr	*	No
Operating System	dell	bios	≤ a12	Yes
Hardware	dell	latitude_e6220	*	No
Hardware	dell	latitude_xt3	*	No
Operating System	dell	bios	≤ a15	Yes
Hardware	dell	latitude_e4310	*	No
Hardware	dell	latitude_e5410	*	No
Hardware	dell	latitude_e5510	*	No
Hardware	dell	latitude_e6410_atg	*	No
Hardware	dell	latitude_e6510	*	No
Hardware	dell	precision_mobile_m4600	*	No
Hardware	dell	precision_t1600	*	No
Operating System	dell	bios	≤ a18	Yes
Hardware	dell	latitude_e6320	*	No
Hardware	dell	latitude_e6520	*	No
Operating System	dell	bios	≤ a14	Yes
Hardware	dell	precision_mobile_m4500	*	No
Hardware	dell	precision_mobile_m6600	*	No
Operating System	dell	bios	a13	Yes
Hardware	dell	latitude_e4310	*	No
Hardware	dell	latitude_e5420	*	No
Hardware	dell	latitude_e5520	*	No
Operating System	dell	bios	≤ a11	Yes
Hardware	dell	precision_t3600	*	No
Hardware	dell	precision_t5600	*	No
Hardware	dell	precision_t5600_xl	*	No
Operating System	dell	bios	≤ a10	Yes
Hardware	dell	optiplex_390	*	No
Operating System	dell	bios	≤ a17	Yes
Hardware	dell	optiplex_790	*	No
Hardware	dell	optiplex_990	*	No

References

http://www.kb.cert.org/vuls/id/577140 Third Party Advisory, US Government Resource ([email protected])
http://www.kb.cert.org/vuls/id/BLUU-9XXQ9L Third Party Advisory, US Government Resource ([email protected])
http://www.kb.cert.org/vuls/id/577140 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/BLUU-9XXQ9L Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)