A BIOS update to patch what Dell calls a weak authentication vulnerability

Topic

New Reply

[Bob99]

This vulnerability’s specific identifier is CVE-2024-52541, and it affects very many different Dell platforms so, when you get to the bulletin, review the list of affected system types very carefully to see if your particular Dell system is affected or not. Here’s a quote from the top of the page with the security bulletin:

DSA-2025-021: Security Update for Dell Client Platform BIOS for a Weak Authentication Vulnerability

Summary: Dell Client Platform BIOS remediation is available for a Weak Authentication Vulnerability that could be exploited by malicious users to compromise the affected system.

Here’s the link to Dell’s bulletin, which will open in a new tab:

https://www.dell.com/support/kbdoc/en-en/000258429/dsa-2025-021

The bulletin was both initially released and subsequently revised to its current version five days ago, on February 17th.

• This topic was modified 1 month, 3 weeks ago by Bob99.
• This topic was modified 1 month, 3 weeks ago by Bob99.

2 users thanked author for this post.

lmacri, DrBonzo

Reply | Quote

Replies

Thanks for the info. Unfortunately, Dell seems to have provided essentially no actionable information, basically saying there’s an issue that someone could exploit – gosh, really? so that’s why there’s a CVE! Wow, who knew??!!

Is it too much to ask for some judgement as to how likely the issue could be exploited, if it’s already out in the wild, etc.? This seems somewhat reminiscent of the Intel issues from a few years ago, where many were panicked about immediately installing microcode (or whatever) that seemed to bog down many systems, only to have it turn out that the issue was extremely hard to exploit.

(Since I’m already ranting, if I was Dell I’d be embarassed that so many systems were affected.)

Reply | Quote

This was originally published Dec 9, 2024 and updated Feb. 17 (see below).

Also it’s only rated “High” (not critical) as it requires local access to the computer.

Dell Client Platform BIOS contains a Weak Authentication vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

 

1 user thanked author for this post.

DrBonzo

Reply | Quote

“A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.”  What does highly privileged mean?  Gosh, you mean if I’m already an Administrator I can elevate to System or even Trusted Installer?  By the way, that’s old news. Dell  gets the award this month for a techno word salad.

2 users thanked author for this post.

Mothy, DrBonzo

Reply | Quote