CVE-2015-2890

The BIOS implementation on Dell Latitude, OptiPlex, Precision Mobile Workstation, and Precision Workstation Client Solutions (CS) devices with model-dependent firmware before A21 does not enforce a BIOS_CNTL locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging console access, a similar issue to CVE-2015-3692.
References
Link Resource
http://www.kb.cert.org/vuls/id/577140 Third Party Advisory US Government Resource
http://www.kb.cert.org/vuls/id/BLUU-9XXQ9L Third Party Advisory US Government Resource
http://www.kb.cert.org/vuls/id/577140 Third Party Advisory US Government Resource
http://www.kb.cert.org/vuls/id/BLUU-9XXQ9L Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dell:bios:*:*:*:*:*:*:*:*
OR cpe:2.3:h:dell:latitude_e6420_atg:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_e6420_xfr:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:dell:bios:*:*:*:*:*:*:*:*
OR cpe:2.3:h:dell:latitude_e6220:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_xt3:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:dell:bios:*:*:*:*:*:*:*:*
OR cpe:2.3:h:dell:latitude_e4310:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_e5410:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_e5510:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_e6410_atg:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_e6510:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_mobile_m4600:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_t1600:*:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:dell:bios:*:*:*:*:*:*:*:*
OR cpe:2.3:h:dell:latitude_e6320:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_e6520:*:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:dell:bios:*:*:*:*:*:*:*:*
OR cpe:2.3:h:dell:precision_mobile_m4500:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_mobile_m6600:*:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:dell:bios:a13:*:*:*:*:*:*:*
OR cpe:2.3:h:dell:latitude_e4310:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_e5420:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_e5520:*:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:dell:bios:*:*:*:*:*:*:*:*
OR cpe:2.3:h:dell:precision_t3600:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_t5600:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_t5600_xl:*:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:dell:bios:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_390:*:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:dell:bios:*:*:*:*:*:*:*:*
OR cpe:2.3:h:dell:optiplex_790:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_990:*:*:*:*:*:*:*:*

History

21 Nov 2024, 02:28

Type Values Removed Values Added
References () http://www.kb.cert.org/vuls/id/577140 - Third Party Advisory, US Government Resource () http://www.kb.cert.org/vuls/id/577140 - Third Party Advisory, US Government Resource
References () http://www.kb.cert.org/vuls/id/BLUU-9XXQ9L - Third Party Advisory, US Government Resource () http://www.kb.cert.org/vuls/id/BLUU-9XXQ9L - Third Party Advisory, US Government Resource

Information

Published : 2015-08-01 01:59

Updated : 2024-11-21 02:28


NVD link : CVE-2015-2890

Mitre link : CVE-2015-2890

CVE.ORG link : CVE-2015-2890


JSON object : View

Products Affected

dell

  • precision_t5600
  • latitude_e5510
  • latitude_e6410_atg
  • latitude_e6420_atg
  • bios
  • latitude_e5410
  • latitude_e6520
  • latitude_e6510
  • precision_t5600_xl
  • optiplex_790
  • latitude_e6220
  • latitude_e5420
  • optiplex_390
  • precision_mobile_m6600
  • latitude_e4310
  • latitude_e5520
  • latitude_e6320
  • optiplex_990
  • precision_t1600
  • latitude_e6420_xfr
  • precision_mobile_m4600
  • precision_t3600
  • latitude_xt3
  • precision_mobile_m4500