var-201508-0601
Vulnerability from variot
The BIOS implementation on Dell Latitude, OptiPlex, Precision Mobile Workstation, and Precision Workstation Client Solutions (CS) devices with model-dependent firmware before A21 does not enforce a BIOS_CNTL locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging console access, a similar issue to CVE-2015-3692. Multiple BIOS implementations fail to properly set write protections after waking from sleep, leading to the possibility of an arbitrary BIOS image reflash. plural Dell Device firmware BIOS Implementation locks protection mechanism to wake from sleep BIOS_CNTL Is not processed, EFI There is a vulnerability that allows a flash attack to be executed. This vulnerability CVE-2015-3692 It is a similar problem. Supplementary information : CWE Vulnerability type by CWE-17: Code ( code ) Has been identified. http://cwe.mitre.org/data/definitions/17.htmlBy using the access right to the console by a local user, EFI A flash attack may be performed. Dell Latitude and others are products of Dell. There are security vulnerabilities in the BIOS implementation of several Dell devices. The BIOS_CNTL lock protection mechanism was not enforced when the program resumed from sleep mode
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0601",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bios",
"scope": "eq",
"trust": 1.6,
"vendor": "dell",
"version": "a13"
},
{
"model": "bios",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "a12"
},
{
"model": "bios",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "a20"
},
{
"model": "bios",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "a11"
},
{
"model": "bios",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "a15"
},
{
"model": "bios",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "a18"
},
{
"model": "bios",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "a14"
},
{
"model": "bios",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "a10"
},
{
"model": "bios",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "a17"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "american megatrends incorporated ami",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "dell computer",
"version": null
},
{
"model": "bios",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "a21"
},
{
"model": "latitude e4310",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "(bios a14 )"
},
{
"model": "latitude e5410",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "(bios a16 )"
},
{
"model": "latitude e5420",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "(bios a14 )"
},
{
"model": "latitude e5510",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "(bios a16 )"
},
{
"model": "latitude e5520",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "(bios a14 )"
},
{
"model": "latitude e6220",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "(bios a13 )"
},
{
"model": "latitude e6320",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "(bios a19 )"
},
{
"model": "latitude e6410 atg",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "(bios a16 )"
},
{
"model": "latitude e6420 atg",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "(bios a21 )"
},
{
"model": "latitude e6420 xfr",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "(bios a21 )"
},
{
"model": "latitude e6510",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "(bios a16 )"
},
{
"model": "latitude e6520",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "(bios a19 )"
},
{
"model": "latitude xt3",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "(bios a13 )"
},
{
"model": "optiplex 390",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "(bios a11 )"
},
{
"model": "optiplex 790",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "(bios a18 )"
},
{
"model": "optiplex 990",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "(bios a18 )"
},
{
"model": "precision mobile workstation m4500",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "(bios a15 )"
},
{
"model": "precision mobile workstation m4600",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "(bios a16 )"
},
{
"model": "precision mobile workstation m6600",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "(bios a15 )"
},
{
"model": "precision workstation t1600",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "(bios a16 )"
},
{
"model": "precision workstation t3600",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "(bios a12 )"
},
{
"model": "precision workstation t5600",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "(bios a12 )"
},
{
"model": "precision workstation t5600 xl",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "(bios a12 )"
},
{
"model": "precision workstation t7600",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "(bios a10 )"
},
{
"model": "latitude",
"scope": null,
"trust": 0.6,
"vendor": "dell",
"version": null
},
{
"model": "optiplex",
"scope": null,
"trust": 0.6,
"vendor": "dell",
"version": null
},
{
"model": "precision mobile workstation",
"scope": null,
"trust": 0.6,
"vendor": "dell",
"version": null
},
{
"model": "precision workstation cs",
"scope": null,
"trust": 0.6,
"vendor": "dell",
"version": null
},
{
"model": "bios",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "a11"
},
{
"model": "bios",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "a18"
},
{
"model": "bios",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "a15"
},
{
"model": "bios",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "a10"
},
{
"model": "bios",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "a17"
},
{
"model": "bios",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "a20"
},
{
"model": "bios",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "a14"
},
{
"model": "bios",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "a12"
},
{
"model": "precision workstation t7600 a10",
"scope": null,
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "precision workstation t5600 xl a12",
"scope": null,
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "precision workstation t5600 a12",
"scope": null,
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "precision workstation t3600 a12",
"scope": null,
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "precision workstation t1600 a16",
"scope": null,
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "precision mobile workstation m6600 a15",
"scope": null,
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "precision mobile workstation m4600 a16",
"scope": null,
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "precision mobile workstation m4500 a15",
"scope": null,
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "optiplex a18",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "990"
},
{
"model": "optiplex a18",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "790"
},
{
"model": "optiplex a11",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "390"
},
{
"model": "latitude xt3 a13",
"scope": null,
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "latitude e6520 a19",
"scope": null,
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "latitude e6510 a16",
"scope": null,
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "latitude e6420 xfr a21",
"scope": null,
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "latitude e6420 a21",
"scope": null,
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "latitude e6410 a16",
"scope": null,
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "latitude e6320 a19",
"scope": null,
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "latitude e6220 a13",
"scope": null,
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "latitude e5520 a14",
"scope": null,
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "latitude e5510 a16",
"scope": null,
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "latitude e5420 a14",
"scope": null,
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "latitude e5410 a16",
"scope": null,
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "latitude e4310 a14",
"scope": null,
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "latitude atg a21",
"scope": null,
"trust": 0.3,
"vendor": "dell",
"version": null
},
{
"model": "latitude atg a16",
"scope": null,
"trust": 0.3,
"vendor": "dell",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#577140"
},
{
"db": "CNVD",
"id": "CNVD-2015-05153"
},
{
"db": "BID",
"id": "76128"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003973"
},
{
"db": "NVD",
"id": "CVE-2015-2890"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-844"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:bios:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "a20",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dell:latitude_e6420_atg:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:dell:latitude_e6420_xfr:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:bios:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "a12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dell:latitude_e6220:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:dell:latitude_xt3:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:bios:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "a15",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dell:precision_mobile_m4600:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:dell:latitude_e4310:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:dell:latitude_e5510:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:dell:latitude_e6410_atg:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:dell:latitude_e6510:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:dell:precision_t1600:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:dell:latitude_e5410:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:bios:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "a18",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dell:latitude_e6320:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:dell:latitude_e6520:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:bios:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "a14",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dell:precision_mobile_m4500:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:dell:precision_mobile_m6600:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:bios:a13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dell:latitude_e4310:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:dell:latitude_e5420:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:dell:latitude_e5520:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:bios:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "a11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dell:precision_t5600:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:dell:precision_t5600_xl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:dell:precision_t3600:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:bios:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "a10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dell:optiplex_390:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:bios:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "a17",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dell:optiplex_990:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:dell:optiplex_790:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2890"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sam Cornwell, John Butterworth, Xeno Kovah, and Corey Kallenberg",
"sources": [
{
"db": "BID",
"id": "76128"
}
],
"trust": 0.3
},
"cve": "CVE-2015-2890",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2015-2890",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.1,
"id": "CNVD-2015-05153",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-80851",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 0.8,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-2890",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-2890",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05153",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201507-844",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-80851",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05153"
},
{
"db": "VULHUB",
"id": "VHN-80851"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003973"
},
{
"db": "NVD",
"id": "CVE-2015-2890"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-844"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The BIOS implementation on Dell Latitude, OptiPlex, Precision Mobile Workstation, and Precision Workstation Client Solutions (CS) devices with model-dependent firmware before A21 does not enforce a BIOS_CNTL locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging console access, a similar issue to CVE-2015-3692. Multiple BIOS implementations fail to properly set write protections after waking from sleep, leading to the possibility of an arbitrary BIOS image reflash. plural Dell Device firmware BIOS Implementation locks protection mechanism to wake from sleep BIOS_CNTL Is not processed, EFI There is a vulnerability that allows a flash attack to be executed. This vulnerability CVE-2015-3692 It is a similar problem. Supplementary information : CWE Vulnerability type by CWE-17: Code ( code ) Has been identified. http://cwe.mitre.org/data/definitions/17.htmlBy using the access right to the console by a local user, EFI A flash attack may be performed. Dell Latitude and others are products of Dell. There are security vulnerabilities in the BIOS implementation of several Dell devices. The BIOS_CNTL lock protection mechanism was not enforced when the program resumed from sleep mode",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2890"
},
{
"db": "CERT/CC",
"id": "VU#577140"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003973"
},
{
"db": "CNVD",
"id": "CNVD-2015-05153"
},
{
"db": "BID",
"id": "76128"
},
{
"db": "VULHUB",
"id": "VHN-80851"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#577140",
"trust": 4.2
},
{
"db": "NVD",
"id": "CVE-2015-2890",
"trust": 3.4
},
{
"db": "BID",
"id": "76128",
"trust": 1.0
},
{
"db": "JVN",
"id": "JVNVU99464019",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003973",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201507-844",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-05153",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-80851",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#577140"
},
{
"db": "CNVD",
"id": "CNVD-2015-05153"
},
{
"db": "VULHUB",
"id": "VHN-80851"
},
{
"db": "BID",
"id": "76128"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003973"
},
{
"db": "NVD",
"id": "CVE-2015-2890"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-844"
}
]
},
"id": "VAR-201508-0601",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05153"
},
{
"db": "VULHUB",
"id": "VHN-80851"
}
],
"trust": 1.58857143
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05153"
}
]
},
"last_update_date": "2023-12-18T13:07:41.968000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.dell.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003973"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
},
{
"problemtype": "CWE-17",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80851"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003973"
},
{
"db": "NVD",
"id": "CVE-2015-2890"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.kb.cert.org/vuls/id/577140"
},
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/bluu-9xxq9l"
},
{
"trust": 0.8,
"url": "https://reverse.put.as/2015/05/29/the-empire-strikes-back-apple-how-your-mac-firmware-security-is-completely-broken/"
},
{
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht204934"
},
{
"trust": 0.8,
"url": "http://support.dell.com/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2890"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99464019"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2890"
},
{
"trust": 0.3,
"url": "http://dell.com"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#577140"
},
{
"db": "CNVD",
"id": "CNVD-2015-05153"
},
{
"db": "VULHUB",
"id": "VHN-80851"
},
{
"db": "BID",
"id": "76128"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003973"
},
{
"db": "NVD",
"id": "CVE-2015-2890"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-844"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#577140"
},
{
"db": "CNVD",
"id": "CNVD-2015-05153"
},
{
"db": "VULHUB",
"id": "VHN-80851"
},
{
"db": "BID",
"id": "76128"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003973"
},
{
"db": "NVD",
"id": "CVE-2015-2890"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-844"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-30T00:00:00",
"db": "CERT/CC",
"id": "VU#577140"
},
{
"date": "2015-08-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05153"
},
{
"date": "2015-08-01T00:00:00",
"db": "VULHUB",
"id": "VHN-80851"
},
{
"date": "2015-07-30T00:00:00",
"db": "BID",
"id": "76128"
},
{
"date": "2015-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003973"
},
{
"date": "2015-08-01T01:59:13.943000",
"db": "NVD",
"id": "CVE-2015-2890"
},
{
"date": "2015-07-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-844"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-12T00:00:00",
"db": "CERT/CC",
"id": "VU#577140"
},
{
"date": "2015-08-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05153"
},
{
"date": "2019-09-27T00:00:00",
"db": "VULHUB",
"id": "VHN-80851"
},
{
"date": "2015-07-30T00:00:00",
"db": "BID",
"id": "76128"
},
{
"date": "2015-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003973"
},
{
"date": "2019-09-27T17:27:54.833000",
"db": "NVD",
"id": "CVE-2015-2890"
},
{
"date": "2019-09-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-844"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "76128"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-844"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "BIOS implementations fail to properly set UEFI write protections after waking from sleep mode",
"sources": [
{
"db": "CERT/CC",
"id": "VU#577140"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "76128"
}
],
"trust": 0.3
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.