Tag
#bios
Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information tampering, code execution, denial of service.
The Unified Extensible Firmware Interface (UEFI) code from various independent firmware/BIOS vendors (IBVs) has been found vulnerable to potential attacks through high-impact flaws in image parsing libraries embedded into the firmware. The shortcomings, collectively labeled LogoFAIL by Binarly, "can be used by threat actors to deliver a malicious payload and bypass Secure Boot, Intel
Hundreds of consumer and enterprise-grade x86 and ARM models from various vendors, including Intel, Acer, and Lenovo, are potentially vulnerable to bootkits and takeover.
The FACSChorusâ„¢ workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate data.
Dell Precision Tower BIOS contains an Improper Input Validation vulnerability. A locally authenticated malicious user with admin privileges could potentially exploit this vulnerability to perform arbitrary code execution.
AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability.
Improper input validation in some Intel(R) Server Board BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access
Improper input validation in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via adjacent access.
Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL services.
A vulnerability was reported in some ThinkPad BIOS that could allow a physical or local attacker with elevated privileges to tamper with BIOS firmware.