Vulnerability Details : CVE-2015-2890
The BIOS implementation on Dell Latitude, OptiPlex, Precision Mobile Workstation, and Precision Workstation Client Solutions (CS) devices with model-dependent firmware before A21 does not enforce a BIOS_CNTL locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging console access, a similar issue to CVE-2015-3692.
Exploit prediction scoring system (EPSS) score for CVE-2015-2890
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ % EPSS Score History EPSS FAQ
CVSS scores for CVE-2015-2890
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
|
6.0
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H |
0.8
|
5.2
|
NIST |
References for CVE-2015-2890
-
http://www.kb.cert.org/vuls/id/BLUU-9XXQ9L
VU#577140 - BIOS implementations fail to properly set UEFI write protections after waking from sleep modeThird Party Advisory;US Government Resource
-
http://www.kb.cert.org/vuls/id/577140
VU#577140 - BIOS implementations fail to properly set UEFI write protections after waking from sleep modeThird Party Advisory;US Government Resource
Products affected by CVE-2015-2890
- cpe:2.3:o:dell:bios:*:*:*:*:*:*:*:*When used together with: Dell » Precision Mobile M4500When used together with: Dell » Precision Mobile M6600
- cpe:2.3:o:dell:bios:*:*:*:*:*:*:*:*When used together with: Dell » Latitude E4310When used together with: Dell » Latitude E5410When used together with: Dell » Latitude E5510When used together with: Dell » Latitude E6410 AtgWhen used together with: Dell » Latitude E6510When used together with: Dell » Precision Mobile M4600When used together with: Dell » Precision T1600
- cpe:2.3:o:dell:bios:*:*:*:*:*:*:*:*When used together with: Dell » Latitude E6220When used together with: Dell » Latitude Xt3
- cpe:2.3:o:dell:bios:*:*:*:*:*:*:*:*When used together with: Dell » Optiplex 390
- cpe:2.3:o:dell:bios:*:*:*:*:*:*:*:*When used together with: Dell » Precision T3600When used together with: Dell » Precision T5600When used together with: Dell » Precision T5600 Xl
- cpe:2.3:o:dell:bios:*:*:*:*:*:*:*:*When used together with: Dell » Latitude E6320When used together with: Dell » Latitude E6520
- cpe:2.3:o:dell:bios:*:*:*:*:*:*:*:*When used together with: Dell » Optiplex 790When used together with: Dell » Optiplex 990
- cpe:2.3:o:dell:bios:*:*:*:*:*:*:*:*When used together with: Dell » Latitude E6420 AtgWhen used together with: Dell » Latitude E6420 Xfr
- cpe:2.3:o:dell:bios:a13:*:*:*:*:*:*:*When used together with: Dell » Latitude E4310When used together with: Dell » Latitude E5420When used together with: Dell » Latitude E5520