DSA-2019-043: Dell Client Improper Access Control Vulnerability

DSA-2019-043: Dell Client Improper Access Control Vulnerability


DSA Identifier: DSA-2019-043

CVE Identifier: CVE-2019-3717

Severity: High

Severity Rating: CVSS Base Score: 7.1 (AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:H)

Affected products:

Dell Client Commercial and Consumer platforms.

Summary:

Select Dell Client Commercial and Consumer platforms require an update to address an improper access control vulnerability.

Details:

Select Dell Client Commercial and Consumer platforms contain an Improper Access Vulnerability. An unauthenticated attacker with physical access to the system could potentially bypass intended Secure Boot restrictions to run unsigned and untrusted code on expansion cards installed in the system during platform boot.

Resolution:

Refer to the table at the end of this document for Dell Client BIOS releases containing a resolution to the vulnerability.

Please visit the Drivers and Downloads site for updates on the applicable products. To learn more, visit the Dell Knowledge Base article Dell BIOS Updates, and download the update for your Dell computer.

Customers may use one of the Dell notification solutions to be notified and download driver, BIOS and firmware updates automatically once available.

Product

Update BIOS Version
(or greater)

ChengMing 3967

1.5.0

ChengMing 3977

1.6.0

ChengMing 3980

1.5.21

Dell G3 3579

1.9.0

Dell G3 3779

1.9.0

Dell G5 5587

1.10.0

Dell G5 5590

1.3.1

Dell G7 7588

1.10.0

Dell G7 7590

1.3.1

Dell G7 7790

1.3.1

Embedded Box PC 5000

1.5.6

Inspiron 11 2-in-1 (3153)

1.22.0

Inspiron 11 2-in-1 (3158)

1.22.0

Inspiron 13 2-in-1 (5368)

1.19.0

Inspiron 13 2-in-1 (5378)

1.27.0

Inspiron 13 2-in-1 (5379)

1.11.0

Inspiron 13 2-in-1 (7353)

1.22.0

Inspiron 13 2-in-1 (7359)

1.22.0

Inspiron 13 2-in-1 (7368)

1.19.0

Inspiron 13 2-in-1 (7373)

1.13.1

Inspiron 13 2-in-1 (7378)

1.27.0

Inspiron 13 7370

1.13.1

Inspiron 14 (3459)

1.9.0

Inspiron 14 (3467)

2.9.0

Inspiron 14 (3468)

1.12.0

Inspiron 14 (5468)

1.9.1

Inspiron 14 (7460)

1.10.0

Inspiron 14 Gaming (7466)

1.4.0

Inspiron 14 Gaming (7467)

1.9.0

Inspiron 14-3458

A18

Inspiron 15 (3559)

1.9.0

Inspiron 15 (3567)

2.9.0

Inspiron 15 (3568)

1.12.0

Inspiron 15 (5566)

1.9.1

Inspiron 15 (5567)

1.2.7

Inspiron 15 (7560)

1.10.0

Inspiron 15 2-in-1 (5568)

1.19.0

Inspiron 15 2-in-1 (5578)

1.27.0

Inspiron 15 2-in-1 (5579)

1.11.0

Inspiron 15 2-In-1 (7568)

1.22.0

Inspiron 15 2-in-1 (7569)

1.19.0

Inspiron 15 2-in-1 (7573)

1.13.1

Inspiron 15 2-in-1 (7579)

1.27.0

Inspiron 15 7570

1.13.1

Inspiron 15 Gaming (7566)

1.4.0

Inspiron 15 Gaming (7567)

1.9.0

Inspiron 15 Gaming (7577)

1.7.0

Inspiron 15-3558

A18

Inspiron 17 (5767)

1.2.7

Inspiron 17 2-in-1 (7773)

1.11.0

Inspiron 17 2-in-1 (7778)

1.19.0

Inspiron 17 2-in-1 (7779)

1.27.0

Inspiron 3268

1.11.1

Inspiron 3470

1.5.21

Inspiron 3476

1.7.0

Inspiron 3480

1.4.1

Inspiron 3481

1.2.0

Inspiron 3576

1.7.0

Inspiron 3580/Inspiron 3583

1.4.1

Inspiron 3581/Inspiron 3584

1.2.0

Inspiron 3668

1.11.1

Inspiron 3670

1.5.21

Inspiron 3780

1.4.1

Inspiron 3781

1.2.0

Inspiron 5370

1.11.1

Inspiron 5457

1.6.0

Inspiron 5458

A17

Inspiron 5459

1.7.0

Inspiron 5480

2.2.0

Inspiron 5481

2.2.0

Inspiron 5482

2.2.0

Inspiron 5557

1.6.0

Inspiron 5558

A17

Inspiron 5559

1.7.0

Inspiron 5570

1.2.1

Inspiron 5580

2.2.0

Inspiron 5582

2.2.0

Inspiron 5758

A17

Inspiron 5759

1.7.0

Inspiron 5770

1.2.1

Inspiron 7380

1.6.0

Inspiron 7386

1.4.0

Inspiron 7472

1.1.9

Inspiron 7572

1.1.9

Inspiron 7580

1.6.0

Inspiron 7586

1.4.0

Inspiron 7786

1.4.0

Latitude 3150

A10

Latitude 3160

A12

Latitude 3180

1.7.2

Latitude 3189

1.7.2

Latitude 3190

1.6.1

Latitude 3190 2-in-1

1.6.1

Latitude 3350

A15

Latitude 3379

1.0.25

Latitude 3380

1.9.0

Latitude 3390 2-in-1

1.8.4

Latitude 3450

A19

Latitude 3460

A15

Latitude 3460 Mobile Thin Client

A15

Latitude 3470

1.14.1

Latitude 3480

1.11.0

Latitude 3480 Mobile Thin Client

1.11.0

Latitude 3490

1.9.7

Latitude 3550

A19

Latitude 3560

A15

Latitude 3570

1.14.1

Latitude 3580

1.11.0

Latitude 3590

1.9.7

Latitude 5175

1.5.1

Latitude 5179

1.5.1

Latitude 5250

A21

Latitude 5280

1.14.2

Latitude 5280 Mobile Thin Client

1.14.2

Latitude 5285

1.5.2

Latitude 5288

1.14.2

Latitude 5289

1.17.1

Latitude 5290

1.8.3

Latitude 5290 2-in-1

1.7.3

Latitude 5414

1.23.0

Latitude 5420 Rugged

1.4.0

Latitude 5424 Rugged

1.4.0

Latitude 5450

A21

Latitude 5480

1.14.2

Latitude 5488

1.14.2

Latitude 5490

1.8.3

Latitude 5491

1.7.4

Latitude 5550

A21

Latitude 5580

1.14.2

Latitude 5590

1.8.3

Latitude 5591

1.7.4

Latitude 7202 Rugged Tablet

A23

Latitude 7212

1.25.0

Latitude 7214

1.23.0

Latitude 7250

A21

Latitude 7275

1.5.1

Latitude 7280

1.14.1

Latitude 7285

1.3.1

Latitude 7290

1.9.3

Latitude 7350

A18

Latitude 7370

1.17.4

Latitude 7380

1.14.1

Latitude 7389

1.17.1

Latitude 7390

1.9.3

Latitude 7390 2-in-1

1.8.3

Latitude 7414

1.23.0

Latitude 7424 Rugged Extreme

1.4.0

Latitude 7480

1.14.1

Latitude 7490

1.9.3

Latitude E5250

A21

Latitude E5270

1.20.4

Latitude E5450

A21

Latitude E5470

1.20.4

Latitude E5550

A21

Latitude E5570

1.20.4

Latitude E7250

A21

Latitude E7270

1.21.6

Latitude E7270 Mobile Thin Client

1.21.6

Latitude E7450

A21

Latitude E7470

1.21.6

OptiPlex 3040

1.10.1

OptiPlex 3046

1.7.0

OptiPlex 3050

1.11.1

OptiPlex 3050 AIO

1.12.1

OptiPlex 3060

1.3.4

OptiPlex 3240 AIO

1.7.0

OptiPlex 5040

1.13.0

OptiPlex 5050

1.11.1

OptiPlex 5060

1.3.4

OptiPlex 5250 AIO

1.12.1

OptiPlex 5260 AIO

1.6.4

OptiPlex 7040

1.14.0

OptiPlex 7050

1.11.1

OptiPlex 7060

1.3.4

OptiPlex 7440 AIO

1.10.0

OptiPlex 7450 AIO

1.12.1

OptiPlex 7460 AIO

1.6.4

OptiPlex 7760 AIO

1.6.4

OptiPlex XE3

1.3.4

Precision 3420 Tower

2.12.0

Precision 3430

1.3.4

Precision 3510

1.20.4

Precision 3520

1.14.2

Precision 3530

1.7.4

Precision 3620 Tower

2.12.0

Precision 3630 Tower

1.1.10

Precision 3930 Rack

1.1.9

Precision 5510

1.10.0

Precision 5520

1.14.2

Precision 5530

1.10.1

Precision 5530 2-in 1

1.4.8

Precision 5720 AIO

2.4.2

Precision 5820 Tower

1.10.4

Precision 7510

1.17.7

Precision 7520

1.14.1

Precision 7530

1.8.2

Precision 7710

1.17.7

Precision 7720

1.14.1

Precision 7730

1.8.2

Precision 7820 Tower

1.10.3

Precision 7920 Tower

1.10.3

Precision Workstation T5810

A30

Precision Workstation T7810

A30

Precision Workstation T7910

A30

Venue 11 Pro (7140)

A18

Vostro 14 (3468)

3.3.0

Vostro 14 (5468)

1.10.0

Vostro 15 (3568)

3.3.0

Vostro 15 (5568)

1.10.0

Vostro 15 (7570)

1.7.0

Vostro 15 7580

1.10.0

Vostro 3070

1.5.21

Vostro 3267

1.11.1

Vostro 3268

1.11.1

Vostro 3458

A15

Vostro 3459

1.6.0

Vostro 3470

1.5.21

Vostro 3478

1.7.0

Vostro 3480

1.4.1

Vostro 3481

1.2.0

Vostro 3558

A15

Vostro 3559

1.6.0

Vostro 3578

1.7.0

Vostro 3580

1.4.1

Vostro 3581/Vostro 3584

1.2.0

Vostro 3583

1.4.1

Vostro 3660

1.11.1

Vostro 3667

1.11.1

Vostro 3668

1.11.1

Vostro 3669

1.11.1

Vostro 3670

1.5.21

Vostro 5370

1.11.1

Vostro 5471

1.11.1

Vostro 5481

2.2.0

Vostro 5581

2.2.0

Wyse 5070 Thin Client

1.1.4

Wyse 7040

1.5.9

XPS 12 (9250)

1.5.1

XPS 13 (9343)

A19

XPS 13 (9350)

1.10.1

XPS 13 (9360)

2.11.0

XPS 13 (9370)

1.9.0

XPS 13 (9380)

1.3.2

XPS 15 (9550)

1.10.0

XPS 15 (9560)

1.14.2

XPS 15 9570

1.9.1

XPS 7760 All in One

2.4.2

XPS 8900

2.5.0

XPS 15 (9575)

1.4.0

Severity Rating:

For an explanation of Severity Ratings, refer to Dell Vulnerability Response Policy. Dell EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.

Legal Information:

Dell recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. Dell disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall Dell or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Dell or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.





Article ID: SLN317683

Last Date Modified: 07/18/2019 08:46 AM


Rate this article

Accurate
Useful
Easy to understand
Was this article helpful?
Yes No
Send us feedback
Comments cannot contain these special characters: <>()\
Sorry, our feedback system is currently down. Please try again later.

Thank you for your feedback.