Configuration

CVE-2019-18579

Medium

6.8/10

Summary

Settings for the Dell XPS 13 2-in-1 (7390) BIOS versions prior to 1.1.3 contain a configuration vulnerability. The BIOS configuration for the "Enable Thunderbolt (and PCIe behind TBT) pre-boot modules" setting is enabled by default. A local unauthenticated attacker with physical access to a user's system can obtain read or write access to main memory via a DMA attack during platform boot.

Attack Complexity: LOW
Attack Vector: PHYSICAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-16 - Configuration

Weaknesses in this category are typically introduced during the configuration of the software.

References

Advisory Timeline

Published Dec 16, 2019

Configuration

CVE-2019-18579

Summary

CWE-16 - Configuration

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS