Dell SupportAssist is vulnerable to a denial of service, caused by an improper certificate validation vulnerability in the UEFI BIOS HTTPS stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature. By using man-in-the-middle attack techniques, an attacker could exploit this vulnerability to tamper with the payload and cause a denial of service.
Dell SupportAssist is vulnerable to a buffer overflow, caused by improper bounds checking by the BIOSConnect feature. By sending an overly long argument, a locally authenticated attacker from within the local network could overflow a buffer and execute arbitrary code on the system, and bypass UEFI restrictions.
Refer to Dell DSA Identifier: DSA-2021-106 for the patch, upgrade, or suggested workaround information. https://www.dell.com/support/kbdoc/en-pk/000188682/dsa-2021-106-dell-client-platform-security-update-for-multiple-vulnerabilities-in-the-supportassist-biosconnect-feature-and-https-boot-feature