Cybersecurity investigators have identified several security vulnerabilities in Dell’s ControlVault3 firmware and its related Windows APIs that could potentially be exploited by malicious actors to circumvent Windows authentication, extract cryptographic keys, and retain access even after a new operating system installation by introducing undetectable malicious implants into the firmware.
The weaknesses have been assigned codenames.