3

Several known vulnerabilities affect BIOS (Reference URLs below). So my question is, are the Vulnerability Management tools (such as Nessus, NeXpose, Qualys, etc) technically capable of highlighting BIOS and driver-level vulnerabilities? Is this something that can be detected for example via an authenticated Windows scan?

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3582 http://www.darkreading.com/vulnerability/bios-bummer-new-malware-can-bypass-bios/240155473 http://searchcloudsecurity.techtarget.com/definition/BIOS-rootkit-attack

lisa17
  • 1,958
  • 7
  • 21
  • 43

2 Answers2

3

Nessus does not have a plugin for that CVE. You can check this using the Nessus plugin search. I don't know about the other tools.

In theory it is possible to detect these issues on an authenticated scan, as you can do a WMI query for the BIOS version. It may turn out that there are particular difficulties that prevent this; perhaps the BIOS version doesn't update when you apply the new firmware. Or it may just be that Tenable haven't yet developed such a plugin.

Nessus does have checks for some driver vulnerabilities (e.g. Nvidia flaw) They are generally local checks only, although a few remote ones exist (Etherleak is one that springs to mind).

paj28
  • 32,736
  • 8
  • 92
  • 130
0

You could write a Python program that invokes Intel CHIPSEC module, and generate SCAP output, instead of the normal non-SCAP output that CHIPSEC uses. But, SCAP has no OVAL definitions for BIOS/UEFI/firmware, so any BIOS results will likely only be found via full-text-search, until OVAL problem is fixed. HTH, Lee. http://firmwaresecurity.com/feed

Lee Fisher
  • 114
  • 2