Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-21522

Dell BIOS contains a Credentials Management issue. A local authenticated malicious user may potentially exploit this vulnerability to gain access to sensitive information on an NVMe storage by resetting the BIOS password on the system via the Manageability Interface.

Published

2021-09-28T20:15:07.397

Last Modified

2024-11-21T05:48:31.210

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.2 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-255
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	dell	latitude_5285_2-in-1_firmware	< 1.13.0	Yes
Hardware	dell	latitude_5285_2-in-1	*	No
Operating System	dell	latitude_5289_2-in-1_firmware	< 1.23.1	Yes
Hardware	dell	latitude_5289_2-in-1	*	No
Operating System	dell	latitude_5310_2-in-1_firmware	1.7.0	Yes
Hardware	dell	latitude_5310_2-in-1	*	No
Operating System	dell	latitude_5290_2-in-1_firmware	< 1.16.0	Yes
Hardware	dell	latitude_5290_2-in-1	*	No
Operating System	dell	latitude_7210_2-in-1_firmware	< 1.7.0	Yes
Hardware	dell	latitude_7210_2-in-1	-	No
Operating System	dell	latitude_7212_rugged_extreme_tablet_firmware	< 1.33.0	Yes
Operating System	dell	latitude_7212_rugged_extreme_tablet_firmware	1.33.0	Yes
Hardware	dell	latitude_7212_rugged_extreme_tablet	-	No
Operating System	dell	latitude_7280_firmware	< 1.21.1	Yes
Operating System	dell	latitude_7280_firmware	1.21.1	Yes
Hardware	dell	latitude_7280	-	No
Operating System	dell	latitude_7290_firmware	< 1.20.0	Yes
Operating System	dell	latitude_7290_firmware	1.20.0	Yes
Hardware	dell	latitude_7290	-	No
Operating System	dell	latitude_7285_firmware	< 1.11.0	Yes
Operating System	dell	latitude_7285_firmware	1.11.0	Yes
Hardware	dell	latitude_7285	-	No
Operating System	dell	latitude_7370_firmware	< 1.24.3	Yes
Operating System	dell	latitude_7370_firmware	1.24.3	Yes
Hardware	dell	latitude_7370	-	No
Operating System	dell	latitude_7310_firmware	< 1.7.0	Yes
Hardware	dell	latitude_7310	-	No
Operating System	dell	latitude_7380_firmware	1.21.1	Yes
Hardware	dell	latitude_7380	-	No
Operating System	dell	latitude_7389_firmware	< 1.23.1	Yes
Hardware	dell	latitude_7389	-	No
Operating System	dell	latitude_7390_firmware	1.20.0	Yes
Hardware	dell	latitude_7390	-	No
Operating System	dell	latitude_7410_firmware	< 1.7.0	Yes
Hardware	dell	latitude_7410	-	No
Operating System	dell	latitude_7390_2-in-1_firmware	< 1.19.0	Yes
Hardware	dell	latitude_7390_2-in-1	-	No
Operating System	dell	latitude_7420_firmware	< 1.7.1	Yes
Hardware	dell	latitude_7420	-	No
Operating System	dell	latitude_7480_firmware	< 1.21.1	Yes
Hardware	dell	latitude_7480	-	No
Operating System	dell	latitude_7490_firmware	< 1.20.1	Yes
Hardware	dell	latitude_7490	-	No
Operating System	dell	latitude_9410_firmware	< 1.7.0	Yes
Hardware	dell	latitude_9410	-	No
Operating System	dell	latitude_9510_firmware	< 1.6.0	Yes
Hardware	dell	latitude_9510	-	No
Operating System	dell	precision_3640_tower_firmware	< 1.6.2	Yes
Hardware	dell	precision_3640_tower	-	No
Operating System	dell	precision_5520_firmware	< 1.23.1	Yes
Hardware	dell	precision_5520	-	No
Operating System	dell	precision_5510_firmware	< 1.17.0	Yes
Hardware	dell	precision_5510	-	No
Operating System	dell	precision_5530_2-in-1_firmware	< 1.14.10	Yes
Hardware	dell	precision_5530_2-in-1	-	No
Operating System	dell	xps_13_9360_firmware	< 2.16.0	Yes
Hardware	dell	xps_13_9360	-	No
Operating System	dell	xps_13_9370_firmware	< 1.15.0	Yes
Hardware	dell	xps_13_9370	-	No
Operating System	dell	xps_15_9575_2-in-1_firmware	< 1.16.2	Yes
Hardware	dell	xps_15_9575_2-in-1	-	No

References

https://www.dell.com/support/kbdoc/000191495 Vendor Advisory ([email protected])
https://www.dell.com/support/kbdoc/000191495 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)