CVE-2021-21522

Description

Dell BIOS contains a Credentials Management issue. A local authenticated malicious user may potentially exploit this vulnerability to gain access to sensitive information on an NVMe storage by resetting the BIOS password on the system via the Manageability Interface.

Related CPE's

odelllatitude_5285_2-in-1_firmware********

hdelllatitude_5285_2-in-1********

odelllatitude_5289_2-in-1_firmware********

hdelllatitude_5289_2-in-1********

odelllatitude_5310_2-in-1_firmware1.7.0*******

hdelllatitude_5310_2-in-1********

odelllatitude_5290_2-in-1_firmware********

hdelllatitude_5290_2-in-1********

odelllatitude_7210_2-in-1_firmware********

hdelllatitude_7210_2-in-1-*******

References

https://www.dell.com/support/kbdoc/000191495

Vendor Advisory

CvssV3 impact

BaseSeverity

MEDIUM

ConfidentialityImpact

HIGH

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

LOCAL

AvailabilityImpact

NONE

IntegrityImpact

NONE

PrivilegesRequired

HIGH

BaseScore

4.4

VectorString

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Version

3.1

UserInteraction

NONE

CvssV2 impact

AccessComplexity

LOW

ConfidentialityImpact

PARTIAL

AvailabilityImpact

NONE

IntegrityImpact

NONE

BaseScore

2.1

VectorString

AV:L/AC:L/Au:N/C:P/I:N/A:N

Version

2.0

AccessVector

LOCAL

Authentication

NONE

Created by Yello
About Severity.io