CVE-2021-36283 | Severity.io

Description

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Related CPE's

chengming_3990_firmware

Vulnerable

chengming_3991_firmware

Vulnerable

g3_15_3500_firmware

Vulnerable

g3_15_3590_firmware

Vulnerable

g3_15_5500_firmware

Vulnerable

inspiron_3493_firmware

Vulnerable

inspiron_3501_firmware

Vulnerable

inspiron_3593_firmware

Vulnerable

inspiron_3793_firmware

Vulnerable

inspiron_3880_firmware

Vulnerable

inspiron_3881_firmware

Vulnerable

inspiron_5400_2-in-1_firmware

Vulnerable

inspiron_5400_2-in-1

inspiron_5490_firmware

Vulnerable

inspiron_5493_firmware

Vulnerable

inspiron_5498_firmware

Vulnerable

inspiron_5590_firmware

Vulnerable

inspiron_5593_firmware

Vulnerable

inspiron_5598_firmware

Vulnerable

inspiron_7391_2-in-1_firmware

Vulnerable

inspiron_7391_2-in-1

inspiron_7500_firmware

Vulnerable

inspiron_7500_2-in-1_silver_firmware

Vulnerable

inspiron_7500_2-in-1_silver

inspiron_7501_firmware

Vulnerable

inspiron_7590_firmware

Vulnerable

inspiron_7591_firmware

Vulnerable

latitude_3310_firmware

Vulnerable

latitude_3310_2-in-1_firmware

Vulnerable

latitude_3310_2-in-1

latitude_5300_firmware

Vulnerable

latitude_5300_2-in-1_firmware

Vulnerable

latitude_5300_2-in-1

latitude_5310_firmware

Vulnerable

latitude_5310_2_in_1_firmware

Vulnerable

latitude_5310_2_in_1

latitude_5400_firmware

Vulnerable

latitude_5401_firmware

Vulnerable

latitude_5410_firmware

Vulnerable

latitude_5411_firmware

Vulnerable

latitude_5500_firmware

Vulnerable

latitude_5511_firmware

Vulnerable

latitude_7200_2_in_1_firmware

Vulnerable

latitude_7200_2_in_1

latitude_7210_2_in_1_firmware

Vulnerable

latitude_7210_2_in_1

latitude_7220ex_rugged_extreme_tablet_firmware

Vulnerable

latitude_7220ex_rugged_extreme_tablet

latitude_7300_firmware

Vulnerable

latitude_7310_firmware

Vulnerable

latitude_7400_firmware

Vulnerable

latitude_7400_2-in-1_firmware

Vulnerable

latitude_7400_2-in-1

latitude_7410_firmware

Vulnerable

latitude_9410_firmware

Vulnerable

latitude_9510_firmware

Vulnerable

optiplex_3080_firmware

Vulnerable

optiplex_3280_aio_firmware

Vulnerable

optiplex_3280_aio

optiplex_5080_firmware

Vulnerable

optiplex_5480_aio_firmware

Vulnerable

optiplex_5480_aio

optiplex_7080_firmware

Vulnerable

optiplex_7480_aio_firmware

Vulnerable

optiplex_7480_aio

optiplex_7780_aio_firmware

Vulnerable

optiplex_7780_aio

precision_3440_firmware

Vulnerable

precision_3540_firmware

Vulnerable

precision_3541_firmware

Vulnerable

precision_3550_firmware

Vulnerable

precision_3551_firmware

Vulnerable

precision_3640_tower_firmware

Vulnerable

precision_3640_tower

precision_5540_firmware

Vulnerable

precision_5550_firmware

Vulnerable

precision_5750_firmware

Vulnerable

precision_7540_firmware

Vulnerable

precision_7550_firmware

Vulnerable

precision_7740_firmware

Vulnerable

precision_7750_firmware

Vulnerable

vostro_3401_firmware

Vulnerable

vostro_3491_firmware

Vulnerable

vostro_3501_firmware

Vulnerable

vostro_3591_firmware

Vulnerable

vostro_3681_firmware

Vulnerable

vostro_3881_firmware

Vulnerable

vostro_3888_firmware

Vulnerable

vostro_5490_firmware

Vulnerable

vostro_5590_firmware

Vulnerable

vostro_7500_firmware

Vulnerable

vostro_7590_firmware

Vulnerable

wyse_5470_firmware

Vulnerable

xps_13_9300_firmware

Vulnerable

xps_13_9380_firmware

Vulnerable

xps_17_9700_firmware

Vulnerable

xps_7380_firmware

Vulnerable

xps_7590_firmware

Vulnerable

xps_7390_2-in-1_firmware

Vulnerable

xps_7390_2-in-1

xps_9500_firmware

Vulnerable

References

https://www.dell.com/support/kbdoc/000191495/

PatchVendor Advisory

https://www.dell.com/support/kbdoc/000191495/

PatchVendor Advisory

Weaknesses

[email protected]

Secondary

CWE-20

CVSS impact metrics

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

7.5 · High

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-09-28T18:15:07.567Z

4 years ago

Last modified

2024-11-21T05:13:25.267Z

1 year ago