CVE-2021-21522: Dell BIOS contains a Credentials Management issue. A local authenticated malicious user may potentially exploit this vulnerability to gain access to sensitive…

medium4.4CVSS 3.1

AVLACLPRHUINSUCHINAN

Dell BIOS contains a Credentials Management issue. A local authenticated malicious user may potentially exploit this vulnerability to gain access to sensitive information on an NVMe storage by resetting the BIOS password on the system via the Manageability Interface.

Affected

34 ranges· showing 25

Vendor	Product	Version range	Fixed in
dell	cpg_bios	>= unspecified < 1.13.0	1.13.0
dell	latitude_5285_2-in-1_firmware	< 1.13.0	1.13.0
dell	latitude_5289_2-in-1_firmware	< 1.23.1	1.23.1
dell	latitude_5290_2-in-1_firmware	< 1.16.0	1.16.0
dell	latitude_5310_2-in-1_firmware	—	—
dell	latitude_7210_2-in-1_firmware	< 1.7.0	1.7.0
dell	latitude_7212_rugged_extreme_tablet_firmware	< 1.33.0	1.33.0
dell	latitude_7212_rugged_extreme_tablet_firmware	—	—
dell	latitude_7280_firmware	< 1.21.1	1.21.1
dell	latitude_7280_firmware	—	—
dell	latitude_7285_firmware	< 1.11.0	1.11.0
dell	latitude_7285_firmware	—	—
dell	latitude_7290_firmware	< 1.20.0	1.20.0
dell	latitude_7290_firmware	—	—
dell	latitude_7310_firmware	< 1.7.0	1.7.0
dell	latitude_7370_firmware	< 1.24.3	1.24.3
dell	latitude_7370_firmware	—	—
dell	latitude_7380_firmware	—	—
dell	latitude_7389_firmware	< 1.23.1	1.23.1
dell	latitude_7390_2-in-1_firmware	< 1.19.0	1.19.0
dell	latitude_7390_firmware	—	—
dell	latitude_7410_firmware	< 1.7.0	1.7.0
dell	latitude_7420_firmware	< 1.7.1	1.7.1
dell	latitude_7480_firmware	< 1.21.1	1.21.1
dell	latitude_7490_firmware	< 1.20.1	1.20.1