CVE-2021-21522

CWE-255 CWE-522 — Insufficiently Protected Credentials3 documents3 sources

Severity

4.4MEDIUM

EPSS

0.0%

top 86.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell CPG Bios Dell Latitude 5285 2-in-1 Firmware Dell Latitude 5289 2-in-1 Firmware +26 more

Timeline

PublishedSep 28

Latest updateMay 24

Description

Dell BIOS contains a Credentials Management issue. A local authenticated malicious user may potentially exploit this vulnerability to gain access to sensitive information on an NVMe storage by resetting the BIOS password on the system via the Manageability Interface.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 1.5 | Impact: 6.0

Affected Packages29 packages

▶CVEListV5dell/cpg_biosunspecified — 1.13.0

▶NVDdell/xps_13_9360_firmware< 2.16.0

▶NVDdell/xps_13_9370_firmware< 1.15.0

▶NVDdell/latitude_7280_firmware< 1.21.1+1

▶NVDdell/latitude_7285_firmware< 1.11.0+1

🔴Vulnerability Details

GHSA

GHSA-pg87-v27x-wx62: Dell BIOS contains a Credentials Management issue↗2022-05-24

▶

CVEList

CVE-2021-21522: Dell BIOS contains a Credentials Management issue↗2021-09-28

▶