CVE-2021-36284

CWE-3073 documents3 sources

Severity

4.4MEDIUM

EPSS

0.0%

top 85.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell CPG Bios Dell Latitude 5310 2-in-1 Firmware Dell Latitude 5320 Firmware +19 more

Timeline

PublishedSep 28

Latest updateMay 24

Description

Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive admin password attempt mitigations in order to carry out a brute force attack.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:LExploitability: 1.5 | Impact: 3.7

Affected Packages22 packages

▶CVEListV5dell/cpg_biosunspecified — 1.7.0

▶NVDdell/latitude_5320_firmware< 1.7.0

▶NVDdell/latitude_5400_firmware< 1.7.1

▶NVDdell/latitude_5411_firmware< 1.6.0

▶NVDdell/latitude_5500_firmware< 1.8.0

🔴Vulnerability Details

GHSA

GHSA-pw9c-57vv-q8c2: Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability↗2022-05-24

▶

CVEList

CVE-2021-36284: Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability↗2021-09-28

▶