CVE-2021-36285
published 2021-09-28CVE-2021-36285: Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this…
medium4.4CVSS 3.1
AVLACLPRHUINSUCHINAN
Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive NVMe password attempt mitigations in order to carry out a brute force attack.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dell | cpg_bios | >= unspecified < 1.7.0 | 1.7.0 |
| dell | latitude_5310_2-in-1_firmware | < 1.7.0 | 1.7.0 |
| dell | latitude_5320_firmware | < 1.7.0 | 1.7.0 |
| dell | latitude_5400_firmware | < 1.7.1 | 1.7.1 |
| dell | latitude_5411_firmware | < 1.6.0 | 1.6.0 |
| dell | latitude_5500_firmware | < 1.8.0 | 1.8.0 |
| dell | latitude_5511_firmware | < 1.7.1 | 1.7.1 |
| dell | latitude_5520_firmware | < 1.6.0 | 1.6.0 |
| dell | latitude_7212_rugged_extreme_tablet_firmware | < 1.7.0 | 1.7.0 |
| dell | latitude_7280_firmware | < 1.9.1 | 1.9.1 |
| dell | latitude_7320_firmware | < 1.7.0 | 1.7.0 |
| dell | latitude_7370_firmware | < 1.7.1 | 1.7.1 |
| dell | latitude_7420_firmware | < 1.7.0 | 1.7.0 |
| dell | latitude_7480_firmware | < 1.7.1 | 1.7.1 |
| dell | latitude_9410_firmware | < 1.7.1 | 1.7.1 |
| dell | latitude_9510_firmware | < 1.7.0 | 1.7.0 |
| dell | latitude_9520_firmware | < 1.6.0 | 1.6.0 |
| dell | optiplex_3080_firmware | < 1.5.2 | 1.5.2 |
| dell | optiplex_3280_aio_firmware | < 1.2.0 | 1.2.0 |
| dell | optiplex_7480_aio_firmware | < 1.2.0 | 1.2.0 |
| dell | precision_3551_ffirmware | < 1.6.2 | 1.6.2 |
| dell | precision_3640_tower_firmware | < 1.7.1 | 1.7.1 |