Search criteria
3 vulnerabilities found for latitude_5289_2-in-1_firmware by dell
FKIE_CVE-2021-21522
Vulnerability from fkie_nvd - Published: 2021-09-28 20:15 - Updated: 2024-11-21 05:48
Severity ?
8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Dell BIOS contains a Credentials Management issue. A local authenticated malicious user may potentially exploit this vulnerability to gain access to sensitive information on an NVMe storage by resetting the BIOS password on the system via the Manageability Interface.
References
| URL | Tags | ||
|---|---|---|---|
| security_alert@emc.com | https://www.dell.com/support/kbdoc/000191495 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dell.com/support/kbdoc/000191495 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:latitude_5285_2-in-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "686A4B01-36E4-47F6-9071-C0B80B2FC8FB",
"versionEndExcluding": "1.13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:latitude_5285_2-in-1:*:*:*:*:*:*:*:*",
"matchCriteriaId": "97FC59FC-A909-4C92-8C50-4AA00A909507",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:latitude_5289_2-in-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1E1EEC-EFC3-4898-8D3E-B144C1E66D5D",
"versionEndExcluding": "1.23.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:latitude_5289_2-in-1:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE0F2BAA-BCBD-4DA0-A68C-5E3F30B7A271",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:latitude_5310_2-in-1_firmware:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4B3950E-9847-40E7-BED4-E0FA2094232B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:latitude_5310_2-in-1:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5EA2D37-C540-4707-A1F0-6CAB51C6E276",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:latitude_5290_2-in-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A79606E0-2F13-43A1-A963-3BEDAA23AAEE",
"versionEndExcluding": "1.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:latitude_5290_2-in-1:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62AA0342-2273-49F4-95F2-5F28F628761B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:latitude_7210_2-in-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEEA091-4CFA-4E98-88A9-2A4090572EEF",
"versionEndExcluding": "1.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:latitude_7210_2-in-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E37D006F-587F-4D6C-B382-1552C15FF360",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:latitude_7212_rugged_extreme_tablet_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "438527CB-7BD2-486A-AF38-78E34D11258C",
"versionEndExcluding": "1.33.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dell:latitude_7212_rugged_extreme_tablet_firmware:1.33.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE337A91-47C1-4316-8E7C-D443CDCBFE87",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:latitude_7212_rugged_extreme_tablet:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D63A20A1-663E-4DF6-AEEF-CCD48418B4F2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:latitude_7280_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BC8923D-C494-44F5-98DD-EE926ED741B9",
"versionEndExcluding": "1.21.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dell:latitude_7280_firmware:1.21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0FEE41B2-0B67-4DEA-8445-BDDB786EB73E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:latitude_7280:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5D3133-9388-49CF-A85D-2247A4DD9C4C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:latitude_7290_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62F52B6E-7791-41D1-A2F3-9EF0B8E8FF4E",
"versionEndExcluding": "1.20.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dell:latitude_7290_firmware:1.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA86A522-E1A1-47B7-9AAC-DA1C5AE62A83",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:latitude_7290:-:*:*:*:*:*:*:*",
"matchCriteriaId": "359A2878-C996-4FD2-9AB6-B33531E2F630",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:latitude_7285_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6790E2D8-4D94-4DC3-9D86-69BE4F2F8CF6",
"versionEndExcluding": "1.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dell:latitude_7285_firmware:1.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A30BBC4D-3547-4A09-AFAF-3151E8E54E55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:latitude_7285:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5F15F433-B614-402F-90AC-805AFA0FA340",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:latitude_7370_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4975A36F-4855-4F5C-B7EC-305590AFE6BD",
"versionEndExcluding": "1.24.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dell:latitude_7370_firmware:1.24.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FD7425DC-A4E9-47E8-90BC-C7840E2B90B7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:latitude_7370:-:*:*:*:*:*:*:*",
"matchCriteriaId": "82234546-AF33-45FC-BF50-2AA8FD38A5A1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:latitude_7310_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5F63B7A-B704-4800-8983-52FABE96FD5F",
"versionEndExcluding": "1.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:latitude_7310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FFEDD8F7-2EF0-4A6F-9F51-60100D317BF8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:latitude_7380_firmware:1.21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F03B20F-1719-4CDE-8EBA-4CBE13669720",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:latitude_7380:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1786B67-E621-4B2B-848A-B0F442719E94",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:latitude_7389_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "310B2EF0-4822-4D6E-93AE-1167B4B32E51",
"versionEndExcluding": "1.23.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:latitude_7389:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0952C9F6-0AB7-4DEA-B6AA-76159A2F7C42",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:latitude_7390_firmware:1.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "122F6BAE-0EDE-49EA-ABED-AFA0B2783D69",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:latitude_7390:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D8C3716-4E1C-4D32-BC94-81D7FB838FFC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:latitude_7410_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "489006EE-91B1-4A29-82FC-71F948C8F4D5",
"versionEndExcluding": "1.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:latitude_7410:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3B023F-99A9-49EF-90F9-13D83CA69293",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:latitude_7390_2-in-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0A80B44-3BD5-466C-A6C1-333E61E0D9B4",
"versionEndExcluding": "1.19.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:latitude_7390_2-in-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C127AF83-FC01-4774-9ADC-7DFA02C8237B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:latitude_7420_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45F41BDC-91C7-4E76-B3D4-9EDAA6B6A5DB",
"versionEndExcluding": "1.7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:latitude_7420:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7B9C08D4-AA20-4EB9-8FDF-615E60BA3B88",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:latitude_7480_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2AC7636-8A86-49BD-837D-EB8363F7B551",
"versionEndExcluding": "1.21.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:latitude_7480:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA90466D-6AE9-4030-ACFF-033E75A39CBD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:latitude_7490_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82AE84E5-D854-4222-B54C-EDE3F09465F6",
"versionEndExcluding": "1.20.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:latitude_7490:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26AD9A87-7D62-4566-A1B8-E843176E2E38",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:latitude_9410_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C74D109A-2D68-4AA4-868F-A97D5B02F719",
"versionEndExcluding": "1.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:latitude_9410:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE3F01FD-FC66-4DA7-A041-976B0AFA370A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:latitude_9510_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "97BB1F59-A83F-49D5-8B33-7D14B1CAF49A",
"versionEndExcluding": "1.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:latitude_9510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A3C6284-3A69-4388-842C-6AC3CD3A7706",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:precision_3640_tower_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E072F027-08F7-42CA-AA54-F354CF66D09B",
"versionEndExcluding": "1.6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:precision_3640_tower:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02ABB4CF-0B99-4348-82C9-328B1E7506E8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:precision_5520_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05BF69BB-400F-4CD7-B81B-2364CF184B7F",
"versionEndExcluding": "1.23.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:precision_5520:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CBBFE522-7630-4BED-9B2C-2AC12CA693DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:precision_5510_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C14A0E0-ACF0-487A-8253-1A848CF7171B",
"versionEndExcluding": "1.17.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:precision_5510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE40F051-53DE-451C-ABFC-2695771A96DF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:precision_5530_2-in-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B26CFEE6-91EF-4267-8692-7767ADAE2BCC",
"versionEndExcluding": "1.14.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:precision_5530_2-in-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "30622F6E-2F6D-482B-AA1E-65DA4A4B1679",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:xps_13_9360_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "717140CF-2F38-440B-A855-74E4CA3EE827",
"versionEndExcluding": "2.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:xps_13_9360:-:*:*:*:*:*:*:*",
"matchCriteriaId": "573AF858-3312-4470-AC6B-72E466C93859",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:xps_13_9370_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E61E1FC-4E3F-44D7-AB2C-29F70E724639",
"versionEndExcluding": "1.15.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:xps_13_9370:-:*:*:*:*:*:*:*",
"matchCriteriaId": "353FAC21-3AC5-4563-BEE7-7C5DCB1C7C76",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:xps_15_9575_2-in-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69AFDBB7-EE07-4D89-8FB8-E1A939DC88D6",
"versionEndExcluding": "1.16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:xps_15_9575_2-in-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "129C0F2A-F75C-4C60-9A6C-63B96AF08CDD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell BIOS contains a Credentials Management issue. A local authenticated malicious user may potentially exploit this vulnerability to gain access to sensitive information on an NVMe storage by resetting the BIOS password on the system via the Manageability Interface."
},
{
"lang": "es",
"value": "Dell BIOS contiene un problema de Administraci\u00f3n de Credenciales. Un usuario malicioso autenticado localmente puede explotar potencialmente esta vulnerabilidad para conseguir acceso a informaci\u00f3n confidencial en un almacenamiento NVMe al restablecer la contrase\u00f1a del BIOS en el sistema por medio de la interfaz de administraci\u00f3n"
}
],
"id": "CVE-2021-21522",
"lastModified": "2024-11-21T05:48:31.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-28T20:15:07.397",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/000191495"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/000191495"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-21522 (GCVE-0-2021-21522)
Vulnerability from cvelistv5 – Published: 2021-09-28 19:20 – Updated: 2024-09-17 03:23
VLAI?
Summary
Dell BIOS contains a Credentials Management issue. A local authenticated malicious user may potentially exploit this vulnerability to gain access to sensitive information on an NVMe storage by resetting the BIOS password on the system via the Manageability Interface.
Severity ?
8.2 (High)
CWE
- CWE-255 - Credentials Management
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:16:23.008Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/000191495"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.13.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell BIOS contains a Credentials Management issue. A local authenticated malicious user may potentially exploit this vulnerability to gain access to sensitive information on an NVMe storage by resetting the BIOS password on the system via the Manageability Interface."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-255",
"description": "CWE-255: Credentials Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-28T19:20:18",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/000191495"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2021-09-16",
"ID": "CVE-2021-21522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CPG BIOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.13.0"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell BIOS contains a Credentials Management issue. A local authenticated malicious user may potentially exploit this vulnerability to gain access to sensitive information on an NVMe storage by resetting the BIOS password on the system via the Manageability Interface."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.2,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-255: Credentials Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/000191495",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/000191495"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2021-21522",
"datePublished": "2021-09-28T19:20:18.180798Z",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-09-17T03:23:12.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21522 (GCVE-0-2021-21522)
Vulnerability from nvd – Published: 2021-09-28 19:20 – Updated: 2024-09-17 03:23
VLAI?
Summary
Dell BIOS contains a Credentials Management issue. A local authenticated malicious user may potentially exploit this vulnerability to gain access to sensitive information on an NVMe storage by resetting the BIOS password on the system via the Manageability Interface.
Severity ?
8.2 (High)
CWE
- CWE-255 - Credentials Management
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:16:23.008Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/000191495"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.13.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell BIOS contains a Credentials Management issue. A local authenticated malicious user may potentially exploit this vulnerability to gain access to sensitive information on an NVMe storage by resetting the BIOS password on the system via the Manageability Interface."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-255",
"description": "CWE-255: Credentials Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-28T19:20:18",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/000191495"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2021-09-16",
"ID": "CVE-2021-21522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CPG BIOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.13.0"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell BIOS contains a Credentials Management issue. A local authenticated malicious user may potentially exploit this vulnerability to gain access to sensitive information on an NVMe storage by resetting the BIOS password on the system via the Manageability Interface."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.2,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-255: Credentials Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/000191495",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/000191495"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2021-21522",
"datePublished": "2021-09-28T19:20:18.180798Z",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-09-17T03:23:12.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}