CVE-2021-21522

moderate-risk

Published 2021-09-28

Dell BIOS contains a Credentials Management issue. A local authenticated malicious user may potentially exploit this vulnerability to gain access to sensitive information on an NVMe storage by resetting the BIOS password on the system via the Manageability Interface.

Do I need to act?

0.04% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.2/10 High

LOCAL / LOW complexity

Affected Products (20)

Latitude 5285 2-In-1 Firmware

Latitude 5289 2-In-1 Firmware

Latitude 5310 2-In-1 Firmware

Latitude 5290 2-In-1 Firmware

Latitude 7210 2-In-1 Firmware

Latitude 7212 Rugged Extreme Tablet Firmware

Latitude 7280 Firmware

Latitude 7290 Firmware

Latitude 7285 Firmware

Latitude 7370 Firmware

Latitude 7310 Firmware

Latitude 7380 Firmware

Latitude 7389 Firmware

Latitude 7390 Firmware

Latitude 7410 Firmware

Affected Vendors

Dell

References (2)

Vendor Advisory https://www.dell.com/support/kbdoc/000191495

/ 100

moderate-risk

Severity 25/34 · High

Exploitability 0/34 · Minimal

Exposure 23/34 · High