CVE-2021-36325
high-risk
Published 2021-11-12
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
Do I need to act?
-
0.04% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
LOCAL
/ HIGH complexity
Affected Products (20)
G7 7588 Firmware
G7 7590 Firmware
G7 7790 Firmware
Inspiron 13 5378 Firmware
Inspiron 13 5379 Firmware
Inspiron 14 3467 Firmware
Inspiron 14 5468 Firmware
Inspiron 15 3567 Firmware
Inspiron 15 5566 Firmware
Inspiron 15 5578 Firmware
Inspiron 15 5579 Firmware
Inspiron 15 5582 Firmware
Inspiron 15 7570 Firmware
Inspiron 15 7572 Firmware
Inspiron 15 7573 Firmware
Inspiron 15 7577 Firmware
Inspiron 17 7773 Firmware
Inspiron 3268 Firmware
Inspiron 3277 Firmware
Affected Vendors
References (2)
Vendor Advisory
https://www.dell.com/support/kbdoc/en-us/000192967
Vendor Advisory
https://www.dell.com/support/kbdoc/en-us/000192967
53
/ 100
high-risk
Severity
20/34 · Moderate
Exploitability
0/34 · Minimal
Exposure
33/34 · Critical