CVE-2021-21522
28.09.2021, 20:15
Dell BIOS contains a Credentials Management issue. A local authenticated malicious user may potentially exploit this vulnerability to gain access to sensitive information on an NVMe storage by resetting the BIOS password on the system via the Manageability Interface.Enginsight
| Vendor | Product | Version |
|---|---|---|
| dell | latitude_5285_2-in-1_firmware | 𝑥 < 1.13.0 |
| dell | latitude_5289_2-in-1_firmware | 𝑥 < 1.23.1 |
| dell | latitude_5310_2-in-1_firmware | 1.7.0 |
| dell | latitude_5290_2-in-1_firmware | 𝑥 < 1.16.0 |
| dell | latitude_7210_2-in-1_firmware | 𝑥 < 1.7.0 |
| dell | latitude_7212_rugged_extreme_tablet_firmware | 𝑥 < 1.33.0 |
| dell | latitude_7212_rugged_extreme_tablet_firmware | 1.33.0 |
| dell | latitude_7280_firmware | 𝑥 < 1.21.1 |
| dell | latitude_7280_firmware | 1.21.1 |
| dell | latitude_7290_firmware | 𝑥 < 1.20.0 |
| dell | latitude_7290_firmware | 1.20.0 |
| dell | latitude_7285_firmware | 𝑥 < 1.11.0 |
| dell | latitude_7285_firmware | 1.11.0 |
| dell | latitude_7370_firmware | 𝑥 < 1.24.3 |
| dell | latitude_7370_firmware | 1.24.3 |
| dell | latitude_7310_firmware | 𝑥 < 1.7.0 |
| dell | latitude_7380_firmware | 1.21.1 |
| dell | latitude_7389_firmware | 𝑥 < 1.23.1 |
| dell | latitude_7390_firmware | 1.20.0 |
| dell | latitude_7410_firmware | 𝑥 < 1.7.0 |
| dell | latitude_7390_2-in-1_firmware | 𝑥 < 1.19.0 |
| dell | latitude_7420_firmware | 𝑥 < 1.7.1 |
| dell | latitude_7480_firmware | 𝑥 < 1.21.1 |
| dell | latitude_7490_firmware | 𝑥 < 1.20.1 |
| dell | latitude_9410_firmware | 𝑥 < 1.7.0 |
| dell | latitude_9510_firmware | 𝑥 < 1.6.0 |
| dell | precision_3640_tower_firmware | 𝑥 < 1.6.2 |
| dell | precision_5520_firmware | 𝑥 < 1.23.1 |
| dell | precision_5510_firmware | 𝑥 < 1.17.0 |
| dell | precision_5530_2-in-1_firmware | 𝑥 < 1.14.10 |
| dell | xps_13_9360_firmware | 𝑥 < 2.16.0 |
| dell | xps_13_9370_firmware | 𝑥 < 1.15.0 |
| dell | xps_15_9575_2-in-1_firmware | 𝑥 < 1.16.2 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration