CVE-2021-21574

EUVD-2021-8846
Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 HIGH
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
dellCNA
7.2 HIGH
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
Affected Products (NVD)
VendorProductVersion
dellalienware_m15_r6_firmware
𝑥
< 1.3.3
dellchengming_3990_firmware
𝑥
< 1.4.1
dellchengming_3991_firmware
𝑥
< 1.4.1
dellg15_5510_firmware
𝑥
< 1.4.0
dellg15_5511_firmware
𝑥
< 1.3.3
dellg3_3500_firmware
𝑥
≤ 1.9.0
dellg5_5500_firmware
𝑥
< 1.9.0
dellg7_7500_firmware
𝑥
< 1.9.0
dellg7_7700_firmware
𝑥
< 1.9.0
dellinspiron_14_5418_firmware
𝑥
< 2.1.0_a06
dellinspiron_15_5518_firmware
𝑥
< 2.1.0_a06
dellinspiron_15_7510_firmware
𝑥
< 1.0.4
dellinspiron_3501_firmware
𝑥
< 1.6.0
dellinspiron_3880_firmware
𝑥
< 1.4.1
dellinspiron_3881_firmware
𝑥
< 1.4.1
dellinspiron_3891_firmware
𝑥
< 1.0.11
dellinspiron_5300_firmware
𝑥
< 1.7.1
dellinspiron_5301_firmware
𝑥
< 1.8.1
dellinspiron_5310_firmware
𝑥
< 2.1.0
dellinspiron_5400_2-in-1_firmware
𝑥
< 1.7.0
dellinspiron_5400_aio_firmware
𝑥
< 1.4.0
dellinspiron_5401_firmware
𝑥
< 1.7.2
dellinspiron_5401_aio_firmware
𝑥
< 1.4.0
dellinspiron_5402_firmware
𝑥
< 1.5.1
dellinspiron_5406_2n1_firmware
𝑥
< 1.5.1
dellinspiron_5408_firmware
𝑥
< 1.7.2
dellinspiron_5409_firmware
𝑥
< 1.5.1
dellinspiron_5410_2-in-1_firmware
𝑥
< 2.1.0
dellinspiron_5501_firmware
𝑥
< 1.7.2
dellinspiron_5502_firmware
𝑥
< 1.5.1
dellinspiron_5508_firmware
𝑥
< 1.7.2
dellinspiron_5509_firmware
𝑥
< 1.5.1
dellinspiron_7300_firmware
𝑥
< 1.8.1
dellinspiron_7300_2-in-1_firmware
𝑥
< 1.3.0
dellinspiron_7306_2-in-1_firmware
𝑥
< 1.5.1
dellinspiron_7400_firmware
𝑥
< 1.8.1
dellinspiron_7500_firmware
𝑥
< 1.8.0
dellinspiron_7500_2-in-1_firmware
𝑥
< 1.3.0
dellinspiron_7501_firmware
𝑥
< 1.8.0
dellinspiron_7506_firmware
𝑥
< 1.5.1
dellinspiron_7610_firmware
𝑥
< 1.0.4
dellinspiron_7700_aio_firmware
𝑥
< 1.4.0
dellinspiron_7706_2-in-1_firmware
𝑥
< 1.5.1
delllatitude_3120_firmware
𝑥
< 1.1.0
delllatitude_3320_firmware
𝑥
< 1.4.0
delllatitude_3410_firmware
𝑥
< 1.9.0
delllatitude_3420_firmware
𝑥
< 1.8.0
delllatitude_3510_firmware
𝑥
< 1.9.0
delllatitude_3520_firmware
𝑥
< 1.8.0
delllatitude_5310_firmware
𝑥
< 1.7.0
delllatitude_5310_2-in-1_firmware
𝑥
< 1.7.0
delllatitude_5320_firmware
𝑥
< 1.7.1
delllatitude_5320_2-in-1_firmware
𝑥
< 1.7.1
delllatitude_5410_firmware
𝑥
< 1.6.0
delllatitude_5411_firmware
𝑥
< 1.6.0
delllatitude_5420_firmware
𝑥
< 1.8.0
delllatitude_5510_firmware
𝑥
< 1.6.0
delllatitude_5511_firmware
𝑥
< 1.6.0
delllatitude_5520_firmware
𝑥
< 1.7.1
delllatitude_5521_firmware
𝑥
< 1.3.0_a03
delllatitude_7210_2-in-1_firmware
𝑥
< 1.7.0
delllatitude_7310_firmware
𝑥
< 1.7.0
delllatitude_7320_firmware
𝑥
< 1.7.1
delllatitude_7320_detachable_firmware
𝑥
< 1.4.0_a04
delllatitude_7410_firmware
𝑥
< 1.7.0
delllatitude_7420_firmware
𝑥
< 1.7.1
delllatitude_7520_firmware
𝑥
< 1.7.1
delllatitude_9410_firmware
𝑥
< 1.7.0
delllatitude_9420_firmware
𝑥
< 1.4.1
delllatitude_9510_firmware
𝑥
< 1.6.0
delllatitude_9520_firmware
𝑥
< 1.5.2
delllatitude_5421_firmware
𝑥
< 1.3.0_a03
delloptiplex_3080_firmware
𝑥
< 2.1.1
delloptiplex_3090_uff_firmware
𝑥
< 1.2.0
delloptiplex_3280_all-in-one_firmware
𝑥
< 1.7.0
delloptiplex_5080_firmware
𝑥
< 1.4.0
delloptiplex_5090_tower_firmware
𝑥
< 1.1.35
delloptiplex_5490_aio_firmware
𝑥
< 1.3.0
delloptiplex_7080_firmware
𝑥
< 1.4.0
delloptiplex_7090_tower_firmware
𝑥
< 1.1.35
delloptiplex_7090_uff_firmware
𝑥
< 1.2.0
delloptiplex_7480_all-in-one_firmware
𝑥
< 1.7.0
delloptiplex_7490_all-in-one_firmware
𝑥
< 1.3.0
delloptiplex_7780_all-in-one_firmware
𝑥
< 1.7.0
dellprecision_17_m5750_firmware
𝑥
< 1.8.2
dellprecision_3440_firmware
𝑥
< 1.4.0
dellprecision_3450_firmware
𝑥
< 1.1.35
dellprecision_3550_firmware
𝑥
< 1.6.0
dellprecision_3551_firmware
𝑥
< 1.6.0
dellprecision_3560_firmware
𝑥
< 1.7.1
dellprecision_3561_firmware
𝑥
< 1.3.0_a03
dellprecision_3640_firmware
𝑥
< 1.6.2
dellprecision_3650_mt_firmware
𝑥
< 1.2.0
dellprecision_5550_firmware
𝑥
< 1.8.1
dellprecision_5560_firmware
𝑥
< 1.3.2
dellprecision_5760_firmware
𝑥
< 1.1.3
dellprecision_7550_firmware
𝑥
< 1.8.0
dellprecision_7560_firmware
𝑥
< 1.1.2
dellprecision_7750_firmware
𝑥
< 1.8.0
dellprecision_7760_firmware
𝑥
< 1.1.2
dellvostro_14_5410_firmware
𝑥
< 2.1.0_a06
dellvostro_15_5510_firmware
𝑥
< 2.1.0_a06
dellvostro_15_7510_firmware
𝑥
< 1.0.4
dellvostro_3400_firmware
𝑥
< 1.6.0
dellvostro_3500_firmware
𝑥
< 1.6.0
dellvostro_3501_firmware
𝑥
< 1.6.0
dellvostro_3681_firmware
𝑥
< 2.4.0
dellvostro_3690_firmware
𝑥
< 1.0.11
dellvostro_3881_firmware
𝑥
< 2.4.0
dellvostro_3888_firmware
𝑥
< 2.4.0
dellvostro_3890_firmware
𝑥
< 1.0.11
dellvostro_5300_firmware
𝑥
< 1.7.1
dellvostro_5301_firmware
𝑥
< 1.8.1
dellvostro_5310_firmware
𝑥
< 2.1.0
dellvostro_5401_firmware
𝑥
< 1.7.2
dellvostro_5402_firmware
𝑥
< 1.5.1
dellvostro_5501_firmware
𝑥
< 1.7.2
dellvostro_5502_firmware
𝑥
< 1.5.1
dellvostro_5880_firmware
𝑥
< 1.4.0
dellvostro_5890_firmware
𝑥
< 1.0.11
dellvostro_7500_firmware
𝑥
< 1.8.0
dellxps_13_9305_firmware
𝑥
< 1.0.8
dellxps_13_2in1_9310_firmware
𝑥
< 2.3.3
dellxps_13_9310_firmware
𝑥
< 3.0.0
dellxps_15_9500_firmware
𝑥
< 1.8.1
dellxps_15_9510_firmware
𝑥
< 1.3.2
dellxps_17_9700_firmware
𝑥
< 1.8.2
dellxps_17_9710_firmware
𝑥
< 1.1.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.dell.com/support/kbdoc/en-us/000188682
https://www.dell.com/support/kbdoc/en-us/000188682