CVE-2021-21522 — HIGH (8.2)

Q: How severe is CVE-2021-21522?

CVE-2021-21522 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-21522?

Check the references section above for vendor advisories and patch information. Affected products include: Dell Latitude 5285 2-In-1 Firmware, Dell Latitude 5285 2-In-1, Dell Latitude 5289 2-In-1 Firmware, Dell Latitude 5289 2-In-1, Dell Latitude 5310 2-In-1 Firmware.

Vulnerability Description

Dell BIOS contains a Credentials Management issue. A local authenticated malicious user may potentially exploit this vulnerability to gain access to sensitive information on an NVMe storage by resetting the BIOS password on the system via the Manageability Interface.

CVSS Score

8.2

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Dell	Latitude 5285 2-In-1 Firmware	< 1.13.0
Dell	Latitude 5285 2-In-1	All versions
Dell	Latitude 5289 2-In-1 Firmware	< 1.23.1
Dell	Latitude 5289 2-In-1	All versions
Dell	Latitude 5310 2-In-1 Firmware	1.7.0
Dell	Latitude 5310 2-In-1	All versions
Dell	Latitude 5290 2-In-1 Firmware	< 1.16.0
Dell	Latitude 5290 2-In-1	All versions
Dell	Latitude 7210 2-In-1 Firmware	< 1.7.0
Dell	Latitude 7210 2-In-1	-
Dell	Latitude 7212 Rugged Extreme Tablet Firmware	< 1.33.0
Dell	Latitude 7212 Rugged Extreme Tablet	-
Dell	Latitude 7280 Firmware	< 1.21.1
Dell	Latitude 7280	-
Dell	Latitude 7290 Firmware	< 1.20.0
Dell	Latitude 7290	-
Dell	Latitude 7285 Firmware	< 1.11.0
Dell	Latitude 7285	-
Dell	Latitude 7370 Firmware	< 1.24.3
Dell	Latitude 7370	-

Related Weaknesses (CWE)

CWE-255

References

https://www.dell.com/support/kbdoc/000191495Vendor Advisory
https://www.dell.com/support/kbdoc/000191495Vendor Advisory

FAQ

What is CVE-2021-21522?

CVE-2021-21522 is a vulnerability with a CVSS score of 8.2 (HIGH). Dell BIOS contains a Credentials Management issue. A local authenticated malicious user may potentially exploit this vulnerability to gain access to sensitive information on an NVMe storage by resetti...

How severe is CVE-2021-21522?

CVE-2021-21522 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-21522?

Check the references section above for vendor advisories and patch information. Affected products include: Dell Latitude 5285 2-In-1 Firmware, Dell Latitude 5285 2-In-1, Dell Latitude 5289 2-In-1 Firmware, Dell Latitude 5289 2-In-1, Dell Latitude 5310 2-In-1 Firmware.