Vulnerability Description
Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability using a person-in-the-middle attack which may lead to a denial of service and payload tampering.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Alienware M15 R6 Firmware | < 1.3.3 |
| Dell | Alienware M15 R6 | - |
| Dell | Chengming 3990 Firmware | < 1.4.1 |
| Dell | Chengming 3990 | - |
| Dell | Chengming 3991 Firmware | < 1.4.1 |
| Dell | Chengming 3991 | - |
| Dell | G15 5510 Firmware | < 1.4.0 |
| Dell | G15 5510 | - |
| Dell | G15 5511 Firmware | < 1.3.3 |
| Dell | G15 5511 | - |
| Dell | G3 3500 Firmware | < 1.9.0 |
| Dell | G3 3500 | - |
| Dell | G5 5500 Firmware | < 1.9.0 |
| Dell | G5 5500 | - |
| Dell | G7 7500 Firmware | < 1.9.0 |
| Dell | G7 7500 | - |
| Dell | G7 7700 Firmware | < 1.9.0 |
| Dell | G7 7700 | - |
| Dell | Inspiron 14 5418 Firmware | < 2.1.0_a06 |
| Dell | Inspiron 14 5418 | - |
Related Weaknesses (CWE)
References
- https://www.dell.com/support/kbdoc/en-us/000188682Vendor Advisory
- https://www.dell.com/support/kbdoc/en-us/000188682Vendor Advisory
FAQ
What is CVE-2021-21571?
CVE-2021-21571 is a vulnerability with a CVSS score of 5.9 (MEDIUM). Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability. A remote unauthenticated attacker may exploi...
How severe is CVE-2021-21571?
CVE-2021-21571 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-21571?
Check the references section above for vendor advisories and patch information. Affected products include: Dell Alienware M15 R6 Firmware, Dell Alienware M15 R6, Dell Chengming 3990 Firmware, Dell Chengming 3990, Dell Chengming 3991 Firmware.