Vulnerability Description
Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Alienware M15 R6 Firmware | < 1.3.3 |
| Dell | Alienware M15 R6 | - |
| Dell | Chengming 3990 Firmware | < 1.4.1 |
| Dell | Chengming 3990 | - |
| Dell | Chengming 3991 Firmware | < 1.4.1 |
| Dell | Chengming 3991 | - |
| Dell | G15 5510 Firmware | < 1.4.0 |
| Dell | G15 5510 | - |
| Dell | G15 5511 Firmware | < 1.3.3 |
| Dell | G15 5511 | - |
| Dell | G3 3500 Firmware | <= 1.9.0 |
| Dell | G3 3500 | - |
| Dell | G5 5500 Firmware | < 1.9.0 |
| Dell | G5 5500 | - |
| Dell | G7 7500 Firmware | < 1.9.0 |
| Dell | G7 7500 | - |
| Dell | G7 7700 Firmware | < 1.9.0 |
| Dell | G7 7700 | - |
| Dell | Inspiron 14 5418 Firmware | < 2.1.0_a06 |
| Dell | Inspiron 14 5418 | - |
Related Weaknesses (CWE)
References
- https://www.dell.com/support/kbdoc/en-us/000188682Vendor Advisory
- https://www.dell.com/support/kbdoc/en-us/000188682Vendor Advisory
FAQ
What is CVE-2021-21573?
CVE-2021-21573 is a vulnerability with a CVSS score of 7.2 (HIGH). Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary cod...
How severe is CVE-2021-21573?
CVE-2021-21573 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-21573?
Check the references section above for vendor advisories and patch information. Affected products include: Dell Alienware M15 R6 Firmware, Dell Alienware M15 R6, Dell Chengming 3990 Firmware, Dell Chengming 3990, Dell Chengming 3991 Firmware.