Lucene search

[email protected]CVE-2021-21571

HistoryJun 24, 2021 - 5:15 p.m.

CVE-2021-21571

2021-06-2417:15:00

CWE-295

[email protected]

web.nvd.nist.gov

dell

uefi

bios

cve

2021

21571

security

vulnerability

nvd

certificate validation

http stack

dell biosconnect

dell https boot

remote attacker

denial of service

payload tampering

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

6.6 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

0.002 Low

EPSS

Percentile

58.2%

JSON

Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability using a person-in-the-middle attack which may lead to a denial of service and payload tampering.

CPENameOperatorVersion
dell:alienware_m15_r6_firmwaredell alienware m15 r6 firmwarelt1.3.3
dell:chengming_3990_firmwaredell chengming 3990 firmwarelt1.4.1
dell:chengming_3991_firmwaredell chengming 3991 firmwarelt1.4.1
dell:g15_5510_firmwaredell g15 5510 firmwarelt1.4.0
dell:g15_5511_firmwaredell g15 5511 firmwarelt1.3.3
dell:g3_3500_firmwaredell g3 3500 firmwarelt1.9.0
dell:g5_5500_firmwaredell g5 5500 firmwarelt1.9.0
dell:g7_7500_firmwaredell g7 7500 firmwarelt1.9.0
dell:g7_7700_firmwaredell g7 7700 firmwarelt1.9.0
dell:inspiron_14_5418_firmwaredell inspiron 14 5418 firmwarelt2.1.0_a06

CPE	Name	Operator	Version
dell:alienware_m15_r6_firmware	dell alienware m15 r6 firmware	lt	1.3.3
dell:chengming_3990_firmware	dell chengming 3990 firmware	lt	1.4.1
dell:chengming_3991_firmware	dell chengming 3991 firmware	lt	1.4.1
dell:g15_5510_firmware	dell g15 5510 firmware	lt	1.4.0
dell:g15_5511_firmware	dell g15 5511 firmware	lt	1.3.3
dell:g3_3500_firmware	dell g3 3500 firmware	lt	1.9.0
dell:g5_5500_firmware	dell g5 5500 firmware	lt	1.9.0
dell:g7_7500_firmware	dell g7 7500 firmware	lt	1.9.0
dell:g7_7700_firmware	dell g7 7700 firmware	lt	1.9.0
dell:inspiron_14_5418_firmware	dell inspiron 14 5418 firmware	lt	2.1.0_a06

Rows per page:

1-10 of 1281

References

www.dell.com/support/kbdoc/en-us/000188682

Social References

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

6.6 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

0.002 Low

EPSS

Percentile

58.2%

JSON

Related for CVE-2021-21571

prion1 thn1 nessus1 threatpost1