Lucene search

[email protected]CVE-2021-21574

HistoryJun 24, 2021 - 5:15 p.m.

CVE-2021-21574

2021-06-2417:15:00

CWE-787

[email protected]

web.nvd.nist.gov

dell

biosconnect

buffer overflow

vulnerability

uefi restrictions

cve-2021-21574

nvd

7.5 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

21.7%

JSON

Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions.

CPENameOperatorVersion
dell:alienware_m15_r6_firmwaredell alienware m15 r6 firmwarelt1.3.3
dell:chengming_3990_firmwaredell chengming 3990 firmwarelt1.4.1
dell:chengming_3991_firmwaredell chengming 3991 firmwarelt1.4.1
dell:g15_5510_firmwaredell g15 5510 firmwarelt1.4.0
dell:g15_5511_firmwaredell g15 5511 firmwarelt1.3.3
dell:g3_3500_firmwaredell g3 3500 firmwarele1.9.0
dell:g5_5500_firmwaredell g5 5500 firmwarelt1.9.0
dell:g7_7500_firmwaredell g7 7500 firmwarelt1.9.0
dell:g7_7700_firmwaredell g7 7700 firmwarelt1.9.0
dell:inspiron_14_5418_firmwaredell inspiron 14 5418 firmwarelt2.1.0_a06

CPE	Name	Operator	Version
dell:alienware_m15_r6_firmware	dell alienware m15 r6 firmware	lt	1.3.3
dell:chengming_3990_firmware	dell chengming 3990 firmware	lt	1.4.1
dell:chengming_3991_firmware	dell chengming 3991 firmware	lt	1.4.1
dell:g15_5510_firmware	dell g15 5510 firmware	lt	1.4.0
dell:g15_5511_firmware	dell g15 5511 firmware	lt	1.3.3
dell:g3_3500_firmware	dell g3 3500 firmware	le	1.9.0
dell:g5_5500_firmware	dell g5 5500 firmware	lt	1.9.0
dell:g7_7500_firmware	dell g7 7500 firmware	lt	1.9.0
dell:g7_7700_firmware	dell g7 7700 firmware	lt	1.9.0
dell:inspiron_14_5418_firmware	dell inspiron 14 5418 firmware	lt	2.1.0_a06

Rows per page:

1-10 of 1281

References

www.dell.com/support/kbdoc/en-us/000188682

Social References

7.5 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

21.7%

JSON

Related for CVE-2021-21574

prion1 thn1 nessus1 threatpost1