Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveDellCVE-2021-36283
HistorySep 28, 2021 - 8:15 p.m.

CVE-2021-36283

2021-09-2820:15:07
CWE-20
dell
web.nvd.nist.gov
29
dell
bios
input validation
vulnerability
local user
arbitrary code execution
smi

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

0

Percentile

5.1%

JSON

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Affected configurations

Nvd
Vulners
Node
dellchengming_3990_firmwareRange<1.3.1
AND
dellchengming_3990Match-
Node
dellchengming_3991_firmwareRange<1.3.1
AND
dellchengming_3991Match-
Node
dellg3_15_3500_firmwareRange<1.7.1
AND
dellg3_15_3500Match-
Node
dellg3_15_3590_firmwareRange<1.12.0
AND
dellg3_15_3590Match-
Node
dellg3_15_5500_firmwareRange<1.7.1
AND
dellg3_15_5500Match-
Node
dellinspiron_3493_firmwareRange<1.12.0
AND
dellinspiron_3493Match-
Node
dellinspiron_3501_firmwareRange<1.1.0
AND
dellinspiron_3501Match-
Node
dellinspiron_3593_firmwareRange<1.12.0
AND
dellinspiron_3593Match-
Node
dellinspiron_3793_firmwareRange<1.12.0
AND
dellinspiron_3793Match-
Node
dellinspiron_3880_firmwareRange<1.3.1
AND
dellinspiron_3880Match-
Node
dellinspiron_3881_firmwareRange<1.3.1
AND
dellinspiron_3881Match-
Node
dellinspiron_5400_2-in-1_firmwareRange<1.5.0
AND
dellinspiron_5400_2-in-1Match-
Node
dellinspiron_5490_firmwareRange<1.12.0
AND
dellinspiron_5490Match-
Node
dellinspiron_5493_firmwareRange<1.12.0
AND
dellinspiron_5493Match-
Node
dellinspiron_5498_firmwareRange<1.12.0
AND
dellinspiron_5498Match-
Node
dellinspiron_5590_firmwareRange<1.12.0
AND
dellinspiron_5590Match-
Node
dellinspiron_5593_firmwareRange<1.12.0
AND
dellinspiron_5593Match-
Node
dellinspiron_5598_firmwareRange<1.12.0
AND
dellinspiron_5598Match-
Node
dellinspiron_7391_2-in-1_firmwareRange<1.9.1
AND
dellinspiron_7391_2-in-1Match-
Node
dellinspiron_7500_firmwareRange<1.5.1
AND
dellinspiron_7500Match-
Node
dellinspiron_7500_2-in-1_silver_firmwareRange<1.5.0
AND
dellinspiron_7500_2-in-1_silverMatch-
Node
dellinspiron_7501_firmwareRange<1.5.1
AND
dellinspiron_7501Match-
Node
dellinspiron_7590_firmwareRange<1.8.0
AND
dellinspiron_7590Match-
Node
dellinspiron_7591_firmwareRange<1.8.0
AND
dellinspiron_7591Match-
Node
delllatitude_3310Match-
AND
delllatitude_3310_firmwareRange<1.8.3
Node
delllatitude_3310_2-in-1Match-
AND
delllatitude_3310_2-in-1_firmwareRange<1.17.1
Node
delllatitude_5300Match-
AND
delllatitude_5300_firmwareRange<1.12.1
Node
delllatitude_5300_2-in-1Match-
AND
delllatitude_5300_2-in-1_firmwareRange<1.12.1
Node
delllatitude_5310Match-
AND
delllatitude_5310_firmwareRange<1.4.2
Node
delllatitude_5310_2_in_1Match-
AND
delllatitude_5310_2_in_1_firmwareMatch1.4.2
Node
delllatitude_5400Match-
AND
delllatitude_5400_firmwareRange<1.10.1
Node
delllatitude_5401Match-
AND
delllatitude_5401_firmwareRange<1.11.1
Node
delllatitude_5410_firmwareRange<1.4.3
AND
delllatitude_5410Match-
Node
delllatitude_5411_firmwareRange<1.4.3
AND
delllatitude_5411Match-
Node
delllatitude_5500_firmwareRange<1.10.1
AND
delllatitude_5500Match-
Node
delllatitude_5511_firmwareRange<1.4.3
AND
delllatitude_5511Match-
Node
delllatitude_7200_2_in_1_firmwareRange<1.10.1
AND
delllatitude_7200_2_in_1Match-
Node
delllatitude_7210_2_in_1_firmwareRange<1.5.1
AND
delllatitude_7210_2_in_1Match-
Node
delllatitude_7220ex_rugged_extreme_tablet_firmwareRange<1.9.1
AND
delllatitude_7220ex_rugged_extreme_tabletMatch-
Node
delllatitude_7300_firmwareRange<1.11.1
AND
delllatitude_7300Match-
Node
delllatitude_7310_firmwareRange<1.5.1
AND
delllatitude_7310Match-
Node
delllatitude_7400_firmwareRange<1.11.1
AND
delllatitude_7400Match-
Node
delllatitude_7400_2-in-1_firmwareRange<1.10.0
AND
delllatitude_7400_2-in-1Match-
Node
delllatitude_7410_firmwareRange<1.5.1
AND
delllatitude_7410Match-
Node
delllatitude_9410_firmwareRange<1.5.1
AND
delllatitude_9410Match-
Node
delllatitude_9510_firmwareRange<1.4.2
AND
delllatitude_9510Match-
Node
delloptiplex_3080_firmwareRange<1.3.1
AND
delloptiplex_3080Match-
Node
delloptiplex_3280_aio_firmwareRange<1.3.1
AND
delloptiplex_3280_aioMatch-
Node
delloptiplex_5080_firmwareRange<1.3.1
AND
delloptiplex_5080Match-
Node
delloptiplex_5480_aio_firmwareRange<1.4.0
AND
delloptiplex_5480_aioMatch-
Node
delloptiplex_7080_firmwareRange<1.3.10
AND
delloptiplex_7080Match-
Node
delloptiplex_7480_aio_firmwareRange<1.6.2
AND
delloptiplex_7480_aioMatch-
Node
delloptiplex_7780_aio_firmwareRange<1.6.2
AND
delloptiplex_7780_aioMatch-
Node
dellprecision_3440_firmwareRange<1.3.10
AND
dellprecision_3440Match-
Node
dellprecision_3540_firmwareRange<1.10.1
AND
dellprecision_3540Match-
Node
dellprecision_3541_firmwareRange<1.11.1
AND
dellprecision_3541Match-
Node
dellprecision_3550_firmwareRange<1.4.3
AND
dellprecision_3550Match-
Node
dellprecision_3551_firmwareRange<1.4.3
AND
dellprecision_3551Match-
Node
dellprecision_3640_tower_firmwareRange<1.4.3
AND
dellprecision_3640_towerMatch-
Node
dellprecision_5540_firmwareRange<1.9.1
AND
dellprecision_5540Match-
Node
dellprecision_5550_firmwareRange<1.6.1
AND
dellprecision_5550Match-
Node
dellprecision_5750_firmwareRange<1.6.3
AND
dellprecision_5750Match-
Node
dellprecision_7540_firmwareRange<1.11.2
AND
dellprecision_7540Match-
Node
dellprecision_7550_firmwareRange<1.6.2
AND
dellprecision_7550Match-
Node
dellprecision_7740_firmwareRange<1.11.2
AND
dellprecision_7740Match-
Node
dellprecision_7750_firmwareRange<1.6.2
AND
dellprecision_7750Match-
Node
dellvostro_3401_firmwareRange<1.1.0
AND
dellvostro_3401Match-
Node
dellvostro_3491_firmwareRange<1.12.0
AND
dellvostro_3491Match-
Node
dellvostro_3501_firmwareRange<1.1.0
AND
dellvostro_3501Match-
Node
dellvostro_3591_firmwareRange<1.12.0
AND
dellvostro_3591Match-
Node
dellvostro_3681_firmwareRange<1.3.1
AND
dellvostro_3681Match-
Node
dellvostro_3881_firmwareRange<1.3.1
AND
dellvostro_3881Match-
Node
dellvostro_3888_firmwareRange<1.3.1
AND
dellvostro_3888Match-
Node
dellvostro_5490_firmwareRange<1.12.0
AND
dellvostro_5490Match-
Node
dellvostro_5590_firmwareRange<1.12.0
AND
dellvostro_5590Match-
Node
dellvostro_7500_firmwareRange<1.5.1
AND
dellvostro_7500Match-
Node
dellvostro_7590_firmwareRange<1.8.0
AND
dellvostro_7590Match-
Node
dellwyse_5470_firmwareRange<1.6.0
AND
dellwyse_5470Match-
Node
dellxps_13_9300_firmwareRange<1.4.1
AND
dellxps_13_9300Match-
Node
dellxps_13_9380_firmwareRange<1.12.0
AND
dellxps_13_9380Match-
Node
dellxps_17_9700_firmwareRange<1.6.3
AND
dellxps_17_9700Match-
Node
dellxps_7380_firmwareRange<1.7.0
AND
dellxps_7380Match-
Node
dellxps_7590_firmwareRange<1.9.1
AND
dellxps_7590Match-
Node
dellxps_7390_2-in-1_firmwareRange<1.7.1
AND
dellxps_7390_2-in-1
Node
dellxps_9500_firmwareRange<1.6.1
AND
dellxps_9500
VendorProductVersionCPE
dellchengming_3990_firmware*cpe:2.3:o:dell:chengming_3990_firmware:*:*:*:*:*:*:*:*
dellchengming_3990-cpe:2.3:h:dell:chengming_3990:-:*:*:*:*:*:*:*
dellchengming_3991_firmware*cpe:2.3:o:dell:chengming_3991_firmware:*:*:*:*:*:*:*:*
dellchengming_3991-cpe:2.3:h:dell:chengming_3991:-:*:*:*:*:*:*:*
dellg3_15_3500_firmware*cpe:2.3:o:dell:g3_15_3500_firmware:*:*:*:*:*:*:*:*
dellg3_15_3500-cpe:2.3:h:dell:g3_15_3500:-:*:*:*:*:*:*:*
dellg3_15_3590_firmware*cpe:2.3:o:dell:g3_15_3590_firmware:*:*:*:*:*:*:*:*
dellg3_15_3590-cpe:2.3:h:dell:g3_15_3590:-:*:*:*:*:*:*:*
dellg3_15_5500_firmware*cpe:2.3:o:dell:g3_15_5500_firmware:*:*:*:*:*:*:*:*
dellg3_15_5500-cpe:2.3:h:dell:g3_15_5500:-:*:*:*:*:*:*:*
Rows per page:
1-10 of 1701

CNA Affected

[
  {
    "product": "CPG BIOS",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "1.3.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Related

prion 1
cvelist 1
nvd 1
prion
prion
Input validation
2021-09-28 20:15:00
cvelist
cvelist
CVE-2021-36283
2021-09-28 19:20:22
nvd
nvd
CVE-2021-36283
2021-09-28 20:15:07

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

0

Percentile

5.1%

JSON
Related for CVE-2021-36283
prion1cvelist1nvd1