Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2021-36285
HistorySep 28, 2021 - 8:15 p.m.

CVE-2021-36285

2021-09-2820:15:07
CWE-307
[email protected]
web.nvd.nist.gov
20
dell
bios
cve-2021-36285
vulnerability
nvd
authentication
nvme
bypass
brute force
attack

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

5.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

4.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive NVMe password attempt mitigations in order to carry out a brute force attack.

Affected configurations

NVD
Node
delllatitude_5310_2-in-1_firmwareRange<1.7.0
AND
delllatitude_5310_2-in-1Match-
Node
delllatitude_5320_firmwareRange<1.7.0
AND
delllatitude_5320Match-
Node
delllatitude_5400_firmwareRange<1.7.1
AND
delllatitude_5400Match-
Node
delllatitude_5411_firmwareRange<1.6.0
AND
delllatitude_5411Match-
Node
delllatitude_5500_firmwareRange<1.8.0
AND
delllatitude_5500Match-
Node
delllatitude_5520_firmwareRange<1.6.0
AND
delllatitude_5520Match-
Node
delllatitude_5511_firmwareRange<1.7.1
AND
delllatitude_5511Match-
Node
delllatitude_7212_rugged_extreme_tablet_firmwareRange<1.7.0
AND
delllatitude_7212_rugged_extreme_tabletMatch-
Node
delllatitude_7280_firmwareRange<1.9.1
AND
delllatitude_7280Match-
Node
delllatitude_7320_firmwareRange<1.7.0
AND
delllatitude_7320Match-
Node
delllatitude_7370_firmwareRange<1.7.1
AND
delllatitude_7370Match-
Node
delllatitude_7420_firmwareRange<1.7.0
AND
delllatitude_7420Match-
Node
delllatitude_7480_firmwareRange<1.7.1
AND
delllatitude_7480Match-
Node
delllatitude_9410_firmwareRange<1.7.1
AND
delllatitude_9410Match-
Node
delllatitude_9510_firmwareRange<1.7.0
AND
delllatitude_9510Match-
Node
delllatitude_9520_firmwareRange<1.6.0
AND
delllatitude_9520Match-
Node
delloptiplex_3080_firmwareRange<1.5.2
AND
delloptiplex_3080Match-
Node
delloptiplex_3280_aio_firmwareRange<1.2.0
AND
delloptiplex_3280_aioMatch-
Node
delloptiplex_7480_aio_firmwareRange<1.2.0
AND
delloptiplex_7480_aioMatch-
Node
dellprecision_3551_ffirmwareRange<1.6.2
AND
dellprecision_3551Match-
Node
dellprecision_3640_tower_firmwareRange<1.7.1
AND
dellprecision_3640_towerMatch-

CNA Affected

[
  {
    "product": "CPG BIOS",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "1.7.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Related

prion 1
cvelist 1
nvd 1
prion
prion
Input validation
2021-09-28 20:15:00
cvelist
cvelist
CVE-2021-36285
2021-09-16 00:00:00
nvd
nvd
CVE-2021-36285
2021-09-28 20:15:07

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

5.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

4.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for CVE-2021-36285
prion1cvelist1nvd1