Multiple vulnerabilities in Dell BIOSConnect and HTTPS Boot features



Published: 2021-06-25
Risk Medium
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2021-21571
CVE-2021-21572
CVE-2021-21573
CVE-2021-21574
CWE-ID CWE-295
CWE-119
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Alienware m15 R6
Hardware solutions / Firmware

Dell G15 5510
Hardware solutions / Firmware

Dell G15 5511
Hardware solutions / Firmware

Inspiron 14 5418
Hardware solutions / Firmware

Inspiron 15 5518
Hardware solutions / Firmware

Inspiron 15 7510
Hardware solutions / Firmware

Inspiron 3891
Hardware solutions / Firmware

Inspiron 5310
Hardware solutions / Firmware

Inspiron 5410 2-in-1
Hardware solutions / Firmware

Inspiron 7610
Hardware solutions / Firmware

Latitude 3320
Hardware solutions / Firmware

Latitude 5320
Hardware solutions / Firmware

Latitude 5320 2-in-1
Hardware solutions / Firmware

Latitude 5420
Hardware solutions / Firmware

Latitude 5520
Hardware solutions / Firmware

Latitude 5521
Hardware solutions / Firmware

Latitude 7320
Hardware solutions / Firmware

Latitude 7320 Detachable
Hardware solutions / Firmware

Latitude 7420
Hardware solutions / Firmware

Latitude 7520
Hardware solutions / Firmware

Latitude 9420
Hardware solutions / Firmware

Latitude 9520
Hardware solutions / Firmware

Latitude 5421
Hardware solutions / Firmware

OptiPlex 3090 UFF
Hardware solutions / Firmware

OptiPlex 5090 Tower
Hardware solutions / Firmware

OptiPlex 5490 AIO
Hardware solutions / Firmware

OptiPlex 7090 Tower
Hardware solutions / Firmware

OptiPlex 7090 UFF
Hardware solutions / Firmware

OptiPlex 7490 All-in-One
Hardware solutions / Firmware

Precision 3450
Hardware solutions / Firmware

Precision 3560
Hardware solutions / Firmware

Precision 3561
Hardware solutions / Firmware

Precision 3650 MT
Hardware solutions / Firmware

Precision 5560
Hardware solutions / Firmware

Precision 5760
Hardware solutions / Firmware

Precision 7560
Hardware solutions / Firmware

Precision 7760
Hardware solutions / Firmware

Vostro 14 5410
Hardware solutions / Firmware

Vostro 15 5510
Hardware solutions / Firmware

Vostro 15 7510
Hardware solutions / Firmware

Vostro 3690
Hardware solutions / Firmware

Vostro 3890
Hardware solutions / Firmware

Vostro 5310
Hardware solutions / Firmware

Vostro 5890
Hardware solutions / Firmware

XPS 15 9510
Hardware solutions / Firmware

XPS 17 9710
Hardware solutions / Firmware

ChengMing 3990
Hardware solutions / Firmware

ChengMing 3991
Hardware solutions / Firmware

Dell G3 3500
Hardware solutions / Firmware

Dell G5 5500
Hardware solutions / Firmware

Dell G7 7500
Hardware solutions / Firmware

Dell G7 7700
Hardware solutions / Firmware

Inspiron 3501
Hardware solutions / Firmware

Inspiron 3880
Hardware solutions / Firmware

Inspiron 3881
Hardware solutions / Firmware

Inspiron 5300
Hardware solutions / Firmware

Inspiron 5301
Hardware solutions / Firmware

Inspiron 5400 2n1
Hardware solutions / Firmware

Inspiron 5400 AIO
Hardware solutions / Firmware

Inspiron 5401
Hardware solutions / Firmware

Inspiron 5401 AIO
Hardware solutions / Firmware

Inspiron 5402
Hardware solutions / Firmware

Inspiron 5406 2n1
Hardware solutions / Firmware

Inspiron 5408
Hardware solutions / Firmware

Inspiron 5409
Hardware solutions / Firmware

Inspiron 5501
Hardware solutions / Firmware

Inspiron 5502
Hardware solutions / Firmware

Inspiron 5508
Hardware solutions / Firmware

Inspiron 5509
Hardware solutions / Firmware

Inspiron 7300
Hardware solutions / Firmware

Inspiron 7300 2n1
Hardware solutions / Firmware

Inspiron 7306 2n1
Hardware solutions / Firmware

Inspiron 7400
Hardware solutions / Firmware

Inspiron 7500
Hardware solutions / Firmware

Inspiron 7500 2n1 - Black
Hardware solutions / Firmware

Inspiron 7500 2n1 - Silver
Hardware solutions / Firmware

Inspiron 7501
Hardware solutions / Firmware

Inspiron 7506 2n1
Hardware solutions / Firmware

Inspiron 7700 AIO
Hardware solutions / Firmware

Inspiron 7706 2n1
Hardware solutions / Firmware

Latitude 3120
Hardware solutions / Firmware

Latitude 3410
Hardware solutions / Firmware

Latitude 3420
Hardware solutions / Firmware

Latitude 3510
Hardware solutions / Firmware

Latitude 3520
Hardware solutions / Firmware

Latitude 5310
Hardware solutions / Firmware

Latitude 5310 2 in 1
Hardware solutions / Firmware

Latitude 5410
Hardware solutions / Firmware

Latitude 5411
Hardware solutions / Firmware

Latitude 5510
Hardware solutions / Firmware

Latitude 5511
Hardware solutions / Firmware

Latitude 7210 2-in-1
Hardware solutions / Firmware

Latitude 7310
Hardware solutions / Firmware

Latitude 7410
Hardware solutions / Firmware

Latitude 9410
Hardware solutions / Firmware

Latitude 9510
Hardware solutions / Firmware

OptiPlex 3080
Hardware solutions / Firmware

OptiPlex 3280 All-in-One
Hardware solutions / Firmware

OptiPlex 5080
Hardware solutions / Firmware

OptiPlex 7080
Hardware solutions / Firmware

OptiPlex 7480 All-in-One
Hardware solutions / Firmware

OptiPlex 7780 All-in-One
Hardware solutions / Firmware

Precision 17 M5750
Hardware solutions / Firmware

Precision 3440
Hardware solutions / Firmware

Precision 3550
Hardware solutions / Firmware

Precision 3551
Hardware solutions / Firmware

Precision 3640
Hardware solutions / Firmware

Precision 5550
Hardware solutions / Firmware

Precision 7550
Hardware solutions / Firmware

Precision 7750
Hardware solutions / Firmware

Vostro 3400
Hardware solutions / Firmware

Vostro 3500
Hardware solutions / Firmware

Vostro 3501
Hardware solutions / Firmware

Vostro 3681
Hardware solutions / Firmware

Vostro 3881
Hardware solutions / Firmware

Vostro 3888
Hardware solutions / Firmware

Vostro 5300
Hardware solutions / Firmware

Vostro 5301
Hardware solutions / Firmware

Vostro 5401
Hardware solutions / Firmware

Vostro 5402
Hardware solutions / Firmware

Vostro 5501
Hardware solutions / Firmware

Vostro 5502
Hardware solutions / Firmware

Vostro 5880
Hardware solutions / Firmware

Vostro 7500
Hardware solutions / Firmware

XPS 13 9305
Hardware solutions / Firmware

XPS 13 2in1 9310
Hardware solutions / Firmware

XPS 13 9310
Hardware solutions / Firmware

XPS 15 9500
Hardware solutions / Firmware

XPS 17 9700
Hardware solutions / Firmware

Vendor

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Improper certificate validation

EUVDB-ID: #VU54382

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-21571

CWE-ID: CWE-295 - Improper Certificate Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to improper certificate validation within the Dell BIOSConnect and Dell HTTPS Boot features. A remote attacker can perform MitM attack and cause a denial of service or tamper with the system boot.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Alienware m15 R6: before 1.3.3

Dell G15 5510: before 1.4.0

Dell G15 5511: before 1.3.3

Inspiron 14 5418: before 2.1.0 A06

Inspiron 15 5518: before 2.1.0 A06

Inspiron 15 7510: before 1.0.4

Inspiron 3891: before 1.0.11

Inspiron 5310: before 2.1.0

Inspiron 5410 2-in-1: before 2.1.0

Inspiron 7610: before 1.0.4

Latitude 3320: before 1.4.0

Latitude 5320: before 1.7.1

Latitude 5320 2-in-1: before 1.7.1

Latitude 5420: before 1.8.0

Latitude 5520: before 1.7.1

Latitude 5521: before 1.3.0 A03

Latitude 7320: before 1.7.1

Latitude 7320 Detachable: before 1.4.0 A04

Latitude 7420: before 1.7.1

Latitude 7520: before 1.7.1

Latitude 9420: before 1.4.1

Latitude 9520: before 1.5.2

Latitude 5421: before 1.3.0 A03

OptiPlex 3090 UFF: before 1.2.0

OptiPlex 5090 Tower: before 1.1.35

OptiPlex 5490 AIO: before 1.3.0

OptiPlex 7090 Tower: before 1.1.35

OptiPlex 7090 UFF: before 1.2.0

OptiPlex 7490 All-in-One: before 1.3.0

Precision 3450: before 1.1.35

Precision 3560: before 1.7.1

Precision 3561: before 1.3.0 A03

Precision 3650 MT: before 1.2.0

Precision 5560: before 1.3.2

Precision 5760: before 1.1.3

Precision 7560: before 1.1.2

Precision 7760: before 1.1.2

Vostro 14 5410: before 2.1.0 A06

Vostro 15 5510: before 2.1.0 A06

Vostro 15 7510: before 1.0.4

Vostro 3690: before 1.0.11

Vostro 3890: before 1.0.11

Vostro 5310: before 2.1.0

Vostro 5890: before 1.0.11

XPS 15 9510: before 1.3.2

XPS 17 9710: before 1.1.3

ChengMing 3990: before 1.4.1

ChengMing 3991: before 1.4.1

Dell G3 3500: before 1.9.0

Dell G5 5500: before 1.9.0

Dell G7 7500: before 1.9.0

Dell G7 7700: before 1.9.0

Inspiron 3501: before 1.6.0

Inspiron 3880: before 1.4.1

Inspiron 3881: before 1.4.1

Inspiron 5300: before 1.7.1

Inspiron 5301: before 1.8.1

Inspiron 5400 2n1: before 1.7.0

Inspiron 5400 AIO: before 1.4.0

Inspiron 5401: before 1.7.2

Inspiron 5401 AIO: before 1.4.0

Inspiron 5402: before 1.5.1

Inspiron 5406 2n1: before 1.5.1

Inspiron 5408: before 1.7.2

Inspiron 5409: before 1.5.1

Inspiron 5501: before 1.7.2

Inspiron 5502: before 1.5.1

Inspiron 5508: before 1.7.2

Inspiron 5509: before 1.5.1

Inspiron 7300: before 1.8.1

Inspiron 7300 2n1: before 1.3.0

Inspiron 7306 2n1: before 1.5.1

Inspiron 7400: before 1.8.1

Inspiron 7500: before 1.8.0

Inspiron 7500 2n1 - Black: before 1.3.0

Inspiron 7500 2n1 - Silver: before 1.3.0

Inspiron 7501: before 1.8.0

Inspiron 7506 2n1: before 1.5.1

Inspiron 7700 AIO: before 1.4.0

Inspiron 7706 2n1: before 1.5.1

Latitude 3120: before 1.1.0

Latitude 3410: before 1.9.0

Latitude 3420: before 1.8.0

Latitude 3510: before 1.9.0

Latitude 3520: before 1.8.0

Latitude 5310: before 1.7.0

Latitude 5310 2 in 1: before 1.7.0

Latitude 5410: before 1.6.0

Latitude 5411: before 1.6.0

Latitude 5510: before 1.6.0

Latitude 5511: before 1.6.0

Latitude 7210 2-in-1: before 1.7.0

Latitude 7310: before 1.7.0

Latitude 7410: before 1.7.0

Latitude 9410: before 1.7.0

Latitude 9510: before 1.6.0

OptiPlex 3080: before 2.1.1

OptiPlex 3280 All-in-One: before 1.7.0

OptiPlex 5080: before 1.4.0

OptiPlex 7080: before 1.4.0

OptiPlex 7480 All-in-One: before 1.7.0

OptiPlex 7780 All-in-One: before 1.7.0

Precision 17 M5750: before 1.8.2

Precision 3440: before 1.4.0

Precision 3550: before 1.6.0

Precision 3551: before 1.6.0

Precision 3640: before 1.6.2

Precision 5550: before 1.8.1

Precision 7550: before 1.8.0

Precision 7750: before 1.8.0

Vostro 3400: before 1.6.0

Vostro 3500: before 1.6.0

Vostro 3501: before 1.6.0

Vostro 3681: before 2.4.0

Vostro 3881: before 2.4.0

Vostro 3888: before 2.4.0

Vostro 5300: before 1.7.1

Vostro 5301: before 1.8.1

Vostro 5401: before 1.7.2

Vostro 5402: before 1.5.1

Vostro 5501: before 1.7.2

Vostro 5502: before 1.5.1

Vostro 5880: before 1.4.0

Vostro 7500: before 1.8.0

XPS 13 9305: before 1.0.8

XPS 13 2in1 9310: before 2.3.3

XPS 13 9310: before 3.0.0

XPS 15 9500: before 1.8.1

XPS 17 9700: before 1.8.2


CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000188682

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Buffer overflow

EUVDB-ID: #VU54383

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-21572

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a local user to compromise the affected system.

The vulnerability exists due to a boundary error within Dell BIOSConnect feature. A local user with privileged access to the system can bypass UEFI restrictions and execute arbitrary code.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Alienware m15 R6: before 1.3.3

ChengMing 3990: before 1.4.1

ChengMing 3991: before 1.4.1

Dell G15 5510: before 1.4.0

Dell G15 5511: before 1.3.3

Dell G3 3500: before 1.9.0

Dell G5 5500: before 1.9.0

Dell G7 7500: before 1.9.0

Dell G7 7700: before 1.9.0

Inspiron 15 7510: before 1.0.4

Inspiron 3501: before 1.6.0

Inspiron 3880: before 1.4.1

Inspiron 3881: before 1.4.1

Inspiron 3891: before 1.0.11

Inspiron 5300: before 1.7.1

Inspiron 5301: before 1.8.1

Inspiron 5310: before 2.1.0

Inspiron 5400 2n1: before 1.7.0

Inspiron 5400 AIO: before 1.4.0

Inspiron 5401: before 1.7.2

Inspiron 5401 AIO: before 1.4.0

Inspiron 5402: before 1.5.1

Inspiron 5406 2n1: before 1.5.1

Inspiron 5408: before 1.7.2

Inspiron 5409: before 1.5.1

Inspiron 5410 2-in-1: before 2.1.0

Inspiron 5501: before 1.7.2

Inspiron 5502: before 1.5.1

Inspiron 5508: before 1.7.2

Inspiron 5509: before 1.5.1

Inspiron 7300: before 1.8.1

Inspiron 7300 2n1: before 1.3.0

Inspiron 7306 2n1: before 1.5.1

Inspiron 7400: before 1.8.1

Inspiron 7500: before 1.8.0

Inspiron 7500 2n1 - Black: before 1.3.0

Inspiron 7500 2n1 - Silver: before 1.3.0

Inspiron 7501: before 1.8.0

Inspiron 7506 2n1: before 1.5.1

Inspiron 7610: before 1.0.4

Inspiron 7700 AIO: before 1.4.0

Inspiron 7706 2n1: before 1.5.1

Latitude 3120: before 1.1.0

Latitude 3320: before 1.4.0

Latitude 3410: before 1.9.0

Latitude 3420: before 1.8.0

Latitude 3510: before 1.9.0

Latitude 3520: before 1.8.0

Latitude 5310: before 1.7.0

Latitude 5310 2 in 1: before 1.7.0

Latitude 5320: before 1.7.1

Latitude 5320 2-in-1: before 1.7.1

Latitude 5410: before 1.6.0

Latitude 5411: before 1.6.0

Latitude 5420: before 1.8.0

Latitude 5510: before 1.6.0

Latitude 5511: before 1.6.0

Latitude 5520: before 1.7.1

Latitude 7210 2-in-1: before 1.7.0

Latitude 7310: before 1.7.0

Latitude 7320: before 1.7.1

Latitude 7410: before 1.7.0

Latitude 7420: before 1.7.1

Latitude 7520: before 1.7.1

Latitude 9410: before 1.7.0

Latitude 9420: before 1.4.1

Latitude 9510: before 1.6.0

Latitude 9520: before 1.5.2

OptiPlex 3080: before 2.1.1

OptiPlex 3090 UFF: before 1.2.0

OptiPlex 3280 All-in-One: before 1.7.0

OptiPlex 5080: before 1.4.0

OptiPlex 5090 Tower: before 1.1.35

OptiPlex 5490 AIO: before 1.3.0

OptiPlex 7080: before 1.4.0

OptiPlex 7090 Tower: before 1.1.35

OptiPlex 7090 UFF: before 1.2.0

OptiPlex 7480 All-in-One: before 1.7.0

OptiPlex 7490 All-in-One: before 1.3.0

OptiPlex 7780 All-in-One: before 1.7.0

Precision 17 M5750: before 1.8.2

Precision 3440: before 1.4.0

Precision 3450: before 1.1.35

Precision 3550: before 1.6.0

Precision 3551: before 1.6.0

Precision 3560: before 1.7.1

Precision 3640: before 1.6.2

Precision 3650 MT: before 1.2.0

Precision 5550: before 1.8.1

Precision 5560: before 1.3.2

Precision 5760: before 1.1.3

Precision 7550: before 1.8.0

Precision 7560: before 1.1.2

Precision 7750: before 1.8.0

Precision 7760: before 1.1.2

Vostro 15 7510: before 1.0.4

Vostro 3400: before 1.6.0

Vostro 3500: before 1.6.0

Vostro 3501: before 1.6.0

Vostro 3681: before 2.4.0

Vostro 3690: before 1.0.11

Vostro 3881: before 2.4.0

Vostro 3888: before 2.4.0

Vostro 3890: before 1.0.11

Vostro 5300: before 1.7.1

Vostro 5301: before 1.8.1

Vostro 5310: before 2.1.0

Vostro 5401: before 1.7.2

Vostro 5402: before 1.5.1

Vostro 5501: before 1.7.2

Vostro 5502: before 1.5.1

Vostro 5880: before 1.4.0

Vostro 5890: before 1.0.11

Vostro 7500: before 1.8.0

XPS 13 9305: before 1.0.8

XPS 13 2in1 9310: before 2.3.3

XPS 13 9310: before 3.0.0

XPS 15 9500: before 1.8.1

XPS 15 9510: before 1.3.2

XPS 17 9700: before 1.8.2

XPS 17 9710: before 1.1.3


CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000188682

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Buffer overflow

EUVDB-ID: #VU54384

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-21573

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a local user to compromise the affected system.

The vulnerability exists due to a boundary error within Dell BIOSConnect feature. A local user with privileged access to the system can bypass UEFI restrictions and execute arbitrary code.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Alienware m15 R6: before 1.3.3

ChengMing 3990: before 1.4.1

ChengMing 3991: before 1.4.1

Dell G15 5510: before 1.4.0

Dell G15 5511: before 1.3.3

Dell G3 3500: before 1.9.0

Dell G5 5500: before 1.9.0

Dell G7 7500: before 1.9.0

Dell G7 7700: before 1.9.0

Inspiron 15 7510: before 1.0.4

Inspiron 3501: before 1.6.0

Inspiron 3880: before 1.4.1

Inspiron 3881: before 1.4.1

Inspiron 3891: before 1.0.11

Inspiron 5300: before 1.7.1

Inspiron 5301: before 1.8.1

Inspiron 5310: before 2.1.0

Inspiron 5400 2n1: before 1.7.0

Inspiron 5400 AIO: before 1.4.0

Inspiron 5401: before 1.7.2

Inspiron 5401 AIO: before 1.4.0

Inspiron 5402: before 1.5.1

Inspiron 5406 2n1: before 1.5.1

Inspiron 5408: before 1.7.2

Inspiron 5409: before 1.5.1

Inspiron 5410 2-in-1: before 2.1.0

Inspiron 5501: before 1.7.2

Inspiron 5502: before 1.5.1

Inspiron 5508: before 1.7.2

Inspiron 5509: before 1.5.1

Inspiron 7300: before 1.8.1

Inspiron 7300 2n1: before 1.3.0

Inspiron 7306 2n1: before 1.5.1

Inspiron 7400: before 1.8.1

Inspiron 7500: before 1.8.0

Inspiron 7500 2n1 - Black: before 1.3.0

Inspiron 7500 2n1 - Silver: before 1.3.0

Inspiron 7501: before 1.8.0

Inspiron 7506 2n1: before 1.5.1

Inspiron 7610: before 1.0.4

Inspiron 7700 AIO: before 1.4.0

Inspiron 7706 2n1: before 1.5.1

Latitude 3120: before 1.1.0

Latitude 3320: before 1.4.0

Latitude 3410: before 1.9.0

Latitude 3420: before 1.8.0

Latitude 3510: before 1.9.0

Latitude 3520: before 1.8.0

Latitude 5310: before 1.7.0

Latitude 5310 2 in 1: before 1.7.0

Latitude 5320: before 1.7.1

Latitude 5320 2-in-1: before 1.7.1

Latitude 5410: before 1.6.0

Latitude 5411: before 1.6.0

Latitude 5420: before 1.8.0

Latitude 5510: before 1.6.0

Latitude 5511: before 1.6.0

Latitude 5520: before 1.7.1

Latitude 7210 2-in-1: before 1.7.0

Latitude 7310: before 1.7.0

Latitude 7320: before 1.7.1

Latitude 7410: before 1.7.0

Latitude 7420: before 1.7.1

Latitude 7520: before 1.7.1

Latitude 9410: before 1.7.0

Latitude 9420: before 1.4.1

Latitude 9510: before 1.6.0

Latitude 9520: before 1.5.2

OptiPlex 3080: before 2.1.1

OptiPlex 3090 UFF: before 1.2.0

OptiPlex 3280 All-in-One: before 1.7.0

OptiPlex 5080: before 1.4.0

OptiPlex 5090 Tower: before 1.1.35

OptiPlex 5490 AIO: before 1.3.0

OptiPlex 7080: before 1.4.0

OptiPlex 7090 Tower: before 1.1.35

OptiPlex 7090 UFF: before 1.2.0

OptiPlex 7480 All-in-One: before 1.7.0

OptiPlex 7490 All-in-One: before 1.3.0

OptiPlex 7780 All-in-One: before 1.7.0

Precision 17 M5750: before 1.8.2

Precision 3440: before 1.4.0

Precision 3450: before 1.1.35

Precision 3550: before 1.6.0

Precision 3551: before 1.6.0

Precision 3560: before 1.7.1

Precision 3640: before 1.6.2

Precision 3650 MT: before 1.2.0

Precision 5550: before 1.8.1

Precision 5560: before 1.3.2

Precision 5760: before 1.1.3

Precision 7550: before 1.8.0

Precision 7560: before 1.1.2

Precision 7750: before 1.8.0

Precision 7760: before 1.1.2

Vostro 15 7510: before 1.0.4

Vostro 3400: before 1.6.0

Vostro 3500: before 1.6.0

Vostro 3501: before 1.6.0

Vostro 3681: before 2.4.0

Vostro 3690: before 1.0.11

Vostro 3881: before 2.4.0

Vostro 3888: before 2.4.0

Vostro 3890: before 1.0.11

Vostro 5300: before 1.7.1

Vostro 5301: before 1.8.1

Vostro 5310: before 2.1.0

Vostro 5401: before 1.7.2

Vostro 5402: before 1.5.1

Vostro 5501: before 1.7.2

Vostro 5502: before 1.5.1

Vostro 5880: before 1.4.0

Vostro 5890: before 1.0.11

Vostro 7500: before 1.8.0

XPS 13 9305: before 1.0.8

XPS 13 2in1 9310: before 2.3.3

XPS 13 9310: before 3.0.0

XPS 15 9500: before 1.8.1

XPS 15 9510: before 1.3.2

XPS 17 9700: before 1.8.2

XPS 17 9710: before 1.1.3


CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000188682

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Buffer overflow

EUVDB-ID: #VU54385

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-21574

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a local user to compromise the affected system.

The vulnerability exists due to a boundary error within Dell BIOSConnect feature. A local user with privileged access to the system can bypass UEFI restrictions and execute arbitrary code.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Alienware m15 R6: before 1.3.3

ChengMing 3990: before 1.4.1

ChengMing 3991: before 1.4.1

Dell G15 5510: before 1.4.0

Dell G15 5511: before 1.3.3

Dell G3 3500: before 1.9.0

Dell G5 5500: before 1.9.0

Dell G7 7500: before 1.9.0

Dell G7 7700: before 1.9.0

Inspiron 15 7510: before 1.0.4

Inspiron 3501: before 1.6.0

Inspiron 3880: before 1.4.1

Inspiron 3881: before 1.4.1

Inspiron 3891: before 1.0.11

Inspiron 5300: before 1.7.1

Inspiron 5301: before 1.8.1

Inspiron 5310: before 2.1.0

Inspiron 5400 2n1: before 1.7.0

Inspiron 5400 AIO: before 1.4.0

Inspiron 5401: before 1.7.2

Inspiron 5401 AIO: before 1.4.0

Inspiron 5402: before 1.5.1

Inspiron 5406 2n1: before 1.5.1

Inspiron 5408: before 1.7.2

Inspiron 5409: before 1.5.1

Inspiron 5410 2-in-1: before 2.1.0

Inspiron 5501: before 1.7.2

Inspiron 5502: before 1.5.1

Inspiron 5508: before 1.7.2

Inspiron 5509: before 1.5.1

Inspiron 7300: before 1.8.1

Inspiron 7300 2n1: before 1.3.0

Inspiron 7306 2n1: before 1.5.1

Inspiron 7400: before 1.8.1

Inspiron 7500: before 1.8.0

Inspiron 7500 2n1 - Black: before 1.3.0

Inspiron 7500 2n1 - Silver: before 1.3.0

Inspiron 7501: before 1.8.0

Inspiron 7506 2n1: before 1.5.1

Inspiron 7610: before 1.0.4

Inspiron 7700 AIO: before 1.4.0

Inspiron 7706 2n1: before 1.5.1

Latitude 3120: before 1.1.0

Latitude 3320: before 1.4.0

Latitude 3410: before 1.9.0

Latitude 3420: before 1.8.0

Latitude 3510: before 1.9.0

Latitude 3520: before 1.8.0

Latitude 5310: before 1.7.0

Latitude 5310 2 in 1: before 1.7.0

Latitude 5320: before 1.7.1

Latitude 5320 2-in-1: before 1.7.1

Latitude 5410: before 1.6.0

Latitude 5411: before 1.6.0

Latitude 5420: before 1.8.0

Latitude 5510: before 1.6.0

Latitude 5511: before 1.6.0

Latitude 5520: before 1.7.1

Latitude 7210 2-in-1: before 1.7.0

Latitude 7310: before 1.7.0

Latitude 7320: before 1.7.1

Latitude 7410: before 1.7.0

Latitude 7420: before 1.7.1

Latitude 7520: before 1.7.1

Latitude 9410: before 1.7.0

Latitude 9420: before 1.4.1

Latitude 9510: before 1.6.0

Latitude 9520: before 1.5.2

OptiPlex 3080: before 2.1.1

OptiPlex 3090 UFF: before 1.2.0

OptiPlex 3280 All-in-One: before 1.7.0

OptiPlex 5080: before 1.4.0

OptiPlex 5090 Tower: before 1.1.35

OptiPlex 5490 AIO: before 1.3.0

OptiPlex 7080: before 1.4.0

OptiPlex 7090 Tower: before 1.1.35

OptiPlex 7090 UFF: before 1.2.0

OptiPlex 7480 All-in-One: before 1.7.0

OptiPlex 7490 All-in-One: before 1.3.0

OptiPlex 7780 All-in-One: before 1.7.0

Precision 17 M5750: before 1.8.2

Precision 3440: before 1.4.0

Precision 3450: before 1.1.35

Precision 3550: before 1.6.0

Precision 3551: before 1.6.0

Precision 3560: before 1.7.1

Precision 3640: before 1.6.2

Precision 3650 MT: before 1.2.0

Precision 5550: before 1.8.1

Precision 5560: before 1.3.2

Precision 5760: before 1.1.3

Precision 7550: before 1.8.0

Precision 7560: before 1.1.2

Precision 7750: before 1.8.0

Precision 7760: before 1.1.2

Vostro 15 7510: before 1.0.4

Vostro 3400: before 1.6.0

Vostro 3500: before 1.6.0

Vostro 3501: before 1.6.0

Vostro 3681: before 2.4.0

Vostro 3690: before 1.0.11

Vostro 3881: before 2.4.0

Vostro 3888: before 2.4.0

Vostro 3890: before 1.0.11

Vostro 5300: before 1.7.1

Vostro 5301: before 1.8.1

Vostro 5310: before 2.1.0

Vostro 5401: before 1.7.2

Vostro 5402: before 1.5.1

Vostro 5501: before 1.7.2

Vostro 5502: before 1.5.1

Vostro 5880: before 1.4.0

Vostro 5890: before 1.0.11

Vostro 7500: before 1.8.0

XPS 13 9305: before 1.0.8

XPS 13 2in1 9310: before 2.3.3

XPS 13 9310: before 3.0.0

XPS 15 9500: before 1.8.1

XPS 15 9510: before 1.3.2

XPS 17 9700: before 1.8.2

XPS 17 9710: before 1.1.3


CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000188682

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###