Main Vulnerability Database SB2021092107

SB2021092107 - Credentials management in Dell BIOS

Published: September 21, 2021

Security Bulletin ID SB2021092107

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Credentials management (CVE-ID: CVE-2021-21522)

The vulnerability allows a local user to gain unauthorized access to sensitive information.

The vulnerability exists due to credentials management issue in the Dell BIOS. A local administrator can gain access to sensitive information on an HDD storage by setting the BIOS Admin password on the system via the Manageability Interface after the HDD password is set.

Remediation

Install update from vendor's website.

References

https://www.dell.com/support/kbdoc/fr-fr/printview/000191495/10/en

Vulnerable Software

ChengMing 3990: All versions
ChengMing 3991: All versions
Dell G3 15 (3500): All versions
Dell G3 15 (3590): All versions
Dell G5 15 (5500): All versions
Inspiron 3493: All versions
Inspiron 3501: All versions
Inspiron 3593: All versions
Inspiron 3793: All versions
Inspiron 3880: All versions
Inspiron 3881: All versions
Inspiron 5400 2 in1: All versions
Inspiron 5490: All versions
Inspiron 5493: All versions
Inspiron 5498: All versions
Inspiron 5590: All versions
Inspiron 5593: All versions
Inspiron 5598: All versions
Inspiron 7391 2 in 1: All versions
Inspiron 7500: All versions
Inspiron 7500 2 in1 Silver: All versions
Inspiron 7501: All versions
Inspiron 7590: All versions
Inspiron 7591: All versions
Latitude 3310: All versions
Latitude 3310 2-in-1: All versions
Latitude 5285 2-in-1: All versions
Latitude 5289 2-in-1: All versions
Latitude 5290 2-in-1: All versions
Latitude 5300: All versions
Latitude 5300 2-IN-1: All versions
Latitude 5310: All versions
Latitude 5310 2-IN-1: All versions
Latitude 5320: All versions
Latitude 5400: All versions
Latitude 5401: All versions
Latitude 5410: All versions
Latitude 5411: All versions
Latitude 5420: All versions
Latitude 5500: All versions
Latitude 5501: All versions
Latitude 5510: All versions
Latitude 5520: All versions
Latitude 5511: All versions
Latitude 7200 2 in 1: All versions
Latitude 7210 2 in 1: All versions
Latitude 7212 Rugged Extreme Tablet: All versions
Latitude 7220 / 7220EX Rugged Extreme Tablet: All versions
Latitude 7280: All versions
Latitude 7285: All versions
Latitude 7290: All versions
Latitude 7300: All versions
Latitude 7310: All versions
Latitude 7320: All versions
Latitude 7370: All versions
Latitude 7380: All versions
Latitude 7389: All versions
Latitude 7390: All versions
Latitude 7390 2-in-1: All versions
Latitude 7400: All versions
Latitude 7400 2-in-1: All versions
Latitude 7410: All versions
Latitude 7420: All versions
Latitude 7480: All versions
Latitude 7490: All versions
Latitude 7520: All versions
Latitude 9410: All versions
Latitude 9510: All versions
Latitude 9520: All versions
OptiPlex 3080: All versions
OptiPlex 3090 Ultra: All versions
OptiPlex 3280 AIO: All versions
OptiPlex 5080: All versions
OptiPlex 5480 AIO: All versions
OptiPlex 7080: All versions
Optiplex 7090 Ultra: All versions
OptiPlex 7480 AIO: All versions
OptiPlex 7780 AIO: All versions
Precision 3440: All versions
Precision 3540: All versions
Precision 3541: All versions
Precision 3550: All versions
Precision 3551: All versions
Precision 3560: All versions
Precision 3640 Tower: All versions
Precision 5510: All versions
Precision 5520: All versions
Precision 5530 2-in-1: All versions
Precision 5540: All versions
Precision 5550: All versions
Precision 5750: All versions
Precision 7550: All versions
Precision 7540: All versions
Precision 7740: All versions
Precision 7750: All versions
Vostro 3401: All versions
Vostro 3491: All versions
Vostro 3501: All versions
Vostro 3591: All versions
Vostro 3681: All versions
Vostro 3881: All versions
Vostro 3888: All versions
Vostro 5490: All versions
Vostro 5590: All versions
Vostro 7500: All versions
Vostro 7590: All versions
Wyse 5470: All versions
XPS 13 (9360): All versions
XPS 13 (9370): All versions
XPS 13 (9380): All versions
XPS 13 9300: All versions
XPS 15 9575 2-in-1: All versions
XPS 17 9700: All versions
XPS 7380: All versions
XPS 7390 2-in-1: All versions
XPS 7590: All versions
XPS 9500: All versions
Dell BIOS: before 1.6.0

SB2021092107 - Credentials management in Dell BIOS

Breakdown by Severity

Description

Remediation

References

Please verify you're human