Multiple vulnerabilities in Dell BIOS



Published: 2021-09-21
Risk Low
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2021-36284
CVE-2021-36285
CWE-ID CWE-307
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe
ChengMing 3990
Hardware solutions / Firmware

ChengMing 3991
Hardware solutions / Firmware

Dell G3 15 (3500)
Hardware solutions / Firmware

Dell G3 15 (3590)
Hardware solutions / Firmware

Dell G5 15 (5500)
Hardware solutions / Firmware

Inspiron 3493
Hardware solutions / Firmware

Inspiron 3501
Hardware solutions / Firmware

Inspiron 3593
Hardware solutions / Firmware

Inspiron 3793
Hardware solutions / Firmware

Inspiron 3880
Hardware solutions / Firmware

Inspiron 3881
Hardware solutions / Firmware

Inspiron 5400 2 in1
Hardware solutions / Firmware

Inspiron 5490
Hardware solutions / Firmware

Inspiron 5493
Hardware solutions / Firmware

Inspiron 5498
Hardware solutions / Firmware

Inspiron 5590
Hardware solutions / Firmware

Inspiron 5593
Hardware solutions / Firmware

Inspiron 5598
Hardware solutions / Firmware

Inspiron 7391 2 in 1
Hardware solutions / Firmware

Inspiron 7500
Hardware solutions / Firmware

Inspiron 7500 2 in1 Silver
Hardware solutions / Firmware

Inspiron 7501
Hardware solutions / Firmware

Inspiron 7590
Hardware solutions / Firmware

Inspiron 7591
Hardware solutions / Firmware

Latitude 3310
Hardware solutions / Firmware

Latitude 3310 2-in-1
Hardware solutions / Firmware

Latitude 5285 2-in-1
Hardware solutions / Firmware

Latitude 5289 2-in-1
Hardware solutions / Firmware

Latitude 5290 2-in-1
Hardware solutions / Firmware

Latitude 5300
Hardware solutions / Firmware

Latitude 5300 2-IN-1
Hardware solutions / Firmware

Latitude 5310
Hardware solutions / Firmware

Latitude 5310 2-IN-1
Hardware solutions / Firmware

Latitude 5320
Hardware solutions / Firmware

Latitude 5400
Hardware solutions / Firmware

Latitude 5401
Hardware solutions / Firmware

Latitude 5410
Hardware solutions / Firmware

Latitude 5411
Hardware solutions / Firmware

Latitude 5420
Hardware solutions / Firmware

Latitude 5500
Hardware solutions / Firmware

Latitude 5501
Hardware solutions / Firmware

Latitude 5510
Hardware solutions / Firmware

Latitude 5520
Hardware solutions / Firmware

Latitude 5511
Hardware solutions / Firmware

Latitude 7200 2 in 1
Hardware solutions / Firmware

Latitude 7210 2 in 1
Hardware solutions / Firmware

Latitude 7212 Rugged Extreme Tablet
Hardware solutions / Firmware

Latitude 7220 / 7220EX Rugged Extreme Tablet
Hardware solutions / Firmware

Latitude 7280
Hardware solutions / Firmware

Latitude 7285
Hardware solutions / Firmware

Latitude 7290
Hardware solutions / Firmware

Latitude 7300
Hardware solutions / Firmware

Latitude 7310
Hardware solutions / Firmware

Latitude 7320
Hardware solutions / Firmware

Latitude 7370
Hardware solutions / Firmware

Latitude 7380
Hardware solutions / Firmware

Latitude 7389
Hardware solutions / Firmware

Latitude 7390
Hardware solutions / Firmware

Latitude 7390 2-in-1
Hardware solutions / Firmware

Latitude 7400
Hardware solutions / Firmware

Latitude 7400 2-in-1
Hardware solutions / Firmware

Latitude 7410
Hardware solutions / Firmware

Latitude 7420
Hardware solutions / Firmware

Latitude 7480
Hardware solutions / Firmware

Latitude 7490
Hardware solutions / Firmware

Latitude 7520
Hardware solutions / Firmware

Latitude 9410
Hardware solutions / Firmware

Latitude 9510
Hardware solutions / Firmware

Latitude 9520
Hardware solutions / Firmware

OptiPlex 3080
Hardware solutions / Firmware

OptiPlex 3090 Ultra
Hardware solutions / Firmware

OptiPlex 3280 AIO
Hardware solutions / Firmware

OptiPlex 5080
Hardware solutions / Firmware

OptiPlex 5480 AIO
Hardware solutions / Firmware

OptiPlex 7080
Hardware solutions / Firmware

Optiplex 7090 Ultra
Hardware solutions / Firmware

OptiPlex 7480 AIO
Hardware solutions / Firmware

OptiPlex 7780 AIO
Hardware solutions / Firmware

Precision 3440
Hardware solutions / Firmware

Precision 3540
Hardware solutions / Firmware

Precision 3541
Hardware solutions / Firmware

Precision 3550
Hardware solutions / Firmware

Precision 3551
Hardware solutions / Firmware

Precision 3560
Hardware solutions / Firmware

Precision 3640 Tower
Hardware solutions / Firmware

Precision 5510
Hardware solutions / Firmware

Precision 5520
Hardware solutions / Firmware

Precision 5530 2-in-1
Hardware solutions / Firmware

Precision 5540
Hardware solutions / Firmware

Precision 5550
Hardware solutions / Firmware

Precision 5750
Hardware solutions / Firmware

Precision 7550
Hardware solutions / Firmware

Precision 7540
Hardware solutions / Firmware

Precision 7740
Hardware solutions / Firmware

Precision 7750
Hardware solutions / Firmware

Vostro 3401
Hardware solutions / Firmware

Vostro 3491
Hardware solutions / Firmware

Vostro 3501
Hardware solutions / Firmware

Vostro 3591
Hardware solutions / Firmware

Vostro 3681
Hardware solutions / Firmware

Vostro 3881
Hardware solutions / Firmware

Vostro 3888
Hardware solutions / Firmware

Vostro 5490
Hardware solutions / Firmware

Vostro 5590
Hardware solutions / Firmware

Vostro 7500
Hardware solutions / Firmware

Vostro 7590
Hardware solutions / Firmware

Wyse 5470
Hardware solutions / Firmware

XPS 13 (9360)
Hardware solutions / Firmware

XPS 13 (9370)
Hardware solutions / Firmware

XPS 13 (9380)
Hardware solutions / Firmware

XPS 13 9300
Hardware solutions / Firmware

XPS 15 9575 2-in-1
Hardware solutions / Firmware

XPS 17 9700
Hardware solutions / Firmware

XPS 7380
Hardware solutions / Firmware

XPS 7390 2-in-1
Hardware solutions / Firmware

XPS 7590
Hardware solutions / Firmware

XPS 9500
Hardware solutions / Firmware

Dell BIOS
Other software / Other software solutions

Vendor Dell

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Improper Restriction of Excessive Authentication Attempts

EUVDB-ID: #VU56766

Risk: Low

CVSSv3.1: 5 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-36284

CWE-ID: CWE-307 - Improper Restriction of Excessive Authentication Attempts

Exploit availability: No

Description

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to the authentication mechanism has no brute-force prevention. A local administrator can bypass excessive admin password attempt mitigations and perform a brute-force attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

ChengMing 3990: All versions

ChengMing 3991: All versions

Dell G3 15 (3500): All versions

Dell G3 15 (3590): All versions

Dell G5 15 (5500): All versions

Inspiron 3493: All versions

Inspiron 3501: All versions

Inspiron 3593: All versions

Inspiron 3793: All versions

Inspiron 3880: All versions

Inspiron 3881: All versions

Inspiron 5400 2 in1: All versions

Inspiron 5490: All versions

Inspiron 5493: All versions

Inspiron 5498: All versions

Inspiron 5590: All versions

Inspiron 5593: All versions

Inspiron 5598: All versions

Inspiron 7391 2 in 1: All versions

Inspiron 7500: All versions

Inspiron 7500 2 in1 Silver: All versions

Inspiron 7501: All versions

Inspiron 7590: All versions

Inspiron 7591: All versions

Latitude 3310: All versions

Latitude 3310 2-in-1: All versions

Latitude 5285 2-in-1: All versions

Latitude 5289 2-in-1: All versions

Latitude 5290 2-in-1: All versions

Latitude 5300: All versions

Latitude 5300 2-IN-1: All versions

Latitude 5310: All versions

Latitude 5310 2-IN-1: All versions

Latitude 5320: All versions

Latitude 5400: All versions

Latitude 5401: All versions

Latitude 5410: All versions

Latitude 5411: All versions

Latitude 5420: All versions

Latitude 5500: All versions

Latitude 5501: All versions

Latitude 5510: All versions

Latitude 5520: All versions

Latitude 5511: All versions

Latitude 7200 2 in 1: All versions

Latitude 7210 2 in 1: All versions

Latitude 7212 Rugged Extreme Tablet: All versions

Latitude 7220 / 7220EX Rugged Extreme Tablet: All versions

Latitude 7280: All versions

Latitude 7285: All versions

Latitude 7290: All versions

Latitude 7300: All versions

Latitude 7310: All versions

Latitude 7320: All versions

Latitude 7370: All versions

Latitude 7380: All versions

Latitude 7389: All versions

Latitude 7390: All versions

Latitude 7390 2-in-1: All versions

Latitude 7400: All versions

Latitude 7400 2-in-1: All versions

Latitude 7410: All versions

Latitude 7420: All versions

Latitude 7480: All versions

Latitude 7490: All versions

Latitude 7520: All versions

Latitude 9410: All versions

Latitude 9510: All versions

Latitude 9520: All versions

OptiPlex 3080: All versions

OptiPlex 3090 Ultra: All versions

OptiPlex 3280 AIO: All versions

OptiPlex 5080: All versions

OptiPlex 5480 AIO: All versions

OptiPlex 7080: All versions

Optiplex 7090 Ultra: All versions

OptiPlex 7480 AIO: All versions

OptiPlex 7780 AIO: All versions

Precision 3440: All versions

Precision 3540: All versions

Precision 3541: All versions

Precision 3550: All versions

Precision 3551: All versions

Precision 3560: All versions

Precision 3640 Tower: All versions

Precision 5510: All versions

Precision 5520: All versions

Precision 5530 2-in-1: All versions

Precision 5540: All versions

Precision 5550: All versions

Precision 5750: All versions

Precision 7550: All versions

Precision 7540: All versions

Precision 7740: All versions

Precision 7750: All versions

Vostro 3401: All versions

Vostro 3491: All versions

Vostro 3501: All versions

Vostro 3591: All versions

Vostro 3681: All versions

Vostro 3881: All versions

Vostro 3888: All versions

Vostro 5490: All versions

Vostro 5590: All versions

Vostro 7500: All versions

Vostro 7590: All versions

Wyse 5470: All versions

XPS 13 (9360): All versions

XPS 13 (9370): All versions

XPS 13 (9380): All versions

XPS 13 9300: All versions

XPS 15 9575 2-in-1: All versions

XPS 17 9700: All versions

XPS 7380: All versions

XPS 7390 2-in-1: All versions

XPS 7590: All versions

XPS 9500: All versions

Dell BIOS: before 1.2.0, 1.5.2, 1.8.0, 1.9.1, 1.6.0, 1.7.1, 1.7.0


CPE2.3 External links

http://www.dell.com/support/kbdoc/fr-fr/printview/000191495/10/en

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper Restriction of Excessive Authentication Attempts

EUVDB-ID: #VU56767

Risk: Low

CVSSv3.1: 5 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-36285

CWE-ID: CWE-307 - Improper Restriction of Excessive Authentication Attempts

Exploit availability: No

Description

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to the authentication mechanism has no brute-force prevention. A local administrator can bypass excessive NVMe password attempt mitigations and perform a brute-force attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

ChengMing 3990: All versions

ChengMing 3991: All versions

Dell G3 15 (3500): All versions

Dell G3 15 (3590): All versions

Dell G5 15 (5500): All versions

Inspiron 3493: All versions

Inspiron 3501: All versions

Inspiron 3593: All versions

Inspiron 3793: All versions

Inspiron 3880: All versions

Inspiron 3881: All versions

Inspiron 5400 2 in1: All versions

Inspiron 5490: All versions

Inspiron 5493: All versions

Inspiron 5498: All versions

Inspiron 5590: All versions

Inspiron 5593: All versions

Inspiron 5598: All versions

Inspiron 7391 2 in 1: All versions

Inspiron 7500: All versions

Inspiron 7500 2 in1 Silver: All versions

Inspiron 7501: All versions

Inspiron 7590: All versions

Inspiron 7591: All versions

Latitude 3310: All versions

Latitude 3310 2-in-1: All versions

Latitude 5285 2-in-1: All versions

Latitude 5289 2-in-1: All versions

Latitude 5290 2-in-1: All versions

Latitude 5300: All versions

Latitude 5300 2-IN-1: All versions

Latitude 5310: All versions

Latitude 5310 2-IN-1: All versions

Latitude 5320: All versions

Latitude 5400: All versions

Latitude 5401: All versions

Latitude 5410: All versions

Latitude 5411: All versions

Latitude 5420: All versions

Latitude 5500: All versions

Latitude 5501: All versions

Latitude 5510: All versions

Latitude 5520: All versions

Latitude 5511: All versions

Latitude 7200 2 in 1: All versions

Latitude 7210 2 in 1: All versions

Latitude 7212 Rugged Extreme Tablet: All versions

Latitude 7220 / 7220EX Rugged Extreme Tablet: All versions

Latitude 7280: All versions

Latitude 7285: All versions

Latitude 7290: All versions

Latitude 7300: All versions

Latitude 7310: All versions

Latitude 7320: All versions

Latitude 7370: All versions

Latitude 7380: All versions

Latitude 7389: All versions

Latitude 7390: All versions

Latitude 7390 2-in-1: All versions

Latitude 7400: All versions

Latitude 7400 2-in-1: All versions

Latitude 7410: All versions

Latitude 7420: All versions

Latitude 7480: All versions

Latitude 7490: All versions

Latitude 7520: All versions

Latitude 9410: All versions

Latitude 9510: All versions

Latitude 9520: All versions

OptiPlex 3080: All versions

OptiPlex 3090 Ultra: All versions

OptiPlex 3280 AIO: All versions

OptiPlex 5080: All versions

OptiPlex 5480 AIO: All versions

OptiPlex 7080: All versions

Optiplex 7090 Ultra: All versions

OptiPlex 7480 AIO: All versions

OptiPlex 7780 AIO: All versions

Precision 3440: All versions

Precision 3540: All versions

Precision 3541: All versions

Precision 3550: All versions

Precision 3551: All versions

Precision 3560: All versions

Precision 3640 Tower: All versions

Precision 5510: All versions

Precision 5520: All versions

Precision 5530 2-in-1: All versions

Precision 5540: All versions

Precision 5550: All versions

Precision 5750: All versions

Precision 7550: All versions

Precision 7540: All versions

Precision 7740: All versions

Precision 7750: All versions

Vostro 3401: All versions

Vostro 3491: All versions

Vostro 3501: All versions

Vostro 3591: All versions

Vostro 3681: All versions

Vostro 3881: All versions

Vostro 3888: All versions

Vostro 5490: All versions

Vostro 5590: All versions

Vostro 7500: All versions

Vostro 7590: All versions

Wyse 5470: All versions

XPS 13 (9360): All versions

XPS 13 (9370): All versions

XPS 13 (9380): All versions

XPS 13 9300: All versions

XPS 15 9575 2-in-1: All versions

XPS 17 9700: All versions

XPS 7380: All versions

XPS 7390 2-in-1: All versions

XPS 7590: All versions

XPS 9500: All versions

Dell BIOS: before 1.2.0, 1.5.2, 1.8.0, 1.9.1, 1.6.0, 1.7.1, 1.7.0


CPE2.3 External links

http://www.dell.com/support/kbdoc/fr-fr/printview/000191495/10/en

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###