CVE-2021-36285

Published: Sep 28, 2021Modified: Nov 21, 2024

4.4

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitability: 0.8 / Impact: 3.6

Source: NVD

Description

Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive NVMe password attempt mitigations in order to carry out a brute force attack.

Affected (21)

Dell

21 products

Latitude 5310 2 In 1 Firmware

Latitude 5320 Firmware

Latitude 5400 Firmware

Latitude 5411 Firmware

Latitude 5500 Firmware

Latitude 5520 Firmware

Latitude 5511 Firmware

Latitude 7212 Rugged Extreme Tablet Firmware

Latitude 7280 Firmware

Latitude 7320 Firmware

Latitude 7370 Firmware

Latitude 7420 Firmware

Latitude 7480 Firmware

Latitude 9410 Firmware

Latitude 9510 Firmware

Latitude 9520 Firmware

Optiplex 3080 Firmware

Optiplex 3280 Aio Firmware

Optiplex 7480 Aio Firmware

Precision 3551 Ffirmware

Precision 3640 Tower Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Latitude 5310 2 In 1 Firmware	Before 1.7.0

Running on/with	Platform Versions
Dell Latitude 5310 2 In 1	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Latitude 5320 Firmware	Before 1.7.0

Running on/with	Platform Versions
Dell Latitude 5320	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Latitude 5400 Firmware	Before 1.7.1

Running on/with	Platform Versions
Dell Latitude 5400	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Latitude 5411 Firmware	Before 1.6.0

Running on/with	Platform Versions
Dell Latitude 5411	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Latitude 5500 Firmware	Before 1.8.0

Running on/with	Platform Versions
Dell Latitude 5500	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Latitude 5520 Firmware	Before 1.6.0

Running on/with	Platform Versions
Dell Latitude 5520	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Latitude 5511 Firmware	Before 1.7.1

Running on/with	Platform Versions
Dell Latitude 5511	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Latitude 7212 Rugged Extreme Tablet Firmware	Before 1.7.0

Running on/with	Platform Versions
Dell Latitude 7212 Rugged Extreme Tablet	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Latitude 7280 Firmware	Before 1.9.1

Running on/with	Platform Versions
Dell Latitude 7280	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Latitude 7320 Firmware	Before 1.7.0

Running on/with	Platform Versions
Dell Latitude 7320	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Latitude 7370 Firmware	Before 1.7.1

Running on/with	Platform Versions
Dell Latitude 7370	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Latitude 7420 Firmware	Before 1.7.0

Running on/with	Platform Versions
Dell Latitude 7420	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Latitude 7480 Firmware	Before 1.7.1

Running on/with	Platform Versions
Dell Latitude 7480	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Latitude 9410 Firmware	Before 1.7.1

Running on/with	Platform Versions
Dell Latitude 9410	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Latitude 9510 Firmware	Before 1.7.0

Running on/with	Platform Versions
Dell Latitude 9510	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Latitude 9520 Firmware	Before 1.6.0

Running on/with	Platform Versions
Dell Latitude 9520	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Optiplex 3080 Firmware	Before 1.5.2

Running on/with	Platform Versions
Dell Optiplex 3080	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Optiplex 3280 Aio Firmware	Before 1.2.0

Running on/with	Platform Versions
Dell Optiplex 3280 Aio	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Optiplex 7480 Aio Firmware	Before 1.2.0

Running on/with	Platform Versions
Dell Optiplex 7480 Aio	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Precision 3551 Ffirmware	Before 1.6.2

Running on/with	Platform Versions
Dell Precision 3551	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Precision 3640 Tower Firmware	Before 1.7.1

Running on/with	Platform Versions
Dell Precision 3640 Tower	All versions

Related CWEs

CWE-307

Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.

References (2)

https://www.dell.com/support/kbdoc/000191495/

Source: security_alert@emc.com

Vendor Advisory

https://www.dell.com/support/kbdoc/000191495/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.