Multiple vulnerabilities in Dell BIOSConnect and HTTPS Boot features



Risk Medium
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2021-21571
CVE-2021-21572
CVE-2021-21573
CVE-2021-21574
CWE-ID CWE-295
CWE-119
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Alienware m15 R6
Hardware solutions / Firmware

Dell G15 5510
Hardware solutions / Firmware

Dell G15 5511
Hardware solutions / Firmware

Inspiron 14 5418
Hardware solutions / Firmware

Inspiron 15 5518
Hardware solutions / Firmware

Inspiron 15 7510
Hardware solutions / Firmware

Inspiron 3891
Hardware solutions / Firmware

Inspiron 5310
Hardware solutions / Firmware

Inspiron 5410 2-in-1
Hardware solutions / Firmware

Inspiron 7610
Hardware solutions / Firmware

Latitude 3320
Hardware solutions / Firmware

Latitude 5320
Hardware solutions / Firmware

Latitude 5320 2-in-1
Hardware solutions / Firmware

Latitude 5420
Hardware solutions / Firmware

Latitude 5520
Hardware solutions / Firmware

Latitude 5521
Hardware solutions / Firmware

Latitude 7320
Hardware solutions / Firmware

Latitude 7320 Detachable
Hardware solutions / Firmware

Latitude 7420
Hardware solutions / Firmware

Latitude 7520
Hardware solutions / Firmware

Latitude 9420
Hardware solutions / Firmware

Latitude 9520
Hardware solutions / Firmware

Latitude 5421
Hardware solutions / Firmware

OptiPlex 3090 UFF
Hardware solutions / Firmware

OptiPlex 5090 Tower
Hardware solutions / Firmware

OptiPlex 5490 AIO
Hardware solutions / Firmware

OptiPlex 7090 Tower
Hardware solutions / Firmware

OptiPlex 7090 UFF
Hardware solutions / Firmware

OptiPlex 7490 All-in-One
Hardware solutions / Firmware

Precision 3450
Hardware solutions / Firmware

Precision 3560
Hardware solutions / Firmware

Precision 3561
Hardware solutions / Firmware

Precision 3650 MT
Hardware solutions / Firmware

Precision 5560
Hardware solutions / Firmware

Precision 5760
Hardware solutions / Firmware

Precision 7560
Hardware solutions / Firmware

Precision 7760
Hardware solutions / Firmware

Vostro 14 5410
Hardware solutions / Firmware

Vostro 15 5510
Hardware solutions / Firmware

Vostro 15 7510
Hardware solutions / Firmware

Vostro 3690
Hardware solutions / Firmware

Vostro 3890
Hardware solutions / Firmware

Vostro 5310
Hardware solutions / Firmware

Vostro 5890
Hardware solutions / Firmware

XPS 15 9510
Hardware solutions / Firmware

XPS 17 9710
Hardware solutions / Firmware

ChengMing 3990
Hardware solutions / Firmware

ChengMing 3991
Hardware solutions / Firmware

Dell G3 3500
Hardware solutions / Firmware

Dell G5 5500
Hardware solutions / Firmware

Dell G7 7500
Hardware solutions / Firmware

Dell G7 7700
Hardware solutions / Firmware

Inspiron 3501
Hardware solutions / Firmware

Inspiron 3880
Hardware solutions / Firmware

Inspiron 3881
Hardware solutions / Firmware

Inspiron 5300
Hardware solutions / Firmware

Inspiron 5301
Hardware solutions / Firmware

Inspiron 5400 2n1
Hardware solutions / Firmware

Inspiron 5400 AIO
Hardware solutions / Firmware

Inspiron 5401
Hardware solutions / Firmware

Inspiron 5401 AIO
Hardware solutions / Firmware

Inspiron 5402
Hardware solutions / Firmware

Inspiron 5406 2n1
Hardware solutions / Firmware

Inspiron 5408
Hardware solutions / Firmware

Inspiron 5409
Hardware solutions / Firmware

Inspiron 5501
Hardware solutions / Firmware

Inspiron 5502
Hardware solutions / Firmware

Inspiron 5508
Hardware solutions / Firmware

Inspiron 5509
Hardware solutions / Firmware

Inspiron 7300
Hardware solutions / Firmware

Inspiron 7300 2n1
Hardware solutions / Firmware

Inspiron 7306 2n1
Hardware solutions / Firmware

Inspiron 7400
Hardware solutions / Firmware

Inspiron 7500
Hardware solutions / Firmware

Inspiron 7500 2n1 - Black
Hardware solutions / Firmware

Inspiron 7500 2n1 - Silver
Hardware solutions / Firmware

Inspiron 7501
Hardware solutions / Firmware

Inspiron 7506 2n1
Hardware solutions / Firmware

Inspiron 7700 AIO
Hardware solutions / Firmware

Inspiron 7706 2n1
Hardware solutions / Firmware

Latitude 3120
Hardware solutions / Firmware

Latitude 3410
Hardware solutions / Firmware

Latitude 3420
Hardware solutions / Firmware

Latitude 3510
Hardware solutions / Firmware

Latitude 3520
Hardware solutions / Firmware

Latitude 5310
Hardware solutions / Firmware

Latitude 5310 2 in 1
Hardware solutions / Firmware

Latitude 5410
Hardware solutions / Firmware

Latitude 5411
Hardware solutions / Firmware

Latitude 5510
Hardware solutions / Firmware

Latitude 5511
Hardware solutions / Firmware

Latitude 7210 2-in-1
Hardware solutions / Firmware

Latitude 7310
Hardware solutions / Firmware

Latitude 7410
Hardware solutions / Firmware

Latitude 9410
Hardware solutions / Firmware

Latitude 9510
Hardware solutions / Firmware

OptiPlex 3080
Hardware solutions / Firmware

OptiPlex 3280 All-in-One
Hardware solutions / Firmware

OptiPlex 5080
Hardware solutions / Firmware

OptiPlex 7080
Hardware solutions / Firmware

OptiPlex 7480 All-in-One
Hardware solutions / Firmware

OptiPlex 7780 All-in-One
Hardware solutions / Firmware

Precision 17 M5750
Hardware solutions / Firmware

Precision 3440
Hardware solutions / Firmware

Precision 3550
Hardware solutions / Firmware

Precision 3551
Hardware solutions / Firmware

Precision 3640
Hardware solutions / Firmware

Precision 5550
Hardware solutions / Firmware

Precision 7550
Hardware solutions / Firmware

Precision 7750
Hardware solutions / Firmware

Vostro 3400
Hardware solutions / Firmware

Vostro 3500
Hardware solutions / Firmware

Vostro 3501
Hardware solutions / Firmware

Vostro 3681
Hardware solutions / Firmware

Vostro 3881
Hardware solutions / Firmware

Vostro 3888
Hardware solutions / Firmware

Vostro 5300
Hardware solutions / Firmware

Vostro 5301
Hardware solutions / Firmware

Vostro 5401
Hardware solutions / Firmware

Vostro 5402
Hardware solutions / Firmware

Vostro 5501
Hardware solutions / Firmware

Vostro 5502
Hardware solutions / Firmware

Vostro 5880
Hardware solutions / Firmware

Vostro 7500
Hardware solutions / Firmware

XPS 13 9305
Hardware solutions / Firmware

XPS 13 2in1 9310
Hardware solutions / Firmware

XPS 13 9310
Hardware solutions / Firmware

XPS 15 9500
Hardware solutions / Firmware

XPS 17 9700
Hardware solutions / Firmware

Vendor

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Improper certificate validation

EUVDB-ID: #VU54382

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-21571

CWE-ID: CWE-295 - Improper Certificate Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to improper certificate validation within the Dell BIOSConnect and Dell HTTPS Boot features. A remote attacker can perform MitM attack and cause a denial of service or tamper with the system boot.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Alienware m15 R6: before 1.3.3

Dell G15 5510: before 1.4.0

Dell G15 5511: before 1.3.3

Inspiron 14 5418: before 2.1.0 A06

Inspiron 15 5518: before 2.1.0 A06

Inspiron 15 7510: before 1.0.4

Inspiron 3891: before 1.0.11

Inspiron 5310: before 2.1.0

Inspiron 5410 2-in-1: before 2.1.0

Inspiron 7610: before 1.0.4

Latitude 3320: before 1.4.0

Latitude 5320: before 1.7.1

Latitude 5320 2-in-1: before 1.7.1

Latitude 5420: before 1.8.0

Latitude 5520: before 1.7.1

Latitude 5521: before 1.3.0 A03

Latitude 7320: before 1.7.1

Latitude 7320 Detachable: before 1.4.0 A04

Latitude 7420: before 1.7.1

Latitude 7520: before 1.7.1

Latitude 9420: before 1.4.1

Latitude 9520: before 1.5.2

Latitude 5421: before 1.3.0 A03

OptiPlex 3090 UFF: before 1.2.0

OptiPlex 5090 Tower: before 1.1.35

OptiPlex 5490 AIO: before 1.3.0

OptiPlex 7090 Tower: before 1.1.35

OptiPlex 7090 UFF: before 1.2.0

OptiPlex 7490 All-in-One: before 1.3.0

Precision 3450: before 1.1.35

Precision 3560: before 1.7.1

Precision 3561: before 1.3.0 A03

Precision 3650 MT: before 1.2.0

Precision 5560: before 1.3.2

Precision 5760: before 1.1.3

Precision 7560: before 1.1.2

Precision 7760: before 1.1.2

Vostro 14 5410: before 2.1.0 A06

Vostro 15 5510: before 2.1.0 A06

Vostro 15 7510: before 1.0.4

Vostro 3690: before 1.0.11

Vostro 3890: before 1.0.11

Vostro 5310: before 2.1.0

Vostro 5890: before 1.0.11

XPS 15 9510: before 1.3.2

XPS 17 9710: before 1.1.3

ChengMing 3990: before 1.4.1

ChengMing 3991: before 1.4.1

Dell G3 3500: before 1.9.0

Dell G5 5500: before 1.9.0

Dell G7 7500: before 1.9.0

Dell G7 7700: before 1.9.0

Inspiron 3501: before 1.6.0

Inspiron 3880: before 1.4.1

Inspiron 3881: before 1.4.1

Inspiron 5300: before 1.7.1

Inspiron 5301: before 1.8.1

Inspiron 5400 2n1: before 1.7.0

Inspiron 5400 AIO: before 1.4.0

Inspiron 5401: before 1.7.2

Inspiron 5401 AIO: before 1.4.0

Inspiron 5402: before 1.5.1

Inspiron 5406 2n1: before 1.5.1

Inspiron 5408: before 1.7.2

Inspiron 5409: before 1.5.1

Inspiron 5501: before 1.7.2

Inspiron 5502: before 1.5.1

Inspiron 5508: before 1.7.2

Inspiron 5509: before 1.5.1

Inspiron 7300: before 1.8.1

Inspiron 7300 2n1: before 1.3.0

Inspiron 7306 2n1: before 1.5.1

Inspiron 7400: before 1.8.1

Inspiron 7500: before 1.8.0

Inspiron 7500 2n1 - Black: before 1.3.0

Inspiron 7500 2n1 - Silver: before 1.3.0

Inspiron 7501: before 1.8.0

Inspiron 7506 2n1: before 1.5.1

Inspiron 7700 AIO: before 1.4.0

Inspiron 7706 2n1: before 1.5.1

Latitude 3120: before 1.1.0

Latitude 3410: before 1.9.0

Latitude 3420: before 1.8.0

Latitude 3510: before 1.9.0

Latitude 3520: before 1.8.0

Latitude 5310: before 1.7.0

Latitude 5310 2 in 1: before 1.7.0

Latitude 5410: before 1.6.0

Latitude 5411: before 1.6.0

Latitude 5510: before 1.6.0

Latitude 5511: before 1.6.0

Latitude 7210 2-in-1: before 1.7.0

Latitude 7310: before 1.7.0

Latitude 7410: before 1.7.0

Latitude 9410: before 1.7.0

Latitude 9510: before 1.6.0

OptiPlex 3080: before 2.1.1

OptiPlex 3280 All-in-One: before 1.7.0

OptiPlex 5080: before 1.4.0

OptiPlex 7080: before 1.4.0

OptiPlex 7480 All-in-One: before 1.7.0

OptiPlex 7780 All-in-One: before 1.7.0

Precision 17 M5750: before 1.8.2

Precision 3440: before 1.4.0

Precision 3550: before 1.6.0

Precision 3551: before 1.6.0

Precision 3640: before 1.6.2

Precision 5550: before 1.8.1

Precision 7550: before 1.8.0

Precision 7750: before 1.8.0

Vostro 3400: before 1.6.0

Vostro 3500: before 1.6.0

Vostro 3501: before 1.6.0

Vostro 3681: before 2.4.0

Vostro 3881: before 2.4.0

Vostro 3888: before 2.4.0

Vostro 5300: before 1.7.1

Vostro 5301: before 1.8.1

Vostro 5401: before 1.7.2

Vostro 5402: before 1.5.1

Vostro 5501: before 1.7.2

Vostro 5502: before 1.5.1

Vostro 5880: before 1.4.0

Vostro 7500: before 1.8.0

XPS 13 9305: before 1.0.8

XPS 13 2in1 9310: before 2.3.3

XPS 13 9310: before 3.0.0

XPS 15 9500: before 1.8.1

XPS 17 9700: before 1.8.2

CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000188682


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Buffer overflow

EUVDB-ID: #VU54383

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-21572

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to compromise the affected system.

The vulnerability exists due to a boundary error within Dell BIOSConnect feature. A local user with privileged access to the system can bypass UEFI restrictions and execute arbitrary code.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Alienware m15 R6: before 1.3.3

ChengMing 3990: before 1.4.1

ChengMing 3991: before 1.4.1

Dell G15 5510: before 1.4.0

Dell G15 5511: before 1.3.3

Dell G3 3500: before 1.9.0

Dell G5 5500: before 1.9.0

Dell G7 7500: before 1.9.0

Dell G7 7700: before 1.9.0

Inspiron 15 7510: before 1.0.4

Inspiron 3501: before 1.6.0

Inspiron 3880: before 1.4.1

Inspiron 3881: before 1.4.1

Inspiron 3891: before 1.0.11

Inspiron 5300: before 1.7.1

Inspiron 5301: before 1.8.1

Inspiron 5310: before 2.1.0

Inspiron 5400 2n1: before 1.7.0

Inspiron 5400 AIO: before 1.4.0

Inspiron 5401: before 1.7.2

Inspiron 5401 AIO: before 1.4.0

Inspiron 5402: before 1.5.1

Inspiron 5406 2n1: before 1.5.1

Inspiron 5408: before 1.7.2

Inspiron 5409: before 1.5.1

Inspiron 5410 2-in-1: before 2.1.0

Inspiron 5501: before 1.7.2

Inspiron 5502: before 1.5.1

Inspiron 5508: before 1.7.2

Inspiron 5509: before 1.5.1

Inspiron 7300: before 1.8.1

Inspiron 7300 2n1: before 1.3.0

Inspiron 7306 2n1: before 1.5.1

Inspiron 7400: before 1.8.1

Inspiron 7500: before 1.8.0

Inspiron 7500 2n1 - Black: before 1.3.0

Inspiron 7500 2n1 - Silver: before 1.3.0

Inspiron 7501: before 1.8.0

Inspiron 7506 2n1: before 1.5.1

Inspiron 7610: before 1.0.4

Inspiron 7700 AIO: before 1.4.0

Inspiron 7706 2n1: before 1.5.1

Latitude 3120: before 1.1.0

Latitude 3320: before 1.4.0

Latitude 3410: before 1.9.0

Latitude 3420: before 1.8.0

Latitude 3510: before 1.9.0

Latitude 3520: before 1.8.0

Latitude 5310: before 1.7.0

Latitude 5310 2 in 1: before 1.7.0

Latitude 5320: before 1.7.1

Latitude 5320 2-in-1: before 1.7.1

Latitude 5410: before 1.6.0

Latitude 5411: before 1.6.0

Latitude 5420: before 1.8.0

Latitude 5510: before 1.6.0

Latitude 5511: before 1.6.0

Latitude 5520: before 1.7.1

Latitude 7210 2-in-1: before 1.7.0

Latitude 7310: before 1.7.0

Latitude 7320: before 1.7.1

Latitude 7410: before 1.7.0

Latitude 7420: before 1.7.1

Latitude 7520: before 1.7.1

Latitude 9410: before 1.7.0

Latitude 9420: before 1.4.1

Latitude 9510: before 1.6.0

Latitude 9520: before 1.5.2

OptiPlex 3080: before 2.1.1

OptiPlex 3090 UFF: before 1.2.0

OptiPlex 3280 All-in-One: before 1.7.0

OptiPlex 5080: before 1.4.0

OptiPlex 5090 Tower: before 1.1.35

OptiPlex 5490 AIO: before 1.3.0

OptiPlex 7080: before 1.4.0

OptiPlex 7090 Tower: before 1.1.35

OptiPlex 7090 UFF: before 1.2.0

OptiPlex 7480 All-in-One: before 1.7.0

OptiPlex 7490 All-in-One: before 1.3.0

OptiPlex 7780 All-in-One: before 1.7.0

Precision 17 M5750: before 1.8.2

Precision 3440: before 1.4.0

Precision 3450: before 1.1.35

Precision 3550: before 1.6.0

Precision 3551: before 1.6.0

Precision 3560: before 1.7.1

Precision 3640: before 1.6.2

Precision 3650 MT: before 1.2.0

Precision 5550: before 1.8.1

Precision 5560: before 1.3.2

Precision 5760: before 1.1.3

Precision 7550: before 1.8.0

Precision 7560: before 1.1.2

Precision 7750: before 1.8.0

Precision 7760: before 1.1.2

Vostro 15 7510: before 1.0.4

Vostro 3400: before 1.6.0

Vostro 3500: before 1.6.0

Vostro 3501: before 1.6.0

Vostro 3681: before 2.4.0

Vostro 3690: before 1.0.11

Vostro 3881: before 2.4.0

Vostro 3888: before 2.4.0

Vostro 3890: before 1.0.11

Vostro 5300: before 1.7.1

Vostro 5301: before 1.8.1

Vostro 5310: before 2.1.0

Vostro 5401: before 1.7.2

Vostro 5402: before 1.5.1

Vostro 5501: before 1.7.2

Vostro 5502: before 1.5.1

Vostro 5880: before 1.4.0

Vostro 5890: before 1.0.11

Vostro 7500: before 1.8.0

XPS 13 9305: before 1.0.8

XPS 13 2in1 9310: before 2.3.3

XPS 13 9310: before 3.0.0

XPS 15 9500: before 1.8.1

XPS 15 9510: before 1.3.2

XPS 17 9700: before 1.8.2

XPS 17 9710: before 1.1.3

CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000188682


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Buffer overflow

EUVDB-ID: #VU54384

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-21573

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to compromise the affected system.

The vulnerability exists due to a boundary error within Dell BIOSConnect feature. A local user with privileged access to the system can bypass UEFI restrictions and execute arbitrary code.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Alienware m15 R6: before 1.3.3

ChengMing 3990: before 1.4.1

ChengMing 3991: before 1.4.1

Dell G15 5510: before 1.4.0

Dell G15 5511: before 1.3.3

Dell G3 3500: before 1.9.0

Dell G5 5500: before 1.9.0

Dell G7 7500: before 1.9.0

Dell G7 7700: before 1.9.0

Inspiron 15 7510: before 1.0.4

Inspiron 3501: before 1.6.0

Inspiron 3880: before 1.4.1

Inspiron 3881: before 1.4.1

Inspiron 3891: before 1.0.11

Inspiron 5300: before 1.7.1

Inspiron 5301: before 1.8.1

Inspiron 5310: before 2.1.0

Inspiron 5400 2n1: before 1.7.0

Inspiron 5400 AIO: before 1.4.0

Inspiron 5401: before 1.7.2

Inspiron 5401 AIO: before 1.4.0

Inspiron 5402: before 1.5.1

Inspiron 5406 2n1: before 1.5.1

Inspiron 5408: before 1.7.2

Inspiron 5409: before 1.5.1

Inspiron 5410 2-in-1: before 2.1.0

Inspiron 5501: before 1.7.2

Inspiron 5502: before 1.5.1

Inspiron 5508: before 1.7.2

Inspiron 5509: before 1.5.1

Inspiron 7300: before 1.8.1

Inspiron 7300 2n1: before 1.3.0

Inspiron 7306 2n1: before 1.5.1

Inspiron 7400: before 1.8.1

Inspiron 7500: before 1.8.0

Inspiron 7500 2n1 - Black: before 1.3.0

Inspiron 7500 2n1 - Silver: before 1.3.0

Inspiron 7501: before 1.8.0

Inspiron 7506 2n1: before 1.5.1

Inspiron 7610: before 1.0.4

Inspiron 7700 AIO: before 1.4.0

Inspiron 7706 2n1: before 1.5.1

Latitude 3120: before 1.1.0

Latitude 3320: before 1.4.0

Latitude 3410: before 1.9.0

Latitude 3420: before 1.8.0

Latitude 3510: before 1.9.0

Latitude 3520: before 1.8.0

Latitude 5310: before 1.7.0

Latitude 5310 2 in 1: before 1.7.0

Latitude 5320: before 1.7.1

Latitude 5320 2-in-1: before 1.7.1

Latitude 5410: before 1.6.0

Latitude 5411: before 1.6.0

Latitude 5420: before 1.8.0

Latitude 5510: before 1.6.0

Latitude 5511: before 1.6.0

Latitude 5520: before 1.7.1

Latitude 7210 2-in-1: before 1.7.0

Latitude 7310: before 1.7.0

Latitude 7320: before 1.7.1

Latitude 7410: before 1.7.0

Latitude 7420: before 1.7.1

Latitude 7520: before 1.7.1

Latitude 9410: before 1.7.0

Latitude 9420: before 1.4.1

Latitude 9510: before 1.6.0

Latitude 9520: before 1.5.2

OptiPlex 3080: before 2.1.1

OptiPlex 3090 UFF: before 1.2.0

OptiPlex 3280 All-in-One: before 1.7.0

OptiPlex 5080: before 1.4.0

OptiPlex 5090 Tower: before 1.1.35

OptiPlex 5490 AIO: before 1.3.0

OptiPlex 7080: before 1.4.0

OptiPlex 7090 Tower: before 1.1.35

OptiPlex 7090 UFF: before 1.2.0

OptiPlex 7480 All-in-One: before 1.7.0

OptiPlex 7490 All-in-One: before 1.3.0

OptiPlex 7780 All-in-One: before 1.7.0

Precision 17 M5750: before 1.8.2

Precision 3440: before 1.4.0

Precision 3450: before 1.1.35

Precision 3550: before 1.6.0

Precision 3551: before 1.6.0

Precision 3560: before 1.7.1

Precision 3640: before 1.6.2

Precision 3650 MT: before 1.2.0

Precision 5550: before 1.8.1

Precision 5560: before 1.3.2

Precision 5760: before 1.1.3

Precision 7550: before 1.8.0

Precision 7560: before 1.1.2

Precision 7750: before 1.8.0

Precision 7760: before 1.1.2

Vostro 15 7510: before 1.0.4

Vostro 3400: before 1.6.0

Vostro 3500: before 1.6.0

Vostro 3501: before 1.6.0

Vostro 3681: before 2.4.0

Vostro 3690: before 1.0.11

Vostro 3881: before 2.4.0

Vostro 3888: before 2.4.0

Vostro 3890: before 1.0.11

Vostro 5300: before 1.7.1

Vostro 5301: before 1.8.1

Vostro 5310: before 2.1.0

Vostro 5401: before 1.7.2

Vostro 5402: before 1.5.1

Vostro 5501: before 1.7.2

Vostro 5502: before 1.5.1

Vostro 5880: before 1.4.0

Vostro 5890: before 1.0.11

Vostro 7500: before 1.8.0

XPS 13 9305: before 1.0.8

XPS 13 2in1 9310: before 2.3.3

XPS 13 9310: before 3.0.0

XPS 15 9500: before 1.8.1

XPS 15 9510: before 1.3.2

XPS 17 9700: before 1.8.2

XPS 17 9710: before 1.1.3

CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000188682


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Buffer overflow

EUVDB-ID: #VU54385

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-21574

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to compromise the affected system.

The vulnerability exists due to a boundary error within Dell BIOSConnect feature. A local user with privileged access to the system can bypass UEFI restrictions and execute arbitrary code.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Alienware m15 R6: before 1.3.3

ChengMing 3990: before 1.4.1

ChengMing 3991: before 1.4.1

Dell G15 5510: before 1.4.0

Dell G15 5511: before 1.3.3

Dell G3 3500: before 1.9.0

Dell G5 5500: before 1.9.0

Dell G7 7500: before 1.9.0

Dell G7 7700: before 1.9.0

Inspiron 15 7510: before 1.0.4

Inspiron 3501: before 1.6.0

Inspiron 3880: before 1.4.1

Inspiron 3881: before 1.4.1

Inspiron 3891: before 1.0.11

Inspiron 5300: before 1.7.1

Inspiron 5301: before 1.8.1

Inspiron 5310: before 2.1.0

Inspiron 5400 2n1: before 1.7.0

Inspiron 5400 AIO: before 1.4.0

Inspiron 5401: before 1.7.2

Inspiron 5401 AIO: before 1.4.0

Inspiron 5402: before 1.5.1

Inspiron 5406 2n1: before 1.5.1

Inspiron 5408: before 1.7.2

Inspiron 5409: before 1.5.1

Inspiron 5410 2-in-1: before 2.1.0

Inspiron 5501: before 1.7.2

Inspiron 5502: before 1.5.1

Inspiron 5508: before 1.7.2

Inspiron 5509: before 1.5.1

Inspiron 7300: before 1.8.1

Inspiron 7300 2n1: before 1.3.0

Inspiron 7306 2n1: before 1.5.1

Inspiron 7400: before 1.8.1

Inspiron 7500: before 1.8.0

Inspiron 7500 2n1 - Black: before 1.3.0

Inspiron 7500 2n1 - Silver: before 1.3.0

Inspiron 7501: before 1.8.0

Inspiron 7506 2n1: before 1.5.1

Inspiron 7610: before 1.0.4

Inspiron 7700 AIO: before 1.4.0

Inspiron 7706 2n1: before 1.5.1

Latitude 3120: before 1.1.0

Latitude 3320: before 1.4.0

Latitude 3410: before 1.9.0

Latitude 3420: before 1.8.0

Latitude 3510: before 1.9.0

Latitude 3520: before 1.8.0

Latitude 5310: before 1.7.0

Latitude 5310 2 in 1: before 1.7.0

Latitude 5320: before 1.7.1

Latitude 5320 2-in-1: before 1.7.1

Latitude 5410: before 1.6.0

Latitude 5411: before 1.6.0

Latitude 5420: before 1.8.0

Latitude 5510: before 1.6.0

Latitude 5511: before 1.6.0

Latitude 5520: before 1.7.1

Latitude 7210 2-in-1: before 1.7.0

Latitude 7310: before 1.7.0

Latitude 7320: before 1.7.1

Latitude 7410: before 1.7.0

Latitude 7420: before 1.7.1

Latitude 7520: before 1.7.1

Latitude 9410: before 1.7.0

Latitude 9420: before 1.4.1

Latitude 9510: before 1.6.0

Latitude 9520: before 1.5.2

OptiPlex 3080: before 2.1.1

OptiPlex 3090 UFF: before 1.2.0

OptiPlex 3280 All-in-One: before 1.7.0

OptiPlex 5080: before 1.4.0

OptiPlex 5090 Tower: before 1.1.35

OptiPlex 5490 AIO: before 1.3.0

OptiPlex 7080: before 1.4.0

OptiPlex 7090 Tower: before 1.1.35

OptiPlex 7090 UFF: before 1.2.0

OptiPlex 7480 All-in-One: before 1.7.0

OptiPlex 7490 All-in-One: before 1.3.0

OptiPlex 7780 All-in-One: before 1.7.0

Precision 17 M5750: before 1.8.2

Precision 3440: before 1.4.0

Precision 3450: before 1.1.35

Precision 3550: before 1.6.0

Precision 3551: before 1.6.0

Precision 3560: before 1.7.1

Precision 3640: before 1.6.2

Precision 3650 MT: before 1.2.0

Precision 5550: before 1.8.1

Precision 5560: before 1.3.2

Precision 5760: before 1.1.3

Precision 7550: before 1.8.0

Precision 7560: before 1.1.2

Precision 7750: before 1.8.0

Precision 7760: before 1.1.2

Vostro 15 7510: before 1.0.4

Vostro 3400: before 1.6.0

Vostro 3500: before 1.6.0

Vostro 3501: before 1.6.0

Vostro 3681: before 2.4.0

Vostro 3690: before 1.0.11

Vostro 3881: before 2.4.0

Vostro 3888: before 2.4.0

Vostro 3890: before 1.0.11

Vostro 5300: before 1.7.1

Vostro 5301: before 1.8.1

Vostro 5310: before 2.1.0

Vostro 5401: before 1.7.2

Vostro 5402: before 1.5.1

Vostro 5501: before 1.7.2

Vostro 5502: before 1.5.1

Vostro 5880: before 1.4.0

Vostro 5890: before 1.0.11

Vostro 7500: before 1.8.0

XPS 13 9305: before 1.0.8

XPS 13 2in1 9310: before 2.3.3

XPS 13 9310: before 3.0.0

XPS 15 9500: before 1.8.1

XPS 15 9510: before 1.3.2

XPS 17 9700: before 1.8.2

XPS 17 9710: before 1.1.3

CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000188682


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###