Lucene search

[email protected]CVE-2021-21571

HistoryJun 24, 2021 - 5:15 p.m.

CVE-2021-21571

2021-06-2417:15:07

CWE-295

[email protected]

web.nvd.nist.gov

dell

uefi

bios

cve

2021

21571

security

vulnerability

nvd

certificate validation

http stack

dell biosconnect

dell https boot

remote attacker

denial of service

payload tampering

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

6.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.9%

JSON

Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability using a person-in-the-middle attack which may lead to a denial of service and payload tampering.

Affected configurations

NVD

Node

dellalienware_m15_r6Match-

AND

dellalienware_m15_r6_firmwareRange<1.3.3

Node

dellchengming_3990Match-

AND

dellchengming_3990_firmwareRange<1.4.1

Node

dellchengming_3991Match-

AND

dellchengming_3991_firmwareRange<1.4.1

Node

dellg15_5510Match-

AND

dellg15_5510_firmwareRange<1.4.0

Node

dellg15_5511Match-

AND

dellg15_5511_firmwareRange<1.3.3

Node

dellg3_3500Match-

AND

dellg3_3500_firmwareRange<1.9.0

Node

dellg5_5500Match-

AND

dellg5_5500_firmwareRange<1.9.0

Node

dellg7_7500Match-

AND

dellg7_7500_firmwareRange<1.9.0

Node

dellg7_7700_firmwareRange<1.9.0

AND

dellg7_7700Match-

Node

dellinspiron_14_5418_firmwareRange<2.1.0_a06

AND

dellinspiron_14_5418Match-

Node

dellinspiron_15_5518_firmwareRange<2.1.0_a06

AND

dellinspiron_15_5518Match-

Node

dellinspiron_15_7510_firmwareRange<1.0.4

AND

dellinspiron_15_7510Match-

Node

dellinspiron_3501_firmwareRange<1.6.0

AND

dellinspiron_3501Match-

Node

dellinspiron_3880_firmwareRange<1.4.1

AND

dellinspiron_3880Match-

Node

dellinspiron_3881_firmwareRange<1.4.1

AND

dellinspiron_3881Match-

Node

dellinspiron_3891_firmwareRange<1.0.11

AND

dellinspiron_3891Match-

Node

dellinspiron_5300_firmwareRange<1.7.1

AND

dellinspiron_5300Match-

Node

dellinspiron_5301_firmwareRange<1.8.1

AND

dellinspiron_5301Match-

Node

dellinspiron_5310_firmwareRange<2.1.0

AND

dellinspiron_5310Match-

Node

dellinspiron_5400_2-in-1_firmwareRange<1.7.0

AND

dellinspiron_5400_2-in-1Match-

Node

dellinspiron_5400_aio_firmwareRange<1.4.0

AND

dellinspiron_5400_aioMatch-

Node

dellinspiron_5401_firmwareRange<1.7.2

AND

dellinspiron_5401Match-

Node

dellinspiron_5401_aio_firmwareRange<1.4.0

AND

dellinspiron_5401_aioMatch-

Node

dellinspiron_5402_firmwareRange<1.5.1

AND

dellinspiron_5402Match-

Node

dellinspiron_5406_2n1_firmwareRange<1.5.1

AND

dellinspiron_5406_2n1Match-

Node

dellinspiron_5408_firmwareRange<1.7.2

AND

dellinspiron_5408Match-

Node

dellinspiron_5409_firmwareRange<1.5.1

AND

dellinspiron_5409Match-

Node

dellinspiron_5410_2-in-1_firmwareRange<2.1.0

AND

dellinspiron_5410_2-in-1Match-

Node

dellinspiron_5501_firmwareRange<1.7.2

AND

dellinspiron_5501Match-

Node

dellinspiron_5502_firmwareRange<1.5.1

AND

dellinspiron_5502Match-

Node

dellinspiron_5508_firmwareRange<1.7.2

AND

dellinspiron_5508Match-

Node

dellinspiron_5509_firmwareRange<1.5.1

AND

dellinspiron_5509Match-

Node

dellinspiron_7300_firmwareRange<1.8.1

AND

dellinspiron_7300Match-

Node

dellinspiron_7300_2-in-1_firmwareRange<1.3.0

AND

dellinspiron_7300_2-in-1Match-

Node

dellinspiron_7306_2-in-1_firmwareRange<1.5.1

AND

dellinspiron_7306_2-in-1Match-

Node

dellinspiron_7400_firmwareRange<1.8.1

AND

dellinspiron_7400Match-

Node

dellinspiron_7500_firmwareRange<1.8.0

AND

dellinspiron_7500Match-

Node

dellinspiron_7500_2-in-1_firmwareRange<1.3.0

AND

dellinspiron_7500_2-in-1Match-

Node

dellinspiron_7501_firmwareRange<1.8.0

AND

dellinspiron_7501Match-

Node

dellinspiron_7506_firmwareRange<1.5.1

AND

dellinspiron_7506Match-

Node

dellinspiron_7610_firmwareRange<1.0.4

AND

dellinspiron_7610Match-

Node

dellinspiron_7700_aio_firmwareRange<1.4.0

AND

dellinspiron_7700_aioMatch-

Node

dellinspiron_7706_2-in-1_firmwareRange<1.5.1

AND

dellinspiron_7706_2-in-1Match-

Node

delllatitude_3120_firmwareRange<1.1.0

AND

delllatitude_3120Match-

Node

delllatitude_3320_firmwareRange<1.4.0

AND

delllatitude_3320Match-

Node

delllatitude_3410_firmwareRange<1.9.0

AND

delllatitude_3410Match-

Node

delllatitude_3420_firmwareRange<1.8.0

AND

delllatitude_3420Match-

Node

delllatitude_3510_firmwareRange<1.9.0

AND

delllatitude_3510Match-

Node

delllatitude_3520_firmwareRange<1.8.0

AND

delllatitude_3520Match-

Node

delllatitude_5310_firmwareRange<1.7.0

AND

delllatitude_5310Match-

Node

delllatitude_5310_2-in-1_firmwareRange<1.7.0

AND

delllatitude_5310_2-in-1Match-

Node

delllatitude_5320_firmwareRange<1.7.1

AND

delllatitude_5320Match-

Node

delllatitude_5320_2-in-1_firmwareRange<1.7.1

AND

delllatitude_5320_2-in-1Match-

Node

delllatitude_5410_firmwareRange<1.6.0

AND

delllatitude_5410Match-

Node

delllatitude_5411_firmwareRange<1.6.0

AND

delllatitude_5411Match-

Node

delllatitude_5420_firmwareRange<1.8.0

AND

delllatitude_5420Match-

Node

delllatitude_5510_firmwareRange<1.6.0

AND

delllatitude_5510Match-

Node

delllatitude_5511_firmwareRange<1.6.0

AND

delllatitude_5511Match-

Node

delllatitude_5520_firmwareRange<1.7.1

AND

delllatitude_5520Match-

Node

delllatitude_5521_firmwareRange<1.3.0_a03

AND

delllatitude_5521Match-

Node

delllatitude_7210_2-in-1_firmwareRange<1.7.0

AND

delllatitude_7210_2-in-1Match-

Node

delllatitude_7310_firmwareRange<1.7.0

AND

delllatitude_7310Match-

Node

delllatitude_7320_firmwareRange<1.7.1

AND

delllatitude_7320Match-

Node

delllatitude_7320_detachable_firmwareRange<1.4.0_a04

AND

delllatitude_7320_detachableMatch-

Node

delllatitude_7410_firmwareRange<1.7.0

AND

delllatitude_7410Match-

Node

delllatitude_7420_firmwareRange<1.7.1

AND

delllatitude_7420Match-

Node

delllatitude_7520_firmwareRange<1.7.1

AND

delllatitude_7520Match-

Node

delllatitude_9410_firmwareRange<1.7.0

AND

delllatitude_9410Match-

Node

delllatitude_9420_firmwareRange<1.4.1

AND

delllatitude_9420Match-

Node

delllatitude_9510_firmwareRange<1.6.0

AND

delllatitude_9510Match-

Node

delllatitude_9520_firmwareRange<1.5.2

AND

delllatitude_9520Match-

Node

delllatitude_5421_firmwareRange<1.3.0_a03

AND

delllatitude_5421Match-

Node

delloptiplex_3080_firmwareRange<2.1.1

AND

delloptiplex_3080Match-

Node

delloptiplex_3090_uff_firmwareRange<1.2.0

AND

delloptiplex_3090_uffMatch-

Node

delloptiplex_3280_all-in-one_firmwareRange<1.7.0

AND

delloptiplex_3280_all-in-oneMatch-

Node

delloptiplex_5080_firmwareRange<1.4.0

AND

delloptiplex_5080Match-

Node

delloptiplex_5090_tower_firmwareRange<1.1.35

AND

delloptiplex_5090_towerMatch-

Node

delloptiplex_5490_aio_firmwareRange<1.3.0

AND

delloptiplex_5490_aioMatch-

Node

delloptiplex_7080_firmwareRange<1.4.0

AND

delloptiplex_7080Match-

Node

delloptiplex_7090_tower_firmwareRange<1.1.35

AND

delloptiplex_7090_towerMatch-

Node

delloptiplex_7090_uff_firmwareRange<1.2.0

AND

delloptiplex_7090_uffMatch-

Node

delloptiplex_7480_all-in-one_firmwareRange<1.7.0

AND

delloptiplex_7480_all-in-oneMatch-

Node

delloptiplex_7490_all-in-one_firmwareRange<1.3.0

AND

delloptiplex_7490_all-in-oneMatch-

Node

delloptiplex_7780_all-in-one_firmwareRange<1.7.0

AND

delloptiplex_7780_all-in-oneMatch-

Node

dellprecision_17_m5750_firmwareRange<1.8.2

AND

dellprecision_17_m5750Match-

Node

dellprecision_3440_firmwareRange<1.4.0

AND

dellprecision_3440Match-

Node

dellprecision_3450_firmwareRange<1.1.35

AND

dellprecision_3450Match-

Node

dellprecision_3550_firmwareRange<1.6.0

AND

dellprecision_3550Match-

Node

dellprecision_3551_firmwareRange<1.6.0

AND

dellprecision_3551Match-

Node

dellprecision_3560_firmwareRange<1.7.1

AND

dellprecision_3560Match-

Node

dellprecision_3561_firmwareRange<1.3.0_a03

AND

dellprecision_3561Match-

Node

dellprecision_3640_firmwareRange<1.6.2

AND

dellprecision_3640Match-

Node

dellprecision_3650_mt_firmwareRange<1.2.0

AND

dellprecision_3650_mtMatch-

Node

dellprecision_5550_firmwareRange<1.8.1

AND

dellprecision_5550Match-

Node

dellprecision_5560_firmwareRange<1.3.2

AND

dellprecision_5560Match-

Node

dellprecision_5760_firmwareRange<1.1.3

AND

dellprecision_5760Match-

Node

dellprecision_7550_firmwareRange<1.8.0

AND

dellprecision_7550Match-

Node

dellprecision_7560_firmwareRange<1.1.2

AND

dellprecision_7560Match-

Node

dellprecision_7750_firmwareRange<1.8.0

AND

dellprecision_7750Match-

Node

dellprecision_7760_firmwareRange<1.1.2

AND

dellprecision_7760Match-

Node

dellvostro_14_5410_firmwareRange<2.1.0_a06

AND

dellvostro_14_5410Match-

Node

dellvostro_15_5510_firmwareRange<2.1.0_a06

AND

dellvostro_15_5510Match-

Node

dellvostro_15_7510_firmwareRange<1.0.4

AND

dellvostro_15_7510Match-

Node

dellvostro_3400_firmwareRange<1.6.0

AND

dellvostro_3400Match-

Node

dellvostro_3500_firmwareRange<1.6.0

AND

dellvostro_3500Match-

Node

dellvostro_3501_firmwareRange<1.6.0

AND

dellvostro_3501Match-

Node

dellvostro_3681_firmwareRange<2.4.0

AND

dellvostro_3681Match-

Node

dellvostro_3690_firmwareRange<1.0.11

AND

dellvostro_3690Match-

Node

dellvostro_3881_firmwareRange<2.4.0

AND

dellvostro_3881Match-

Node

dellvostro_3888_firmwareRange<2.4.0

AND

dellvostro_3888Match-

Node

dellvostro_3890_firmwareRange<1.0.11

AND

dellvostro_3890Match-

Node

dellvostro_5300_firmwareRange<1.7.1

AND

dellvostro_5300Match-

Node

dellvostro_5301_firmwareRange<1.8.1

AND

dellvostro_5301Match-

Node

dellvostro_5310_firmwareRange<2.1.0

AND

dellvostro_5310Match-

Node

dellvostro_5401_firmwareRange<1.7.2

AND

dellvostro_5401Match-

Node

dellvostro_5402_firmwareRange<1.5.1

AND

dellvostro_5402Match-

Node

dellvostro_5501_firmwareRange<1.7.2

AND

dellvostro_5501Match-

Node

dellvostro_5502_firmwareRange<1.5.1

AND

dellvostro_5502Match-

Node

dellvostro_5880_firmwareRange<1.4.0

AND

dellvostro_5880Match-

Node

dellvostro_5890_firmwareRange<1.0.11

AND

dellvostro_5890Match-

Node

dellvostro_7500Match-

AND

dellvostro_7500_firmwareRange<1.8.0

Node

dellxps_13_9305Match-

AND

dellxps_13_9305_firmwareRange<1.0.8

Node

dellxps_13_2in1_9310Match-

AND

dellxps_13_2in1_9310_firmwareRange<2.3.3

Node

dellxps_13_9310Match-

AND

dellxps_13_9310_firmwareRange<3.0.0

Node

dellxps_15_9500Match-

AND

dellxps_15_9500_firmwareRange<1.8.1

Node

dellxps_15_9510Match-

AND

dellxps_15_9510_firmwareRange<1.3.2

Node

dellxps_17_9700Match-

AND

dellxps_17_9700_firmwareRange<1.8.2

Node

dellxps_17_9710Match-

AND

dellxps_17_9710_firmwareRange<1.1.3

CPENameOperatorVersion
dell:alienware_m15_r6_firmwaredell alienware m15 r6 firmwarelt1.3.3

CPE	Name	Operator	Version
dell:alienware_m15_r6_firmware	dell alienware m15 r6 firmware	lt	1.3.3

CNA Affected

[
  {
    "product": "UEFI BIOS https stack",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": "Gen 11, Gen 10"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000188682

Social References

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

6.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.9%

JSON

Related for CVE-2021-21571

prion1 nvd1 cvelist1 nessus1 thn1 threatpost1