Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive NVMe password attempt mitigations in order to carry out a brute force attack.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00049.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Dell CPG BIOS affected
Version Status Constraints
unspecified affected < 1.7.0

Configuration 1 [-]

AND
cpe:2.3:o:dell:latitude_5310_2-in-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_5310_2-in-1:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:dell:latitude_5320_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_5320:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:dell:latitude_5400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_5400:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:dell:latitude_5411_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_5411:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:dell:latitude_5500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_5500:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:dell:latitude_5520_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_5520:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:dell:latitude_5511_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_5511:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:dell:latitude_7212_rugged_extreme_tablet_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_7212_rugged_extreme_tablet:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:dell:latitude_7280_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_7280:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:dell:latitude_7320_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_7320:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:dell:latitude_7370_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_7370:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:dell:latitude_7420_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_7420:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:dell:latitude_7480_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_7480:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:dell:latitude_9410_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_9410:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:dell:latitude_9510_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_9510:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:dell:latitude_9520_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_9520:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
cpe:2.3:o:dell:optiplex_3080_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_3080:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND
cpe:2.3:o:dell:optiplex_3280_aio_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_3280_aio:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND
cpe:2.3:o:dell:optiplex_7480_aio_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_7480_aio:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND
cpe:2.3:o:dell:precision_3551_ffirmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_3551:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND
cpe:2.3:o:dell:precision_3640_tower_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_3640_tower:-:*:*:*:*:*:*:*

No data.

No data.

Project Subscriptions

Vendors Products
Dell Subscribe
Latitude 5310 2-in-1 Subscribe
Latitude 5310 2-in-1 Firmware Subscribe
Latitude 5320 Subscribe
Latitude 5320 Firmware Subscribe
Latitude 5400 Subscribe
Latitude 5400 Firmware Subscribe
Latitude 5411 Subscribe
Latitude 5411 Firmware Subscribe
Latitude 5500 Subscribe
Latitude 5500 Firmware Subscribe
Latitude 5511 Subscribe
Latitude 5511 Firmware Subscribe
Latitude 5520 Subscribe
Latitude 5520 Firmware Subscribe
Latitude 7212 Rugged Extreme Tablet Subscribe
Latitude 7212 Rugged Extreme Tablet Firmware Subscribe
Latitude 7280 Subscribe
Latitude 7280 Firmware Subscribe
Latitude 7320 Subscribe
Latitude 7320 Firmware Subscribe
Latitude 7370 Subscribe
Latitude 7370 Firmware Subscribe
Latitude 7420 Subscribe
Latitude 7420 Firmware Subscribe
Latitude 7480 Subscribe
Latitude 7480 Firmware Subscribe
Latitude 9410 Subscribe
Latitude 9410 Firmware Subscribe
Latitude 9510 Subscribe
Latitude 9510 Firmware Subscribe
Latitude 9520 Subscribe
Latitude 9520 Firmware Subscribe
Optiplex 3080 Subscribe
Optiplex 3080 Firmware Subscribe
Optiplex 3280 Aio Subscribe
Optiplex 3280 Aio Firmware Subscribe
Optiplex 7480 Aio Subscribe
Optiplex 7480 Aio Firmware Subscribe
Precision 3551 Subscribe
Precision 3551 Ffirmware Subscribe
Precision 3640 Tower Subscribe
Precision 3640 Tower Firmware Subscribe
Advisories
Source ID Title
EUVD EUVD EUVD-2021-22905 Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive NVMe password attempt mitigations in order to carry out a brute force attack.
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://www.dell.com/support/kbdoc/000191495/ cve-icon cve-icon
History

No history.

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2024-09-17T03:37:29.343Z

Reserved: 2021-07-08T00:00:00

Link: CVE-2021-36285

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-09-28T20:15:07.673

Modified: 2024-11-21T06:13:25.617

Link: CVE-2021-36285

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses