CVE-2021-36285

Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive NVMe password attempt mitigations in order to carry out a brute force attack.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dell:latitude_5310_2-in-1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_5310_2-in-1:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:dell:latitude_5320_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_5320:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:dell:latitude_5400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_5400:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:dell:latitude_5411_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_5411:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:dell:latitude_5500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_5500:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:dell:latitude_5520_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_5520:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:dell:latitude_5511_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_5511:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:dell:latitude_7212_rugged_extreme_tablet_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_7212_rugged_extreme_tablet:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:dell:latitude_7280_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_7280:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:dell:latitude_7320_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_7320:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:dell:latitude_7370_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_7370:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:dell:latitude_7420_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_7420:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:dell:latitude_7480_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_7480:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:dell:latitude_9410_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_9410:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:dell:latitude_9510_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_9510:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:dell:latitude_9520_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_9520:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:dell:optiplex_3080_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_3080:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:dell:optiplex_3280_aio_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_3280_aio:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:dell:optiplex_7480_aio_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_7480_aio:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:dell:precision_3551_ffirmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_3551:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:dell:precision_3640_tower_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_3640_tower:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:13

Type Values Removed Values Added
References () https://www.dell.com/support/kbdoc/000191495/ - Vendor Advisory () https://www.dell.com/support/kbdoc/000191495/ - Vendor Advisory
CVSS v2 : 2.1
v3 : 4.4
v2 : 2.1
v3 : 5.7

Information

Published : 2021-09-28 20:15

Updated : 2024-11-21 06:13


NVD link : CVE-2021-36285

Mitre link : CVE-2021-36285

CVE.ORG link : CVE-2021-36285


JSON object : View

Products Affected

dell

  • latitude_9520_firmware
  • latitude_5310_2-in-1
  • latitude_9410
  • latitude_7420_firmware
  • latitude_5320
  • optiplex_3080_firmware
  • precision_3640_tower_firmware
  • optiplex_7480_aio
  • latitude_7212_rugged_extreme_tablet
  • optiplex_3080
  • latitude_5500
  • latitude_5400
  • latitude_5520_firmware
  • latitude_7212_rugged_extreme_tablet_firmware
  • latitude_7280_firmware
  • precision_3640_tower
  • latitude_7320
  • latitude_5511_firmware
  • latitude_7420
  • latitude_7370_firmware
  • latitude_7280
  • latitude_7370
  • latitude_9510_firmware
  • optiplex_7480_aio_firmware
  • latitude_5320_firmware
  • latitude_5310_2-in-1_firmware
  • latitude_9410_firmware
  • latitude_5400_firmware
  • optiplex_3280_aio
  • precision_3551
  • latitude_5520
  • latitude_5411_firmware
  • latitude_5411
  • precision_3551_ffirmware
  • latitude_5500_firmware
  • latitude_9510
  • latitude_7480_firmware
  • latitude_5511
  • latitude_7480
  • optiplex_3280_aio_firmware
  • latitude_7320_firmware
  • latitude_9520
CWE
CWE-307

Improper Restriction of Excessive Authentication Attempts