CVE-2021-21522

HIGH

Dell Latitude BIOS - Authenticated Credentials Management Issue via Manageability Interface

Title source: llm

Description

Dell BIOS contains a Credentials Management issue. A local authenticated malicious user may potentially exploit this vulnerability to gain access to sensitive information on an NVMe storage by resetting the BIOS password on the system via the Manageability Interface.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.dell.com/support/kbdoc/000191495

Scores

CVSS v3 8.2

EPSS 0.0004

EPSS Percentile 13.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-255

Status published

Products (33)

dell/latitude_5285_2-in-1_firmware < 1.13.0

dell/latitude_5289_2-in-1_firmware < 1.23.1

dell/latitude_5290_2-in-1_firmware < 1.16.0

dell/latitude_5310_2-in-1_firmware 1.7.0

dell/latitude_7210_2-in-1_firmware < 1.7.0

dell/latitude_7212_rugged_extreme_tablet_firmware 1.33.0

dell/latitude_7212_rugged_extreme_tablet_firmware < 1.33.0

dell/latitude_7280_firmware 1.21.1

dell/latitude_7280_firmware < 1.21.1

dell/latitude_7285_firmware 1.11.0

... and 23 more

Published Sep 28, 2021

Tracked Since Feb 18, 2026