CVE-2021-21571

MEDIUM

Dell UEFI BIOS - Improper Certificate Validation in HTTPS Stack

Title source: llm
STIX 2.1

Description

Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability using a person-in-the-middle attack which may lead to a denial of service and payload tampering.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.dell.com/support/kbdoc/en-us/000188682

Scores

CVSS v3 5.9
EPSS 0.0027
EPSS Percentile 50.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H

Details

CWE
CWE-295
Status published
Products (50)
dell/alienware_m15_r6_firmware < 1.3.3
dell/chengming_3990_firmware < 1.4.1
dell/chengming_3991_firmware < 1.4.1
dell/g15_5510_firmware < 1.4.0
dell/g15_5511_firmware < 1.3.3
dell/g3_3500_firmware < 1.9.0
dell/g5_5500_firmware < 1.9.0
dell/g7_7500_firmware < 1.9.0
dell/g7_7700_firmware < 1.9.0
dell/inspiron_14_5418_firmware < 2.1.0_a06
... and 40 more
Published Jun 24, 2021
Tracked Since Feb 18, 2026