CVE-2021-36284

Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive admin password attempt mitigations in order to carry out a brute force attack.

CVSS v3 4.4 MEDIUM
CVSS v2.0 2.1 LOW

4.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.dell.com/support/kbdoc/000191495	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dell:latitude_5310_2-in-1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:latitude_5310_2-in-1:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:dell:latitude_5320_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:latitude_5320:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:dell:latitude_5400_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:latitude_5400:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:dell:latitude_5411_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:latitude_5411:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:dell:latitude_5500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:latitude_5500:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:dell:latitude_5520_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:latitude_5520:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:dell:latitude_5511_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:latitude_5511:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:dell:latitude_7212_rugged_extreme_tablet_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:latitude_7212_rugged_extreme_tablet:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:dell:latitude_7280_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:latitude_7280:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:dell:latitude_7320_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:latitude_7320:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:dell:latitude_7370_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:latitude_7370:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:dell:latitude_7420_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:latitude_7420:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:dell:latitude_7480_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:latitude_7480:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:dell:latitude_9410_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:latitude_9410:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:dell:latitude_9510_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:latitude_9510:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:dell:latitude_9520_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:latitude_9520:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:dell:optiplex_3080_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:optiplex_3080:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:dell:optiplex_3280_aio_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:optiplex_3280_aio:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:dell:optiplex_7480_aio_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:optiplex_7480_aio:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:dell:precision_3551_ffirmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:precision_3551:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:dell:precision_3640_tower_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dell:precision_3640_tower:-:*:*:*:*:*:*:*

History

04 Oct 2021, 14:25

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 2.1 v3 : 4.4
CPE		cpe:2.3:o:dell:latitude_5310_2-in-1_firmware:::::::: cpe:2.3:o:dell:latitude_5511_firmware:::::::: cpe:2.3:o:dell:latitude_5400_firmware:::::::: cpe:2.3:o:dell:latitude_9510_firmware:::::::: cpe:2.3:o:dell:latitude_7320_firmware:::::::: cpe:2.3:h:dell:latitude_7370:-:::::::* cpe:2.3:h:dell:latitude_5500:-:::::::* cpe:2.3:h:dell:latitude_5411:-:::::::* cpe:2.3:o:dell:latitude_7480_firmware:::::::: cpe:2.3:h:dell:optiplex_3080:-:::::::* cpe:2.3:h:dell:latitude_9410:-:::::::* cpe:2.3:o:dell:latitude_7370_firmware:::::::: cpe:2.3:h:dell:latitude_5520:-:::::::* cpe:2.3:o:dell:optiplex_3280_aio_firmware:::::::: cpe:2.3:h:dell:precision_3551:-:::::::* cpe:2.3:o:dell:latitude_7420_firmware:::::::: cpe:2.3:o:dell:latitude_9410_firmware:::::::: cpe:2.3:o:dell:latitude_9520_firmware:::::::: cpe:2.3:h:dell:latitude_9520:-:::::::* cpe:2.3:o:dell:optiplex_3080_firmware:::::::: cpe:2.3:o:dell:precision_3551_ffirmware:::::::: cpe:2.3:h:dell:latitude_5511:-:::::::* cpe:2.3:h:dell:latitude_9510:-:::::::* cpe:2.3:h:dell:latitude_5320:-:::::::* cpe:2.3:h:dell:optiplex_3280_aio:-:::::::* cpe:2.3:h:dell:precision_3640_tower:-:::::::* cpe:2.3:h:dell:latitude_7420:-:::::::* cpe:2.3:o:dell:optiplex_7480_aio_firmware:::::::: cpe:2.3:o:dell:latitude_5520_firmware:::::::: cpe:2.3:o:dell:latitude_5320_firmware:::::::: cpe:2.3:h:dell:latitude_5310_2-in-1:-:::::::* cpe:2.3:h:dell:latitude_7212_rugged_extreme_tablet:-:::::::* cpe:2.3:h:dell:optiplex_7480_aio:-:::::::* cpe:2.3:h:dell:latitude_5400:-:::::::* cpe:2.3:h:dell:latitude_7280:-:::::::* cpe:2.3:h:dell:latitude_7480:-:::::::* cpe:2.3:o:dell:latitude_7280_firmware:::::::: cpe:2.3:o:dell:latitude_5411_firmware:::::::: cpe:2.3:o:dell:latitude_5500_firmware:::::::: cpe:2.3:o:dell:precision_3640_tower_firmware:::::::: cpe:2.3:h:dell:latitude_7320:-:::::::* cpe:2.3:o:dell:latitude_7212_rugged_extreme_tablet_firmware::::::::
References	~~(MISC) https://www.dell.com/support/kbdoc/000191495 -~~	(MISC) https://www.dell.com/support/kbdoc/000191495 - Vendor Advisory

28 Sep 2021, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-09-28 20:15

Updated : 2023-12-10 14:09

NVD link : CVE-2021-36284

Mitre link : CVE-2021-36284

CVE.ORG link : CVE-2021-36284

JSON object : View

Products Affected

dell

latitude_9520
latitude_5500_firmware
latitude_5511_firmware
latitude_9510
precision_3640_tower
latitude_5411_firmware
optiplex_7480_aio_firmware
latitude_5520
latitude_5400_firmware
latitude_7420_firmware
latitude_7280
latitude_5500
latitude_7212_rugged_extreme_tablet
latitude_9520_firmware
latitude_9410
precision_3640_tower_firmware
latitude_5310_2-in-1_firmware
latitude_7212_rugged_extreme_tablet_firmware
latitude_7370_firmware
optiplex_3080_firmware
latitude_5520_firmware
optiplex_3080
latitude_5411
optiplex_3280_aio_firmware
optiplex_7480_aio
latitude_7280_firmware
latitude_7420
latitude_7370
latitude_7320_firmware
precision_3551_ffirmware
optiplex_3280_aio
latitude_9410_firmware
latitude_5511
latitude_5320
latitude_5320_firmware
precision_3551
latitude_5310_2-in-1
latitude_9510_firmware
latitude_7320
latitude_5400
latitude_7480_firmware
latitude_7480

CWE

CWE-307

Improper Restriction of Excessive Authentication Attempts

4.4 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2021-36284

4.4^/10

2.1^/10

Attach tags to `CVE-2021-36284`