Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

Article Number: 000191495


DSA-2021-156: Dell Client Security Update for Multiple Vulnerabilities

Summary: Dell Client Consumer and Commercial platform remediation is available for these vulnerabilities that could be exploited by malicious users to compromise the affected system

Article Content


Impact

High

Details

Proprietary Code CVE(s) Description CVSS Base Score CVSS Vector String
CVE-2021-21522 Dell BIOS contains a Credentials Management issue. A local authenticated malicious user may potentially exploit this vulnerability to gain access to sensitive information on an HDD storage by setting the BIOS Admin password on the system via the Manageability Interface after the HDD password is set. 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2021-36283 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2021-36284 Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive admin password attempt mitigations in order to carry out a brute force attack. 5.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
CVE-2021-36285 Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive NVMe password attempt mitigations in order to carry out a brute force attack. 5.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
Proprietary Code CVE(s) Description CVSS Base Score CVSS Vector String
CVE-2021-21522 Dell BIOS contains a Credentials Management issue. A local authenticated malicious user may potentially exploit this vulnerability to gain access to sensitive information on an HDD storage by setting the BIOS Admin password on the system via the Manageability Interface after the HDD password is set. 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2021-36283 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2021-36284 Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive admin password attempt mitigations in order to carry out a brute force attack. 5.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
CVE-2021-36285 Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive NVMe password attempt mitigations in order to carry out a brute force attack. 5.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Product CVE-2021-21522 CVE-2021-36283 CVE-2021-36284
CVE-2021-36285
 
Release Date  BIOS Update Version (or greater) Release Date  BIOS Update Version (or greater)  Release Date BIOS Update Version (or greater)  
 
ChengMing 3990 N/A 12/1/2020 1.3.1 N/A  
ChengMing 3991 N/A 12/1/2020 1.3.1 N/A  
Dell G3 15 (3500) N/A 12/31/2020 1.7.1 N/A  
Dell G3 15 (3590) N/A 1/19/2021 1.12.0 N/A  
Dell G5 15 (5500) N/A 12/31/2020 1.7.1 N/A  
Inspiron 3493 N/A 2/9/2021 1.12.0 N/A  
Inspiron 3501 N/A 2/9/2021 1.1.0 N/A  
Inspiron 3593 N/A 2/9/2021 1.12.0 N/A  
Inspiron 3793 N/A 2/9/2021 1.12.0 N/A  
Inspiron 3880 N/A 12/1/2020 1.3.1 N/A  
Inspiron 3881 N/A 12/1/2020 1.3.1 N/A  
Inspiron 5400 2 in1 N/A 2/9/2021 1.5.0 N/A  
Inspiron 5490 N/A 12/14/2020 1.12.0 N/A  
Inspiron 5493 N/A 2/9/2021 1.12.0 N/A  
Inspiron 5498 N/A 12/14/2020 1.12.0 N/A  
Inspiron 5590 N/A 12/14/2020 1.12.0 N/A  
Inspiron 5593 N/A 2/9/2021 1.12.0 N/A  
Inspiron 5598 N/A 12/14/2020 1.12.0 N/A  
Inspiron 7391 2 in 1 N/A 11/12/2020 1.9.1 N/A  
Inspiron 7500 N/A 12/22/2020 1.5.1 N/A  
Inspiron 7500 2 in1 Silver N/A 2/9/2021 1.5.0 N/A  
Inspiron 7501 N/A 12/22/2020 1.5.1 N/A  
Inspiron 7590 N/A 11/18/2020 1.8.0 N/A  
Inspiron 7591 N/A 11/18/2020 1.8.0 N/A  
Latitude 3310 N/A 1/13/2021 1.8.3 N/A  
Latitude 3310 2-in-1 N/A 11/24/2020 1.17.1 N/A  
Latitude 5285 2-in-1 7/30/2021 1.13.0 N/A N/A  
Latitude 5289 2-in-1 7/27/2021 1.23.1 N/A N/A  
Latitude 5290 2-in-1 7/30/2021 1.16.0 N/A N/A  
Latitude 5300 N/A 4/8/2021 1.12.1 N/A  
Latitude 5300 2-IN-1 N/A 4/8/2021 1.12.1 N/A  
Latitude 5310 N/A 4/6/2021 1.4.2 N/A  
Latitude 5310 2-IN-1 7/16/2021 1.7.0 4/6/2021 1.4.2 7/16/2021 1.7.0  
Latitude 5320 N/A N/A 7/16/2021 1.7.0  
Latitude 5400 N/A 2/23/2021 1.10.1 6/21/2021 1.7.1  
Latitude 5401 N/A 2/23/2021 1.11.1 N/A  
Latitude 5410 N/A 1/13/2021 1.4.3 N/A  
Latitude 5411 N/A 1/13/2021 1.4.3 6/23/2021 1.6.0  
Latitude 5420 N/A N/A N/A  
Latitude 5500 N/A 2/23/2021 1.10.1 6/22/2021 1.8.0  
Latitude 5501 N/A 2/23/2021 1.11.1 N/A  
Latitude 5510 N/A 1/13/2021 1.4.3 N/A  
Latitude 5520 N/A N/A 6/23/2021 1.6.0  
Latitude 5511 N/A 1/13/2021 1.4.3 6/21/2021 1.7.1  
Latitude 7200 2 in 1 N/A 1/21/2021 1.10.1 N/A  
Latitude 7210 2 in 1 6/23/2021 1.7.0 1/13/2021 1.5.1 N/A  
Latitude 7212 Rugged Extreme Tablet 7/27/2021 1.33.0 N/A 6/23/2021 1.7.0  
Latitude 7220 / 7220EX Rugged Extreme Tablet N/A 12/15/2020 1.9.1 N/A  
Latitude 7280 7/30/2021 1.21.1 N/A 12/15/2020 1.9.1  
Latitude 7285 7/30/2021 1.11.0 N/A N/A  
Latitude 7290 7/30/2021 1.20.0 N/A N/A  
Latitude 7300 N/A 4/6/2021 1.11.1 N/A  
Latitude 7310 6/23/2021 1.7.0 1/13/2021 1.5.1 N/A  
Latitude 7320 N/A N/A 6/23/2021 1.7.0  
Latitude 7370 7/30/2021 1.24.3 N/A 6/21/2021 1.7.1  
Latitude 7380 7/30/2021 1.21.1 N/A N/A  
Latitude 7389 7/30/2021 1.23.1 N/A N/A  
Latitude 7390 7/30/2021 1.20.0 N/A N/A  
Latitude 7390 2-in-1 7/30/2021 1.19.0 N/A N/A  
Latitude 7400 N/A 4/6/2021 1.11.1 N/A  
Latitude 7400 2-in-1 N/A 11/26/2020 1.10.0 N/A  
Latitude 7410 6/23/2021 1.7.0 1/13/2021 1.5.1 N/A  
Latitude 7420 6/21/2021 1.7.1 N/A 6/23/2021 1.7.0  
Latitude 7480 7/30/2021 1.21.1 N/A 6/21/2021 1.7.1  
Latitude 7490 7/30/2021 1.20.1 N/A N/A  
Latitude 7520 N/A N/A N/A  
Latitude 9410 6/23/2021 1.7.0 1/13/2021 1.5.1 6/21/2021 1.7.1  
Latitude 9510 6/32/2021 1.6.0 1/13/2021 1.4.2 6/23/2021 1.7.0  
Latitude 9520 N/A N/A 6/32/2021 1.6.0  
OptiPlex 3080 N/A 12/17/2020 1.3.1 6/23/2021 1.5.2  
OptiPlex 3090 Ultra N/A N/A N/A  
OptiPlex 3280 AIO N/A 11/25/2020 1.3.1 6/30/2021 1.2.0  
OptiPlex 5080 N/A 12/17/2020 1.3.1 N/A  
OptiPlex 5480 AIO N/A 11/25/2020 1.4.0 N/A  
OptiPlex 7080 N/A 3/30/2021 1.3.10 N/A  
Optiplex 7090 Ultra N/A N/A N/A  
OptiPlex 7480 AIO N/A 1/21/2021 1.6.2 6/30/2021 1.2.0  
OptiPlex 7780 AIO N/A 1/21/2021 1.6.2 N/A  
Precision 3440 N/A 3/29/2021 1.3.10 N/A  
Precision 3540 N/A 2/23/2021 1.10.1 N/A  
Precision 3541 N/A 2/23/2021 1.11.1 N/A  
Precision 3550 N/A 1/13/2021 1.4.3 N/A  
Precision 3551 N/A 1/13/2021 1.4.3 6/23/2021 1.6.2  
Precision 3560 N/A N/A N/A  
Precision 3640 Tower 6/23/2021 1.6.2 1/15/2021 1.4.3 6/21/2021 1.7.1  
Precision 5510 7/30/2021 1.17.0 N/A N/A  
Precision 5520 7/29/2021 1.23.1 N/A N/A  
Precision 5530 2-in-1 7/30/2021 1.14.10 N/A N/A  
Precision 5540 N/A 1/20/2021 1.9.1 N/A  
Precision 5550 N/A 1/14/2021 1.6.1 N/A  
Precision 5750 N/A 1/18/2021 1.6.3 N/A  
Precision 7540 N/A 1/21/2021 1.11.2 N/A  
Precision 7550 N/A 1/12/2021 1.6.2 N/A  
Precision 7740 N/A 1/21/2021 1.11.2 N/A  
Precision 7750 N/A 1/12/2021 1.6.2 N/A  
Vostro 3401 N/A 2/9/2021 1.1.0 N/A  
Vostro 3491 N/A 2/9/2021 1.12.0 N/A  
Vostro 3501 N/A 2/9/2021 1.1.0 N/A  
Vostro 3591 N/A 2/9/2021 1.12.0 N/A  
Vostro 3681 N/A 12/1/2020  1.3.1 N/A  
Vostro 3881 N/A 12/1/2020 1.3.1 N/A  
Vostro 3888 N/A 12/1/2020 1.3.1 N/A  
Vostro 5490 N/A 12/14/2020 1.12.0 N/A  
Vostro 5590 N/A 12/14/2020 1.12.0 N/A  
Vostro 7500 N/A 12/22/2020 1.5.1 N/A  
Vostro 7590 N/A 11/18/2020 1.8.0 N/A  
Wyse 5470 N/A 12/30/2020 1.6.0 N/A  
XPS 13 (9360) 7/29/2021 2.16.0 N/A N/A  
XPS 13 (9370) 7/29/2021 1.15.0 N/A N/A  
XPS 13 (9380) N/A 1/22/2021 1.12.0 N/A  
XPS 13 9300 N/A 2/9/2021 1.4.1 N/A  
XPS 15 9575 2-in-1 7/29/2021 1.16.2 N/A N/A  
XPS 17 9700 N/A 1/18/2021 1.6.3 N/A  
XPS 7380 N/A 11/17/2020 1.7.0 N/A  
XPS 7390 2-in-1 N/A 2/9/2021 1.7.1 N/A  
XPS 7590 N/A 1/20/2021 1.9.1 N/A  
XPS 9500 N/A 1/14/2021 1.6.1 N/A  
Product CVE-2021-21522 CVE-2021-36283 CVE-2021-36284
CVE-2021-36285
 
Release Date  BIOS Update Version (or greater) Release Date  BIOS Update Version (or greater)  Release Date BIOS Update Version (or greater)  
 
ChengMing 3990 N/A 12/1/2020 1.3.1 N/A  
ChengMing 3991 N/A 12/1/2020 1.3.1 N/A  
Dell G3 15 (3500) N/A 12/31/2020 1.7.1 N/A  
Dell G3 15 (3590) N/A 1/19/2021 1.12.0 N/A  
Dell G5 15 (5500) N/A 12/31/2020 1.7.1 N/A  
Inspiron 3493 N/A 2/9/2021 1.12.0 N/A  
Inspiron 3501 N/A 2/9/2021 1.1.0 N/A  
Inspiron 3593 N/A 2/9/2021 1.12.0 N/A  
Inspiron 3793 N/A 2/9/2021 1.12.0 N/A  
Inspiron 3880 N/A 12/1/2020 1.3.1 N/A  
Inspiron 3881 N/A 12/1/2020 1.3.1 N/A  
Inspiron 5400 2 in1 N/A 2/9/2021 1.5.0 N/A  
Inspiron 5490 N/A 12/14/2020 1.12.0 N/A  
Inspiron 5493 N/A 2/9/2021 1.12.0 N/A  
Inspiron 5498 N/A 12/14/2020 1.12.0 N/A  
Inspiron 5590 N/A 12/14/2020 1.12.0 N/A  
Inspiron 5593 N/A 2/9/2021 1.12.0 N/A  
Inspiron 5598 N/A 12/14/2020 1.12.0 N/A  
Inspiron 7391 2 in 1 N/A 11/12/2020 1.9.1 N/A  
Inspiron 7500 N/A 12/22/2020 1.5.1 N/A  
Inspiron 7500 2 in1 Silver N/A 2/9/2021 1.5.0 N/A  
Inspiron 7501 N/A 12/22/2020 1.5.1 N/A  
Inspiron 7590 N/A 11/18/2020 1.8.0 N/A  
Inspiron 7591 N/A 11/18/2020 1.8.0 N/A  
Latitude 3310 N/A 1/13/2021 1.8.3 N/A  
Latitude 3310 2-in-1 N/A 11/24/2020 1.17.1 N/A  
Latitude 5285 2-in-1 7/30/2021 1.13.0 N/A N/A  
Latitude 5289 2-in-1 7/27/2021 1.23.1 N/A N/A  
Latitude 5290 2-in-1 7/30/2021 1.16.0 N/A N/A  
Latitude 5300 N/A 4/8/2021 1.12.1 N/A  
Latitude 5300 2-IN-1 N/A 4/8/2021 1.12.1 N/A  
Latitude 5310 N/A 4/6/2021 1.4.2 N/A  
Latitude 5310 2-IN-1 7/16/2021 1.7.0 4/6/2021 1.4.2 7/16/2021 1.7.0  
Latitude 5320 N/A N/A 7/16/2021 1.7.0  
Latitude 5400 N/A 2/23/2021 1.10.1 6/21/2021 1.7.1  
Latitude 5401 N/A 2/23/2021 1.11.1 N/A  
Latitude 5410 N/A 1/13/2021 1.4.3 N/A  
Latitude 5411 N/A 1/13/2021 1.4.3 6/23/2021 1.6.0  
Latitude 5420 N/A N/A N/A  
Latitude 5500 N/A 2/23/2021 1.10.1 6/22/2021 1.8.0  
Latitude 5501 N/A 2/23/2021 1.11.1 N/A  
Latitude 5510 N/A 1/13/2021 1.4.3 N/A  
Latitude 5520 N/A N/A 6/23/2021 1.6.0  
Latitude 5511 N/A 1/13/2021 1.4.3 6/21/2021 1.7.1  
Latitude 7200 2 in 1 N/A 1/21/2021 1.10.1 N/A  
Latitude 7210 2 in 1 6/23/2021 1.7.0 1/13/2021 1.5.1 N/A  
Latitude 7212 Rugged Extreme Tablet 7/27/2021 1.33.0 N/A 6/23/2021 1.7.0  
Latitude 7220 / 7220EX Rugged Extreme Tablet N/A 12/15/2020 1.9.1 N/A  
Latitude 7280 7/30/2021 1.21.1 N/A 12/15/2020 1.9.1  
Latitude 7285 7/30/2021 1.11.0 N/A N/A  
Latitude 7290 7/30/2021 1.20.0 N/A N/A  
Latitude 7300 N/A 4/6/2021 1.11.1 N/A  
Latitude 7310 6/23/2021 1.7.0 1/13/2021 1.5.1 N/A  
Latitude 7320 N/A N/A 6/23/2021 1.7.0  
Latitude 7370 7/30/2021 1.24.3 N/A 6/21/2021 1.7.1  
Latitude 7380 7/30/2021 1.21.1 N/A N/A  
Latitude 7389 7/30/2021 1.23.1 N/A N/A  
Latitude 7390 7/30/2021 1.20.0 N/A N/A  
Latitude 7390 2-in-1 7/30/2021 1.19.0 N/A N/A  
Latitude 7400 N/A 4/6/2021 1.11.1 N/A  
Latitude 7400 2-in-1 N/A 11/26/2020 1.10.0 N/A  
Latitude 7410 6/23/2021 1.7.0 1/13/2021 1.5.1 N/A  
Latitude 7420 6/21/2021 1.7.1 N/A 6/23/2021 1.7.0  
Latitude 7480 7/30/2021 1.21.1 N/A 6/21/2021 1.7.1  
Latitude 7490 7/30/2021 1.20.1 N/A N/A  
Latitude 7520 N/A N/A N/A  
Latitude 9410 6/23/2021 1.7.0 1/13/2021 1.5.1 6/21/2021 1.7.1  
Latitude 9510 6/32/2021 1.6.0 1/13/2021 1.4.2 6/23/2021 1.7.0  
Latitude 9520 N/A N/A 6/32/2021 1.6.0  
OptiPlex 3080 N/A 12/17/2020 1.3.1 6/23/2021 1.5.2  
OptiPlex 3090 Ultra N/A N/A N/A  
OptiPlex 3280 AIO N/A 11/25/2020 1.3.1 6/30/2021 1.2.0  
OptiPlex 5080 N/A 12/17/2020 1.3.1 N/A  
OptiPlex 5480 AIO N/A 11/25/2020 1.4.0 N/A  
OptiPlex 7080 N/A 3/30/2021 1.3.10 N/A  
Optiplex 7090 Ultra N/A N/A N/A  
OptiPlex 7480 AIO N/A 1/21/2021 1.6.2 6/30/2021 1.2.0  
OptiPlex 7780 AIO N/A 1/21/2021 1.6.2 N/A  
Precision 3440 N/A 3/29/2021 1.3.10 N/A  
Precision 3540 N/A 2/23/2021 1.10.1 N/A  
Precision 3541 N/A 2/23/2021 1.11.1 N/A  
Precision 3550 N/A 1/13/2021 1.4.3 N/A  
Precision 3551 N/A 1/13/2021 1.4.3 6/23/2021 1.6.2  
Precision 3560 N/A N/A N/A  
Precision 3640 Tower 6/23/2021 1.6.2 1/15/2021 1.4.3 6/21/2021 1.7.1  
Precision 5510 7/30/2021 1.17.0 N/A N/A  
Precision 5520 7/29/2021 1.23.1 N/A N/A  
Precision 5530 2-in-1 7/30/2021 1.14.10 N/A N/A  
Precision 5540 N/A 1/20/2021 1.9.1 N/A  
Precision 5550 N/A 1/14/2021 1.6.1 N/A  
Precision 5750 N/A 1/18/2021 1.6.3 N/A  
Precision 7540 N/A 1/21/2021 1.11.2 N/A  
Precision 7550 N/A 1/12/2021 1.6.2 N/A  
Precision 7740 N/A 1/21/2021 1.11.2 N/A  
Precision 7750 N/A 1/12/2021 1.6.2 N/A  
Vostro 3401 N/A 2/9/2021 1.1.0 N/A  
Vostro 3491 N/A 2/9/2021 1.12.0 N/A  
Vostro 3501 N/A 2/9/2021 1.1.0 N/A  
Vostro 3591 N/A 2/9/2021 1.12.0 N/A  
Vostro 3681 N/A 12/1/2020  1.3.1 N/A  
Vostro 3881 N/A 12/1/2020 1.3.1 N/A  
Vostro 3888 N/A 12/1/2020 1.3.1 N/A  
Vostro 5490 N/A 12/14/2020 1.12.0 N/A  
Vostro 5590 N/A 12/14/2020 1.12.0 N/A  
Vostro 7500 N/A 12/22/2020 1.5.1 N/A  
Vostro 7590 N/A 11/18/2020 1.8.0 N/A  
Wyse 5470 N/A 12/30/2020 1.6.0 N/A  
XPS 13 (9360) 7/29/2021 2.16.0 N/A N/A  
XPS 13 (9370) 7/29/2021 1.15.0 N/A N/A  
XPS 13 (9380) N/A 1/22/2021 1.12.0 N/A  
XPS 13 9300 N/A 2/9/2021 1.4.1 N/A  
XPS 15 9575 2-in-1 7/29/2021 1.16.2 N/A N/A  
XPS 17 9700 N/A 1/18/2021 1.6.3 N/A  
XPS 7380 N/A 11/17/2020 1.7.0 N/A  
XPS 7390 2-in-1 N/A 2/9/2021 1.7.1 N/A  
XPS 7590 N/A 1/20/2021 1.9.1 N/A  
XPS 9500 N/A 1/14/2021 1.6.1 N/A  
Acknowledgements

Dell Technologies would like to thank JiaWei,Yin (yngweijw) for reporting CVE-2021-36283

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide


The information in this Dell Technologies Security Advisory should be read and used to assist in avoiding situations that may arise from the problems described herein. Dell Technologies distributes Security Advisories to bring important security information to the attention of users of the affected product(s). Dell Technologies assesses the risk based on an average of risks across a diverse set of installed systems and may not represent the actual risk to your local installation and individual environment. It is recommended that all users determine the applicability of this information to their individual environments and take appropriate actions. The information set forth herein is provided "as is" without warranty of any kind. Dell Technologies expressly disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Dell Technologies, its affiliates or suppliers, be liable for any damages whatsoever arising from or related to the information contained herein or actions that you decide to take based thereon, including any direct, indirect, incidental, consequential, loss of business profits or special damages, even if Dell Technologies, its affiliates or suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation shall apply to the extent permissible under law.

Article Properties


Affected Product

Product Security Information

Last Published Date

27 Sep 2021

Version

2

Article Type

Dell Security Advisory