Rewterz Threat Advisory – ICS: Multiple Siemens Solid Edge Vulnerabilities
September 29, 2021Rewterz Threat Advisory – CVE-2021-34767 – Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers
September 29, 2021Rewterz Threat Advisory – ICS: Multiple Siemens Solid Edge Vulnerabilities
September 29, 2021Rewterz Threat Advisory – CVE-2021-34767 – Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers
September 29, 2021Severity
High
Analysis Summary
CVE-2021-36285; CVE-2021-36284
Dell BIOS could allow a local authenticated attacker to bypass security restrictions, caused by an improper restriction of excessive authentication attempts flaw. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass excessive NVMe password attempt mitigations and perform brute force attacks.
CVE-2021-36283
Dell BIOS could allow a local authenticated attacker to execute arbitrary code on the system, caused by improper input validation. By sending a specially-crafted request using an SMI, an attacker could exploit this vulnerability to execute arbitrary code SMRAM.
CVE-2021-21522
Dell BIOS could allow a local authenticated attacker to obtain sensitive information, caused by a credentials management flaw. By resetting the BIOS password on the system via the Manageability Interface., an attacker could exploit this vulnerability to obtain sensitive information on an NVMe storage, and use this information to launch further attacks against the affected system.
Impact
- Security Bypass
- Code Execution
- Information Disclosure
Affected Vendors
- Dell
Affected Products
- Dell BIOS
Remediation
Refer to Dell Advisory for patch, upgrade or suggested workaround information.