CVE-2021-21574

Name: CVE-2021-21574
Creator: NVD / NIST
Published: 2021-06-24T17:15:08.013+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 0.29%

Last modified Jun 17, 2026

CVE-2021-21574 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions.. EPSS estimates a 0.29% chance of exploitation in the next 30 days.

Description

Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Probability

0.29%

20.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Dell	Alienware M15 R6 Firmware	< 1.3.3
Dell	Chengming 3990 Firmware	< 1.4.1
Dell	Chengming 3991 Firmware	< 1.4.1
Dell	G15 5510 Firmware	< 1.4.0
Dell	G15 5511 Firmware	< 1.3.3
Dell	G3 3500 Firmware	<= 1.9.0
Dell	G5 5500 Firmware	< 1.9.0
Dell	G7 7500 Firmware	< 1.9.0
Dell	G7 7700 Firmware	< 1.9.0
Dell	Inspiron 14 5418 Firmware	< 2.1.0_a06
Dell	Inspiron 15 5518 Firmware	< 2.1.0_a06
Dell	Inspiron 15 7510 Firmware	< 1.0.4
Dell	Inspiron 3501 Firmware	< 1.6.0
Dell	Inspiron 3880 Firmware	< 1.4.1
Dell	Inspiron 3881 Firmware	< 1.4.1
Dell	Inspiron 3891 Firmware	< 1.0.11
Dell	Inspiron 5300 Firmware	< 1.7.1
Dell	Inspiron 5301 Firmware	< 1.8.1
Dell	Inspiron 5310 Firmware	< 2.1.0
Dell	Inspiron 5400 2-In-1 Firmware	< 1.7.0
Dell	Inspiron 5400 Aio Firmware	< 1.4.0
Dell	Inspiron 5401 Firmware	< 1.7.2
Dell	Inspiron 5401 Aio Firmware	< 1.4.0
Dell	Inspiron 5402 Firmware	< 1.5.1
Dell	Inspiron 5406 2n1 Firmware	< 1.5.1
Dell	Inspiron 5408 Firmware	< 1.7.2
Dell	Inspiron 5409 Firmware	< 1.5.1
Dell	Inspiron 5410 2-In-1 Firmware	< 2.1.0
Dell	Inspiron 5501 Firmware	< 1.7.2
Dell	Inspiron 5502 Firmware	< 1.5.1
Dell	Inspiron 5508 Firmware	< 1.7.2
Dell	Inspiron 5509 Firmware	< 1.5.1
Dell	Inspiron 7300 Firmware	< 1.8.1
Dell	Inspiron 7300 2-In-1 Firmware	< 1.3.0
Dell	Inspiron 7306 2-In-1 Firmware	< 1.5.1
Dell	Inspiron 7400 Firmware	< 1.8.1
Dell	Inspiron 7500 Firmware	< 1.8.0
Dell	Inspiron 7500 2-In-1 Firmware	< 1.3.0
Dell	Inspiron 7501 Firmware	< 1.8.0
Dell	Inspiron 7506 Firmware	< 1.5.1
Dell	Inspiron 7610 Firmware	< 1.0.4
Dell	Inspiron 7700 Aio Firmware	< 1.4.0
Dell	Inspiron 7706 2-In-1 Firmware	< 1.5.1
Dell	Latitude 3120 Firmware	< 1.1.0
Dell	Latitude 3320 Firmware	< 1.4.0
Dell	Latitude 3410 Firmware	< 1.9.0
Dell	Latitude 3420 Firmware	< 1.8.0
Dell	Latitude 3510 Firmware	< 1.9.0
Dell	Latitude 3520 Firmware	< 1.8.0
Dell	Latitude 5310 Firmware	< 1.7.0

Showing 50 of 128 affected configurations. See NVD for the full list.

References

https://www.dell.com/support/kbdoc/en-us/000188682Vendor Advisory
https://www.dell.com/support/kbdoc/en-us/000188682Vendor Advisory

Timeline

Published: Jun 24, 2021
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2021-21574?

How severe is CVE-2021-21574?

CVE-2021-21574 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 0.29% probability of exploitation in the next 30 days.

How do I fix CVE-2021-21574?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-21574?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST