CVE-2021-21557

EPSS 0.04%
Published 14.06.2021 19:15:08
Last modified 21.11.2024 05:48:35
Source security_alert@emc.com
Teams watchlist Login
Open Login

Dell PowerEdge Server BIOS and select Dell Precision Rack BIOS contain an out-of-bounds array access vulnerability. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of service, arbitrary code execution, or information disclosure in System Management Mode.

Affected products Warnungen 0 Metrics 4 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Dell ≫ Poweredge R640 Firmware Version < 2.11.2

Dell ≫ Poweredge R640 Version-

Dell ≫ Poweredge R740 Firmware Version < 2.11.2

Dell ≫ Poweredge R740 Version-

Dell ≫ Poweredge R740xd Firmware Version < 2.11.2

Dell ≫ Poweredge R740xd Version-

Dell ≫ Poweredge R940 Firmware Version < 2.11.2

Dell ≫ Poweredge R940 Version-

Dell ≫ Poweredge R540 Firmware Version < 2.11.2

Dell ≫ Poweredge R540 Version-

Dell ≫ Poweredge R440 Firmware Version < 2.11.2

Dell ≫ Poweredge R440 Version-

Dell ≫ Poweredge T440 Firmware Version < 2.11.2

Dell ≫ Poweredge T440 Version-

Dell ≫ Poweredge Xr2 Firmware Version < 2.11.2

Dell ≫ Poweredge Xr2 Version-

Dell ≫ Poweredge R740xd2 Firmware Version < 2.11.2

Dell ≫ Poweredge R740xd2 Version-

Dell ≫ Poweredge R840 Firmware Version < 2.11.2

Dell ≫ Poweredge R840 Version-

Dell ≫ Poweredge R940xa Firmware Version < 2.11.2

Dell ≫ Poweredge R940xa Version-

Dell ≫ Poweredge T640 Firmware Version < 2.11.2

Dell ≫ Poweredge T640 Version-

Dell ≫ Poweredge C6420 Firmware Version < 2.11.2

Dell ≫ Poweredge C6420 Version-

Dell ≫ Poweredge Fc640 Firmware Version < 2.11.2

Dell ≫ Poweredge Fc640 Version-

Dell ≫ Poweredge M640 Firmware Version < 2.11.2

Dell ≫ Poweredge M640 Version-

Dell ≫ Poweredge M640p Firmware Version < 2.11.2

Dell ≫ Poweredge M640p Version-

Dell ≫ Poweredge Mx740c Firmware Version < 2.11.2

Dell ≫ Poweredge Mx740c Version-

Dell ≫ Poweredge Mx840c Firmware Version < 2.11.2

Dell ≫ Poweredge Mx840c Version-

Dell ≫ Poweredge C4140 Firmware Version < 2.11.2

Dell ≫ Poweredge C4140 Version-

Dell ≫ Poweredge T140 Firmware Version < 2.5.1

Dell ≫ Poweredge T140 Version-

Dell ≫ Poweredge T340 Firmware Version < 2.5.1

Dell ≫ Poweredge T340 Version-

Dell ≫ Poweredge R240 Firmware Version < 2.5.1

Dell ≫ Poweredge R240 Version-

Dell ≫ Poweredge R340 Firmware Version < 2.5.1

Dell ≫ Poweredge R340 Version-

Dell ≫ Poweredge R6415 Firmware Version < 1.16.1

Dell ≫ Poweredge R6415 Version-

Dell ≫ Poweredge R7415 Firmware Version < 1.16.1

Dell ≫ Poweredge R7415 Version-

Dell ≫ Poweredge R7425 Firmware Version < 1.16.1

Dell ≫ Poweredge R7425 Version-

Dell ≫ Poweredge R6515 Firmware Version < 2.2.4

Dell ≫ Poweredge R6515 Version-

Dell ≫ Poweredge R7515 Firmware Version < 2.2.4

Dell ≫ Poweredge R7515 Version-

Dell ≫ Poweredge R6525 Firmware Version < 2.2.5

Dell ≫ Poweredge R6525 Version-

Dell ≫ Poweredge R7525 Firmware Version < 2.2.5

Dell ≫ Poweredge R7525 Version-

Dell ≫ Poweredge C6525 Firmware Version < 2.2.4

Dell ≫ Poweredge C6525 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.095

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C
security_alert@emc.com	8.1	1.5	6	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://www.dell.com/support/kbdoc/000187958

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-21557

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-21557

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-21557

EUVD