Vulnerability CVE-2021-21551

Vulnerability CVE-2021-21551

Published: 2021-05-04

Description:

Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.

See advisories in our WLB2 database:

	Topic	Author	Date
High	Dell DBUtil_2_3.sys IOCTL Memory Read / Write	Spencer McIntyre	17.05.2021
Med.	DELL dbutil_2_3.sys 2.3 Arbitrary Write to Local Privilege Escalation (LPE)	Paolo Stagno aka...	21.05.2021

Type:

CWE-863

(Incorrect Authorization)

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
4.6/10	6.4/10	3.9/10

Exploit range	Attack complexity	Authentication
Local	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
DELL -> Debutil 2 3.sys
DELL -> Dbutil 2 3.sys

References:

https://www.dell.com/support/kbdoc/en-us/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability

Vulnerability CVE-2021-21551

Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.

See advisories in our WLB2 database:

High

Dell DBUtil_2_3.sys IOCTL Memory Read / Write

Med.

DELL dbutil_2_3.sys 2.3 Arbitrary Write to Local Privilege Escalation (LPE)

CWE-863

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:P/A:P)

4.6/10

6.4/10

3.9/10

Local

Low

No required

Partial

Partial

Partial

Affected software

References: