CVE-2021-21551
Dell dbutil Driver Insufficient Access Control Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
12Exploited in Wild
YesDecision
Descriptions
Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.
El controlador Dell dbutil_2_3.sys, contiene una vulnerabilidad de control de acceso insuficiente que puede conllevar a una escalada de privilegios, denegación de servicio o divulgación de información. Es requerido un acceso de usuario autenticado local
The DBUtil_2_3.sys driver distributed by Dell exposes an unprotected IOCTL interface that can be abused by an attacker to read and write kernel-mode memory.
Dell dbutil driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial-of-service (DoS), or information disclosure.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-04 CVE Reserved
- 2021-05-04 CVE Published
- 2021-05-04 First Exploit
- 2022-03-31 Exploited in Wild
- 2022-04-21 KEV Due Date
- 2024-05-21 EPSS Updated
- 2024-09-16 CVE Updated
CWE
- CWE-782: Exposed IOCTL with Insufficient Access Control
CAPEC
References (13)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Dell Search vendor "Dell" | Dbutil 2 3.sys Search vendor "Dell" for product "Dbutil 2 3.sys" | - | - |
Affected
|