CVE-2021-21554
Severity Score
6.7
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and, Dell Precision 7920 Rack Workstation BIOS contain a stack-based buffer overflow vulnerability in systems with Intel Optane DC Persistent Memory installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.
Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, y, Dell Precision 7920 Rack Workstation BIOS, contienen una vulnerabilidad de desbordamiento del búfer en la región stack de la memoria en los sistemas con Intel Optane DC Persistent Memory instalado. Un usuario local malicioso con privilegios elevados puede explotar potencialmente esta vulnerabilidad, conllevando a una denegación de servicio, una ejecución de código arbitrario o una divulgación de información en UEFI o BIOS Preboot Environment
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-01-04 CVE Reserved
- 2021-06-14 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-122: Heap-based Buffer Overflow
- CWE-787: Out-of-bounds Write
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.dell.com/support/kbdoc/000187958 | 2022-10-25 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Dell Search vendor "Dell" | Poweredge R640 Firmware Search vendor "Dell" for product "Poweredge R640 Firmware" | < 2.9.4 Search vendor "Dell" for product "Poweredge R640 Firmware" and version " < 2.9.4" | - |
Affected
| in | Dell Search vendor "Dell" | Poweredge R640 Search vendor "Dell" for product "Poweredge R640" | - | - |
Safe
|
| Dell Search vendor "Dell" | Poweredge R740 Firmware Search vendor "Dell" for product "Poweredge R740 Firmware" | < 2.9.4 Search vendor "Dell" for product "Poweredge R740 Firmware" and version " < 2.9.4" | - |
Affected
| in | Dell Search vendor "Dell" | Poweredge R740 Search vendor "Dell" for product "Poweredge R740" | - | - |
Safe
|
| Dell Search vendor "Dell" | Poweredge R740xd Firmware Search vendor "Dell" for product "Poweredge R740xd Firmware" | < 2.9.4 Search vendor "Dell" for product "Poweredge R740xd Firmware" and version " < 2.9.4" | - |
Affected
| in | Dell Search vendor "Dell" | Poweredge R740xd Search vendor "Dell" for product "Poweredge R740xd" | - | - |
Safe
|
| Dell Search vendor "Dell" | Poweredge R940 Firmware Search vendor "Dell" for product "Poweredge R940 Firmware" | < 2.9.4 Search vendor "Dell" for product "Poweredge R940 Firmware" and version " < 2.9.4" | - |
Affected
| in | Dell Search vendor "Dell" | Poweredge R940 Search vendor "Dell" for product "Poweredge R940" | - | - |
Safe
|
| Dell Search vendor "Dell" | Poweredge R840 Firmware Search vendor "Dell" for product "Poweredge R840 Firmware" | < 2.9.4 Search vendor "Dell" for product "Poweredge R840 Firmware" and version " < 2.9.4" | - |
Affected
| in | Dell Search vendor "Dell" | Poweredge R840 Search vendor "Dell" for product "Poweredge R840" | - | - |
Safe
|
| Dell Search vendor "Dell" | Poweredge R940xa Firmware Search vendor "Dell" for product "Poweredge R940xa Firmware" | < 2.9.4 Search vendor "Dell" for product "Poweredge R940xa Firmware" and version " < 2.9.4" | - |
Affected
| in | Dell Search vendor "Dell" | Poweredge R940xa Search vendor "Dell" for product "Poweredge R940xa" | - | - |
Safe
|
| Dell Search vendor "Dell" | Poweredge Mx740c Firmware Search vendor "Dell" for product "Poweredge Mx740c Firmware" | < 2.9.4 Search vendor "Dell" for product "Poweredge Mx740c Firmware" and version " < 2.9.4" | - |
Affected
| in | Dell Search vendor "Dell" | Poweredge Mx740c Search vendor "Dell" for product "Poweredge Mx740c" | - | - |
Safe
|
| Dell Search vendor "Dell" | Poweredge Mx840c Firmware Search vendor "Dell" for product "Poweredge Mx840c Firmware" | < 2.9.4 Search vendor "Dell" for product "Poweredge Mx840c Firmware" and version " < 2.9.4" | - |
Affected
| in | Dell Search vendor "Dell" | Poweredge Mx840c Search vendor "Dell" for product "Poweredge Mx840c" | - | - |
Safe
|
| Dell Search vendor "Dell" | Precision 7920 Firmware Search vendor "Dell" for product "Precision 7920 Firmware" | - | - |
Affected
| in | Dell Search vendor "Dell" | Precision 7920 Search vendor "Dell" for product "Precision 7920" | - | - |
Safe
|