Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-21557

Dell PowerEdge Server BIOS and select Dell Precision Rack BIOS contain an out-of-bounds array access vulnerability. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of service, arbitrary code execution, or information disclosure in System Management Mode.

Published

2021-06-14T19:15:08.497

Last Modified

2024-11-21T05:48:35.620

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-20
Type: Primary
CWE-125

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	dell	poweredge_r640_firmware	< 2.11.2	Yes
Hardware	dell	poweredge_r640	-	No
Operating System	dell	poweredge_r740_firmware	< 2.11.2	Yes
Hardware	dell	poweredge_r740	-	No
Operating System	dell	poweredge_r740xd_firmware	< 2.11.2	Yes
Hardware	dell	poweredge_r740xd	-	No
Operating System	dell	poweredge_r940_firmware	< 2.11.2	Yes
Hardware	dell	poweredge_r940	-	No
Operating System	dell	poweredge_r540_firmware	< 2.11.2	Yes
Hardware	dell	poweredge_r540	-	No
Operating System	dell	poweredge_r440_firmware	< 2.11.2	Yes
Hardware	dell	poweredge_r440	-	No
Operating System	dell	poweredge_t440_firmware	< 2.11.2	Yes
Hardware	dell	poweredge_t440	-	No
Operating System	dell	poweredge_xr2_firmware	< 2.11.2	Yes
Hardware	dell	poweredge_xr2	-	No
Operating System	dell	poweredge_r740xd2_firmware	< 2.11.2	Yes
Hardware	dell	poweredge_r740xd2	-	No
Operating System	dell	poweredge_r840_firmware	< 2.11.2	Yes
Hardware	dell	poweredge_r840	-	No
Operating System	dell	poweredge_r940xa_firmware	< 2.11.2	Yes
Hardware	dell	poweredge_r940xa	-	No
Operating System	dell	poweredge_t640_firmware	< 2.11.2	Yes
Hardware	dell	poweredge_t640	-	No
Operating System	dell	poweredge_c6420_firmware	< 2.11.2	Yes
Hardware	dell	poweredge_c6420	-	No
Operating System	dell	poweredge_fc640_firmware	< 2.11.2	Yes
Hardware	dell	poweredge_fc640	-	No
Operating System	dell	poweredge_m640_firmware	< 2.11.2	Yes
Hardware	dell	poweredge_m640	-	No
Operating System	dell	poweredge_m640p_firmware	< 2.11.2	Yes
Hardware	dell	poweredge_m640p	-	No
Operating System	dell	poweredge_mx740c_firmware	< 2.11.2	Yes
Hardware	dell	poweredge_mx740c	-	No
Operating System	dell	poweredge_mx840c_firmware	< 2.11.2	Yes
Hardware	dell	poweredge_mx840c	-	No
Operating System	dell	poweredge_c4140_firmware	< 2.11.2	Yes
Hardware	dell	poweredge_c4140	-	No
Operating System	dell	poweredge_t140_firmware	< 2.5.1	Yes
Hardware	dell	poweredge_t140	-	No
Operating System	dell	poweredge_t340_firmware	< 2.5.1	Yes
Hardware	dell	poweredge_t340	-	No
Operating System	dell	poweredge_r240_firmware	< 2.5.1	Yes
Hardware	dell	poweredge_r240	-	No
Operating System	dell	poweredge_r340_firmware	< 2.5.1	Yes
Hardware	dell	poweredge_r340	-	No
Operating System	dell	poweredge_r6415_firmware	< 1.16.1	Yes
Hardware	dell	poweredge_r6415	-	No
Operating System	dell	poweredge_r7415_firmware	< 1.16.1	Yes
Hardware	dell	poweredge_r7415	-	No
Operating System	dell	poweredge_r7425_firmware	< 1.16.1	Yes
Hardware	dell	poweredge_r7425	-	No
Operating System	dell	poweredge_r6515_firmware	< 2.2.4	Yes
Hardware	dell	poweredge_r6515	-	No
Operating System	dell	poweredge_r7515_firmware	< 2.2.4	Yes
Hardware	dell	poweredge_r7515	-	No
Operating System	dell	poweredge_r6525_firmware	< 2.2.5	Yes
Hardware	dell	poweredge_r6525	-	No
Operating System	dell	poweredge_r7525_firmware	< 2.2.5	Yes
Hardware	dell	poweredge_r7525	-	No
Operating System	dell	poweredge_c6525_firmware	< 2.2.4	Yes
Hardware	dell	poweredge_c6525	-	No

References

https://www.dell.com/support/kbdoc/000187958 Patch, Vendor Advisory ([email protected])
https://www.dell.com/support/kbdoc/000187958 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)