Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-21557

Dell PowerEdge Server BIOS and select Dell Precision Rack BIOS contain an out-of-bounds array access vulnerability. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of service, arbitrary code execution, or information disclosure in System Management Mode.

Security Impact Summary

This vulnerability carries a HIGH severity rating with a CVSS v3.1 score of 8.1, requiring local system access to exploit with relatively low complexity without requiring user interaction . The vulnerability impacts confidentiality (data exposure), integrity (unauthorized modifications), and limited availability for affected systems. Impacting 62 products from dell, from dell, from dell and 59 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2021, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2021-06-14T19:15:08.497

Last Modified

2024-11-21T05:48:35.620

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-20
Type: Primary
CWE-125

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	dell	poweredge_r640_firmware	< 2.11.2	Yes
Hardware	dell	poweredge_r640	-	No
Operating System	dell	poweredge_r740_firmware	< 2.11.2	Yes
Hardware	dell	poweredge_r740	-	No
Operating System	dell	poweredge_r740xd_firmware	< 2.11.2	Yes
Hardware	dell	poweredge_r740xd	-	No
Operating System	dell	poweredge_r940_firmware	< 2.11.2	Yes
Hardware	dell	poweredge_r940	-	No
Operating System	dell	poweredge_r540_firmware	< 2.11.2	Yes
Hardware	dell	poweredge_r540	-	No
Operating System	dell	poweredge_r440_firmware	< 2.11.2	Yes
Hardware	dell	poweredge_r440	-	No
Operating System	dell	poweredge_t440_firmware	< 2.11.2	Yes
Hardware	dell	poweredge_t440	-	No
Operating System	dell	poweredge_xr2_firmware	< 2.11.2	Yes
Hardware	dell	poweredge_xr2	-	No
Operating System	dell	poweredge_r740xd2_firmware	< 2.11.2	Yes
Hardware	dell	poweredge_r740xd2	-	No
Operating System	dell	poweredge_r840_firmware	< 2.11.2	Yes
Hardware	dell	poweredge_r840	-	No
Operating System	dell	poweredge_r940xa_firmware	< 2.11.2	Yes
Hardware	dell	poweredge_r940xa	-	No
Operating System	dell	poweredge_t640_firmware	< 2.11.2	Yes
Hardware	dell	poweredge_t640	-	No
Operating System	dell	poweredge_c6420_firmware	< 2.11.2	Yes
Hardware	dell	poweredge_c6420	-	No
Operating System	dell	poweredge_fc640_firmware	< 2.11.2	Yes
Hardware	dell	poweredge_fc640	-	No
Operating System	dell	poweredge_m640_firmware	< 2.11.2	Yes
Hardware	dell	poweredge_m640	-	No
Operating System	dell	poweredge_m640p_firmware	< 2.11.2	Yes
Hardware	dell	poweredge_m640p	-	No
Operating System	dell	poweredge_mx740c_firmware	< 2.11.2	Yes
Hardware	dell	poweredge_mx740c	-	No
Operating System	dell	poweredge_mx840c_firmware	< 2.11.2	Yes
Hardware	dell	poweredge_mx840c	-	No
Operating System	dell	poweredge_c4140_firmware	< 2.11.2	Yes
Hardware	dell	poweredge_c4140	-	No
Operating System	dell	poweredge_t140_firmware	< 2.5.1	Yes
Hardware	dell	poweredge_t140	-	No
Operating System	dell	poweredge_t340_firmware	< 2.5.1	Yes
Hardware	dell	poweredge_t340	-	No
Operating System	dell	poweredge_r240_firmware	< 2.5.1	Yes
Hardware	dell	poweredge_r240	-	No
Operating System	dell	poweredge_r340_firmware	< 2.5.1	Yes
Hardware	dell	poweredge_r340	-	No
Operating System	dell	poweredge_r6415_firmware	< 1.16.1	Yes
Hardware	dell	poweredge_r6415	-	No
Operating System	dell	poweredge_r7415_firmware	< 1.16.1	Yes
Hardware	dell	poweredge_r7415	-	No
Operating System	dell	poweredge_r7425_firmware	< 1.16.1	Yes
Hardware	dell	poweredge_r7425	-	No
Operating System	dell	poweredge_r6515_firmware	< 2.2.4	Yes
Hardware	dell	poweredge_r6515	-	No
Operating System	dell	poweredge_r7515_firmware	< 2.2.4	Yes
Hardware	dell	poweredge_r7515	-	No
Operating System	dell	poweredge_r6525_firmware	< 2.2.5	Yes
Hardware	dell	poweredge_r6525	-	No
Operating System	dell	poweredge_r7525_firmware	< 2.2.5	Yes
Hardware	dell	poweredge_r7525	-	No
Operating System	dell	poweredge_c6525_firmware	< 2.2.4	Yes
Hardware	dell	poweredge_c6525	-	No

References

https://www.dell.com/support/kbdoc/000187958 Patch, Vendor Advisory ([email protected])
https://www.dell.com/support/kbdoc/000187958 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For dell's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.