CVE-2021-21551

HIGH8.8

Dell dbutil_2_3

Published May 4, 2021

Modified 6 months ago

Details

Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.

References

WEB

http://packetstormsecurity.com/files/162604/Dell-DBUtil_2_3.sys-IOCTL-Memory-Read-Write.html

WEB

http://packetstormsecurity.com/files/162739/DELL-dbutil_2_3.sys-2.3-Arbitrary-Write-Privilege-Escalation.html

WEB

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21551

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2021-21551

WEB

https://www.dell.com/support/kbdoc/en-us/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability

CVSS Analysis

CVSS v3.1

8.8

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

ChangedS:C

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

8.8/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Weakness Type (CWE)

Other

CWE-782

Ecosystems

Timeline

PublishedMay 4, 2021

ModifiedOct 21, 2025

CVE-2021-21551 | Mondoo Vulnerability Intelligence