CVE-2021-21557

Published: Jun 14, 2021Modified: Nov 21, 2024

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

Dell PowerEdge Server BIOS and select Dell Precision Rack BIOS contain an out-of-bounds array access vulnerability. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of service, arbitrary code execution, or information disclosure in System Management Mode.

Affected (31)

Dell

31 products

Poweredge R640 Firmware

Poweredge R740 Firmware

Poweredge R740xd Firmware

Poweredge R940 Firmware

Poweredge R540 Firmware

Poweredge R440 Firmware

Poweredge T440 Firmware

Poweredge Xr2 Firmware

Poweredge R740xd2 Firmware

Poweredge R840 Firmware

Poweredge R940xa Firmware

Poweredge T640 Firmware

Poweredge C6420 Firmware

Poweredge Fc640 Firmware

Poweredge M640 Firmware

Poweredge M640p Firmware

Poweredge Mx740c Firmware

Poweredge Mx840c Firmware

Poweredge C4140 Firmware

Poweredge T140 Firmware

Poweredge T340 Firmware

Poweredge R240 Firmware

Poweredge R340 Firmware

Poweredge R6415 Firmware

Poweredge R7415 Firmware

Poweredge R7425 Firmware

Poweredge R6515 Firmware

Poweredge R7515 Firmware

Poweredge R6525 Firmware

Poweredge R7525 Firmware

Poweredge C6525 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge R640 Firmware	Before 2.11.2

Running on/with	Platform Versions
Dell Poweredge R640	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge R740 Firmware	Before 2.11.2

Running on/with	Platform Versions
Dell Poweredge R740	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge R740xd Firmware	Before 2.11.2

Running on/with	Platform Versions
Dell Poweredge R740xd	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge R940 Firmware	Before 2.11.2

Running on/with	Platform Versions
Dell Poweredge R940	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge R540 Firmware	Before 2.11.2

Running on/with	Platform Versions
Dell Poweredge R540	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge R440 Firmware	Before 2.11.2

Running on/with	Platform Versions
Dell Poweredge R440	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge T440 Firmware	Before 2.11.2

Running on/with	Platform Versions
Dell Poweredge T440	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge Xr2 Firmware	Before 2.11.2

Running on/with	Platform Versions
Dell Poweredge Xr2	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge R740xd2 Firmware	Before 2.11.2

Running on/with	Platform Versions
Dell Poweredge R740xd2	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge R840 Firmware	Before 2.11.2

Running on/with	Platform Versions
Dell Poweredge R840	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge R940xa Firmware	Before 2.11.2

Running on/with	Platform Versions
Dell Poweredge R940xa	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge T640 Firmware	Before 2.11.2

Running on/with	Platform Versions
Dell Poweredge T640	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge C6420 Firmware	Before 2.11.2

Running on/with	Platform Versions
Dell Poweredge C6420	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge Fc640 Firmware	Before 2.11.2

Running on/with	Platform Versions
Dell Poweredge Fc640	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge M640 Firmware	Before 2.11.2

Running on/with	Platform Versions
Dell Poweredge M640	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge M640p Firmware	Before 2.11.2

Running on/with	Platform Versions
Dell Poweredge M640p	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge Mx740c Firmware	Before 2.11.2

Running on/with	Platform Versions
Dell Poweredge Mx740c	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge Mx840c Firmware	Before 2.11.2

Running on/with	Platform Versions
Dell Poweredge Mx840c	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge C4140 Firmware	Before 2.11.2

Running on/with	Platform Versions
Dell Poweredge C4140	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge T140 Firmware	Before 2.5.1

Running on/with	Platform Versions
Dell Poweredge T140	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge T340 Firmware	Before 2.5.1

Running on/with	Platform Versions
Dell Poweredge T340	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge R240 Firmware	Before 2.5.1

Running on/with	Platform Versions
Dell Poweredge R240	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge R340 Firmware	Before 2.5.1

Running on/with	Platform Versions
Dell Poweredge R340	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge R6415 Firmware	Before 1.16.1

Running on/with	Platform Versions
Dell Poweredge R6415	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge R7415 Firmware	Before 1.16.1

Running on/with	Platform Versions
Dell Poweredge R7415	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge R7425 Firmware	Before 1.16.1

Running on/with	Platform Versions
Dell Poweredge R7425	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge R6515 Firmware	Before 2.2.4

Running on/with	Platform Versions
Dell Poweredge R6515	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge R7515 Firmware	Before 2.2.4

Running on/with	Platform Versions
Dell Poweredge R7515	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge R6525 Firmware	Before 2.2.5

Running on/with	Platform Versions
Dell Poweredge R6525	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge R7525 Firmware	Before 2.2.5

Running on/with	Platform Versions
Dell Poweredge R7525	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dell Poweredge C6525 Firmware	Before 2.2.4

Running on/with	Platform Versions
Dell Poweredge C6525	All versions

Related CWEs

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://www.dell.com/support/kbdoc/000187958

Source: security_alert@emc.com

PatchVendor Advisory

https://www.dell.com/support/kbdoc/000187958

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.