fkie_cve-2021-21556
Vulnerability from fkie_nvd
Published
2021-06-14 19:15
Modified
2024-11-21 05:48
Severity ?
6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a stack-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.
References
▼ | URL | Tags | |
---|---|---|---|
security_alert@emc.com | https://www.dell.com/support/kbdoc/000187958 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.dell.com/support/kbdoc/000187958 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:poweredge_r640_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C6D7153C-E15D-4041-B45F-207DEB0B13AE", versionEndExcluding: "2.11.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:poweredge_r640:-:*:*:*:*:*:*:*", matchCriteriaId: "81416C16-D7FA-4165-BB0E-6458A4EA5AEE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:poweredge_r740_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4502AE6D-BA6B-46AA-A214-99143272BA70", versionEndExcluding: "2.11.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:poweredge_r740:-:*:*:*:*:*:*:*", matchCriteriaId: "DE562535-3D9B-4A82-AC0D-6A2225E63E8D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:poweredge_r740xd_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3798FD8A-8A44-49F3-83E0-FD3D541DBCC2", versionEndExcluding: "2.11.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:poweredge_r740xd:-:*:*:*:*:*:*:*", matchCriteriaId: "868ECD3F-77CD-4F5D-86E5-61689E4C5BA0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:poweredge_r940_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CD596C2D-BA27-4ED0-BCF4-F9792AD3E358", versionEndExcluding: "2.11.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:poweredge_r940:-:*:*:*:*:*:*:*", matchCriteriaId: "B581E1DE-4E94-49E5-B5CF-2A94B2570708", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:poweredge_r840_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9E8EDAF7-4C73-49F5-840A-A3E3DD4ED72D", versionEndExcluding: "2.11.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:poweredge_r840:-:*:*:*:*:*:*:*", matchCriteriaId: "E058B9C6-CD1C-42F5-8781-05450254E9E5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:poweredge_r940xa_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F96E70D7-502B-42B9-8C50-30B685CC0E9E", versionEndExcluding: "2.11.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:poweredge_r940xa:-:*:*:*:*:*:*:*", matchCriteriaId: "3D143853-3D62-4AD7-B899-F726036A34D2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:poweredge_t640_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E2AE262A-7389-4CB1-8A76-7B723563BEF6", versionEndExcluding: "2.11.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:poweredge_t640:-:*:*:*:*:*:*:*", matchCriteriaId: "1DEC0235-DDA1-4EE4-B3F8-512F1B29AFC6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:poweredge_mx740c_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6552B1DC-BA56-42BC-AC35-374C764F256E", versionEndExcluding: "2.11.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:poweredge_mx740c:-:*:*:*:*:*:*:*", matchCriteriaId: "757039D5-60B9-40B0-B719-38E27409BDDE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:dell:poweredge_mx840c_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "24D97615-28EC-4484-8E1E-BFB8EABE3284", versionEndExcluding: "2.11.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:dell:poweredge_mx840c:-:*:*:*:*:*:*:*", matchCriteriaId: "E4305D0F-CB59-49D5-8D21-8ECC3342C36C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a stack-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.", }, { lang: "es", value: "Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, y T640 Server BIOS contienen una vulnerabilidad de desbordamiento del búfer en la región stack de la memoria en sistemas con NVDIMM-N instalados. Un usuario local malicioso con privilegios elevados puede explotar potencialmente esta vulnerabilidad, conllevando a una denegación de servicio, una ejecución de código arbitrario o una divulgación de información en UEFI o BIOS Preboot Environment", }, ], id: "CVE-2021-21556", lastModified: "2024-11-21T05:48:35.470", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L", version: "3.1", }, exploitabilityScore: 0.6, impactScore: 5.5, source: "security_alert@emc.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-06-14T19:15:08.353", references: [ { source: "security_alert@emc.com", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/000187958", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/000187958", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "security_alert@emc.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.