Vulnerabilities > CVE-2021-21551 - Exposed IOCTL with Insufficient Access Control vulnerability in Dell Dbutil 2 3.Sys

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

dell

CWE-782

NVD

Published: 2021-05-04

Updated: 2023-10-05

Summary

Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.

Vulnerable Configurations

Part	Description	Count
Application	Dell Dell Dbutil 2 3.Sys -	1

Common Weakness Enumeration (CWE)

CWE-782 - Exposed IOCTL with Insufficient Access Control

References

https://www.dell.com/support/kbdoc/en-us/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability
http://packetstormsecurity.com/files/162604/Dell-DBUtil_2_3.sys-IOCTL-Memory-Read-Write.html
http://packetstormsecurity.com/files/162739/DELL-dbutil_2_3.sys-2.3-Arbitrary-Write-Privilege-Escalation.html

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Related news

References