{"id": "CVE-2021-21554", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}, {"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.5, "exploitabilityScore": 0.6}]}, "published": "2021-06-14T19:15:08.193", "references": [{"url": "https://www.dell.com/support/kbdoc/000187958", "tags": ["Patch", "Vendor Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-122"}]}], "descriptions": [{"lang": "en", "value": "Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and, Dell Precision 7920 Rack Workstation BIOS contain a stack-based buffer overflow vulnerability in systems with Intel Optane DC Persistent Memory installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment."}, {"lang": "es", "value": "Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, y, Dell Precision 7920 Rack Workstation BIOS, contienen una vulnerabilidad de desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria en los sistemas con Intel Optane DC Persistent Memory instalado. Un usuario local malicioso con privilegios elevados puede explotar potencialmente esta vulnerabilidad, conllevando a una denegaci\u00f3n de servicio, una ejecuci\u00f3n de c\u00f3digo arbitrario o una divulgaci\u00f3n de informaci\u00f3n en UEFI o BIOS Preboot Environment"}], "lastModified": "2022-10-25T23:43:25.277", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_r640_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06362F19-C989-4220-BC79-E6013F5C66EB", "versionEndExcluding": "2.9.4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_r640:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "81416C16-D7FA-4165-BB0E-6458A4EA5AEE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_r740_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "870DAC1E-73AD-4373-87D4-FB5FFE9FF76F", "versionEndExcluding": "2.9.4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_r740:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DE562535-3D9B-4A82-AC0D-6A2225E63E8D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_r740xd_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FACB298B-C3FD-451F-8BD1-8EA4B9F79C64", "versionEndExcluding": "2.9.4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_r740xd:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "868ECD3F-77CD-4F5D-86E5-61689E4C5BA0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_r940_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7BDE72DC-14D2-4B07-A506-10BBB14961EE", "versionEndExcluding": "2.9.4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_r940:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B581E1DE-4E94-49E5-B5CF-2A94B2570708"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_r840_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A9CE864-7A6E-43E6-B8EB-EA1ADFD966C8", "versionEndExcluding": "2.9.4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_r840:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E058B9C6-CD1C-42F5-8781-05450254E9E5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_r940xa_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AAB3D629-1772-45D6-95A9-2EBE069681D5", "versionEndExcluding": "2.9.4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_r940xa:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3D143853-3D62-4AD7-B899-F726036A34D2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_mx740c_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3FB8529E-5541-4975-870D-6BB8A69AC53F", "versionEndExcluding": "2.9.4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_mx740c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "757039D5-60B9-40B0-B719-38E27409BDDE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_mx840c_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B49F382-AB09-4E2A-8CF2-E11A2319D39C", "versionEndExcluding": "2.9.4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_mx840c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E4305D0F-CB59-49D5-8D21-8ECC3342C36C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:precision_7920_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "906ED33B-B998-47B3-9007-15254E47386C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:precision_7920:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0BCCF11B-05BD-4E70-AD26-6B26A7E701FA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security_alert@emc.com"}