CVE-2021-21555

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a heap-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dell:poweredge_r640_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r640:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:dell:poweredge_r740_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r740:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:dell:poweredge_r740xd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r740xd:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:dell:poweredge_r940_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r940:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:dell:poweredge_r840_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r840:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:dell:poweredge_r940xa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r940xa:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:dell:poweredge_t640_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_t640:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:dell:poweredge_mx740c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_mx740c:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:dell:poweredge_mx840c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_mx840c:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:48

Type Values Removed Values Added
CVSS v2 : 7.2
v3 : 6.7
v2 : 7.2
v3 : 6.1
References () https://www.dell.com/support/kbdoc/000187958 - Vendor Advisory () https://www.dell.com/support/kbdoc/000187958 - Vendor Advisory

Information

Published : 2021-06-14 19:15

Updated : 2024-11-21 05:48


NVD link : CVE-2021-21555

Mitre link : CVE-2021-21555

CVE.ORG link : CVE-2021-21555


JSON object : View

Products Affected

dell

  • poweredge_mx740c_firmware
  • poweredge_t640
  • poweredge_r740xd_firmware
  • poweredge_r940
  • poweredge_r840
  • poweredge_r740
  • poweredge_r940_firmware
  • poweredge_r940xa_firmware
  • poweredge_mx740c
  • poweredge_r840_firmware
  • poweredge_mx840c
  • poweredge_r940xa
  • poweredge_t640_firmware
  • poweredge_r640
  • poweredge_r740xd
  • poweredge_r740_firmware
  • poweredge_mx840c_firmware
  • poweredge_r640_firmware
CWE
CWE-122

Heap-based Buffer Overflow

CWE-787

Out-of-bounds Write