CVE-2021-21556

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-21556
Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a stack-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.

6.7 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
https://www.dell.com/support/kbdoc/000187958 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dell:poweredge_r640_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r640:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:dell:poweredge_r740_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r740:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:dell:poweredge_r740xd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r740xd:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:dell:poweredge_r940_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r940:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:dell:poweredge_r840_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r840:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:dell:poweredge_r940xa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r940xa:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:dell:poweredge_t640_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_t640:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:dell:poweredge_mx740c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_mx740c:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:dell:poweredge_mx840c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_mx840c:-:*:*:*:*:*:*:*
History

No history.

Information

Published : 2021-06-14 19:15

Updated : 2024-02-28 18:28

NVD link : CVE-2021-21556

Mitre link : CVE-2021-21556

CVE.ORG link : CVE-2021-21556

JSON object : View

Products Affected

dell

  • poweredge_r840_firmware
  • poweredge_r640_firmware
  • poweredge_r740_firmware
  • poweredge_t640_firmware
  • poweredge_mx740c_firmware
  • poweredge_r740xd
  • poweredge_r940xa_firmware
  • poweredge_mx840c_firmware
  • poweredge_r940
  • poweredge_r740xd_firmware
  • poweredge_mx740c
  • poweredge_r940_firmware
  • poweredge_r840
  • poweredge_r640
  • poweredge_t640
  • poweredge_mx840c
  • poweredge_r740
  • poweredge_r940xa
CWE
CWE-787

Out-of-bounds Write

CWE-121

Stack-based Buffer Overflow