CVE-2021-21557

Dell PowerEdge Server BIOS and select Dell Precision Rack BIOS contain an out-of-bounds array access vulnerability. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of service, arbitrary code execution, or information disclosure in System Management Mode.
References
Link Resource
https://www.dell.com/support/kbdoc/000187958 Patch Vendor Advisory
https://www.dell.com/support/kbdoc/000187958 Patch Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dell:poweredge_r640_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r640:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:dell:poweredge_r740_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r740:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:dell:poweredge_r740xd_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r740xd:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:dell:poweredge_r940_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r940:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:dell:poweredge_r540_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r540:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:dell:poweredge_r440_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r440:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:dell:poweredge_t440_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_t440:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:dell:poweredge_xr2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_xr2:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:dell:poweredge_r740xd2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r740xd2:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:dell:poweredge_r840_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r840:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:dell:poweredge_r940xa_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r940xa:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:dell:poweredge_t640_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_t640:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:dell:poweredge_c6420_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_c6420:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:dell:poweredge_fc640_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_fc640:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:dell:poweredge_m640_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_m640:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:dell:poweredge_m640p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_m640p:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:dell:poweredge_mx740c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_mx740c:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:dell:poweredge_mx840c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_mx840c:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:dell:poweredge_c4140_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_c4140:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:dell:poweredge_t140_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_t140:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:dell:poweredge_t340_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_t340:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:dell:poweredge_r240_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r240:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:dell:poweredge_r340_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r340:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:dell:poweredge_r6415_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r6415:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
cpe:2.3:o:dell:poweredge_r7415_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r7415:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND
cpe:2.3:o:dell:poweredge_r7425_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r7425:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND
cpe:2.3:o:dell:poweredge_r6515_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r6515:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND
cpe:2.3:o:dell:poweredge_r7515_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r7515:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND
cpe:2.3:o:dell:poweredge_r6525_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r6525:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND
cpe:2.3:o:dell:poweredge_r7525_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_r7525:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND
cpe:2.3:o:dell:poweredge_c6525_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:poweredge_c6525:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:48

Type Values Removed Values Added
CVSS v2 : 7.2
v3 : 6.7
v2 : 7.2
v3 : 8.1
References () https://www.dell.com/support/kbdoc/000187958 - Patch, Vendor Advisory () https://www.dell.com/support/kbdoc/000187958 - Patch, Vendor Advisory

Information

Published : 2021-06-14 19:15

Updated : 2024-11-21 05:48


NVD link : CVE-2021-21557

Mitre link : CVE-2021-21557

CVE.ORG link : CVE-2021-21557


JSON object : View

Products Affected

dell

  • poweredge_r440
  • poweredge_r6415
  • poweredge_r940xa_firmware
  • poweredge_c4140_firmware
  • poweredge_r840_firmware
  • poweredge_r340
  • poweredge_r940xa
  • poweredge_r640
  • poweredge_xr2_firmware
  • poweredge_c4140
  • poweredge_r7425
  • poweredge_mx840c_firmware
  • poweredge_c6525
  • poweredge_r6515
  • poweredge_r540
  • poweredge_r740xd_firmware
  • poweredge_r6415_firmware
  • poweredge_r440_firmware
  • poweredge_m640p_firmware
  • poweredge_t340
  • poweredge_r7415
  • poweredge_c6420
  • poweredge_mx840c
  • poweredge_r340_firmware
  • poweredge_c6420_firmware
  • poweredge_xr2
  • poweredge_r740xd
  • poweredge_t440
  • poweredge_r740_firmware
  • poweredge_r640_firmware
  • poweredge_m640
  • poweredge_r7415_firmware
  • poweredge_r6515_firmware
  • poweredge_r940
  • poweredge_r240
  • poweredge_r740xd2
  • poweredge_r7515
  • poweredge_r7425_firmware
  • poweredge_m640_firmware
  • poweredge_m640p
  • poweredge_t640_firmware
  • poweredge_t140
  • poweredge_t340_firmware
  • poweredge_r6525
  • poweredge_t440_firmware
  • poweredge_mx740c_firmware
  • poweredge_t640
  • poweredge_r7525
  • poweredge_c6525_firmware
  • poweredge_t140_firmware
  • poweredge_r840
  • poweredge_r740
  • poweredge_r940_firmware
  • poweredge_r7525_firmware
  • poweredge_fc640
  • poweredge_r740xd2_firmware
  • poweredge_fc640_firmware
  • poweredge_mx740c
  • poweredge_r7515_firmware
  • poweredge_r240_firmware
  • poweredge_r540_firmware
  • poweredge_r6525_firmware
CWE
CWE-20

Improper Input Validation

CWE-125

Out-of-bounds Read