CVE-2021-21557

moderate-risk
Published 2021-06-14

Dell PowerEdge Server BIOS and select Dell Precision Rack BIOS contain an out-of-bounds array access vulnerability. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of service, arbitrary code execution, or information disclosure in System Management Mode.

Do I need to act?

-
0.02% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.1/10 High
LOCAL / LOW complexity

Affected Products (20)

Poweredge R640 Firmware
Poweredge R740 Firmware
Poweredge R740Xd Firmware
Poweredge R940 Firmware
Poweredge R540 Firmware
Poweredge R440 Firmware
Poweredge T440 Firmware
Poweredge Xr2 Firmware
Poweredge R740Xd2 Firmware
Poweredge R840 Firmware
Poweredge R940Xa Firmware
Poweredge T640 Firmware
Poweredge C6420 Firmware
Poweredge Fc640 Firmware
Poweredge M640 Firmware
Poweredge M640P Firmware
Poweredge Mx740C Firmware
Poweredge Mx840C Firmware
Poweredge C4140 Firmware
Poweredge T140 Firmware

Affected Vendors

Dell

References (2)

Patch https://www.dell.com/support/kbdoc/000187958
Patch https://www.dell.com/support/kbdoc/000187958
48
/ 100
moderate-risk
Severity 25/34 · High
Exploitability 0/34 · Minimal
Exposure 23/34 · High