CVE-2021-21555 - Vulnerability Details

Vendors	Products
Dell	Poweredge Mx740c Poweredge Mx740c Firmware Poweredge Mx840c Poweredge Mx840c Firmware Poweredge R640 Poweredge R640 Firmware Poweredge R740 Poweredge R740 Firmware Poweredge R740xd Poweredge R740xd Firmware Poweredge R840 Poweredge R840 Firmware Poweredge R940 Poweredge R940 Firmware Poweredge R940xa Poweredge R940xa Firmware Poweredge T640 Poweredge T640 Firmware

Link	Providers
https://www.dell.com/support/kbdoc/000187958

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "PowerEdge BIOS Intel 15G", "vendor": "Dell", "versions": [{"lessThan": "2.11.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2021-06-08T00:00:00", "descriptions": [{"lang": "en", "value": "Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a heap-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-06-14T19:10:15", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.dell.com/support/kbdoc/000187958"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@dell.com", "DATE_PUBLIC": "2021-06-08", "ID": "CVE-2021-21555", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "PowerEdge BIOS Intel 15G", "version": {"version_data": [{"version_affected": "<", "version_value": "2.11.2"}]}}]}, "vendor_name": "Dell"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a heap-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment."}]}, "impact": {"cvss": {"baseScore": 6.1, "baseSeverity": "Medium", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-122: Heap-based Buffer Overflow"}]}]}, "references": {"reference_data": [{"name": "https://www.dell.com/support/kbdoc/000187958", "refsource": "MISC", "url": "https://www.dell.com/support/kbdoc/000187958"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:16:22.970Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.dell.com/support/kbdoc/000187958"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2021-21555", "datePublished": "2021-06-14T19:10:15.341153Z", "dateReserved": "2021-01-04T00:00:00", "dateUpdated": "2024-09-16T22:29:57.065Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : PowerEdge BIOS Intel 15G (string)

vendor : Dell (string)

versions : [ »

0 : { »

lessThan : 2.11.2 (string)

status : affected (string)

version : unspecified (string)

versionType : custom (string)

}

]

}

]

datePublic : 2021-06-08T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a heap-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment. (string)

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : LOW (string)

baseScore : 6.1 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L (string)

version : 3.1 (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-122 (string)

description : CWE-122: Heap-based Buffer Overflow (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2021-06-14T19:10:15 (string)

orgId : c550e75a-17ff-4988-97f0-544cde3820fe (string)

shortName : dell (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.dell.com/support/kbdoc/000187958 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : secure@dell.com (string)

DATE_PUBLIC : 2021-06-08 (string)

ID : CVE-2021-21555 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : PowerEdge BIOS Intel 15G (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_value : 2.11.2 (string)

}

]

}

]

}

vendor_name : Dell (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a heap-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment. (string)

}

]

}

impact : { »

cvss : { »

baseScore : 6.1 (number)

baseSeverity : Medium (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L (string)

version : 3.1 (string)

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : CWE-122: Heap-based Buffer Overflow (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://www.dell.com/support/kbdoc/000187958 (string)

refsource : MISC (string)

url : https://www.dell.com/support/kbdoc/000187958 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T18:16:22.970Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.dell.com/support/kbdoc/000187958 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : c550e75a-17ff-4988-97f0-544cde3820fe (string)

assignerShortName : dell (string)

cveId : CVE-2021-21555 (string)

datePublished : 2021-06-14T19:10:15.341153Z (string)

dateReserved : 2021-01-04T00:00:00 (string)

dateUpdated : 2024-09-16T22:29:57.065Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_r640_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6D7153C-E15D-4041-B45F-207DEB0B13AE", "versionEndExcluding": "2.11.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_r640:-:*:*:*:*:*:*:*", "matchCriteriaId": "81416C16-D7FA-4165-BB0E-6458A4EA5AEE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_r740_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4502AE6D-BA6B-46AA-A214-99143272BA70", "versionEndExcluding": "2.11.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_r740:-:*:*:*:*:*:*:*", "matchCriteriaId": "DE562535-3D9B-4A82-AC0D-6A2225E63E8D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_r740xd_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3798FD8A-8A44-49F3-83E0-FD3D541DBCC2", "versionEndExcluding": "2.11.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_r740xd:-:*:*:*:*:*:*:*", "matchCriteriaId": "868ECD3F-77CD-4F5D-86E5-61689E4C5BA0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_r940_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CD596C2D-BA27-4ED0-BCF4-F9792AD3E358", "versionEndExcluding": "2.11.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_r940:-:*:*:*:*:*:*:*", "matchCriteriaId": "B581E1DE-4E94-49E5-B5CF-2A94B2570708", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_r840_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9E8EDAF7-4C73-49F5-840A-A3E3DD4ED72D", "versionEndExcluding": "2.11.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_r840:-:*:*:*:*:*:*:*", "matchCriteriaId": "E058B9C6-CD1C-42F5-8781-05450254E9E5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_r940xa_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F96E70D7-502B-42B9-8C50-30B685CC0E9E", "versionEndExcluding": "2.11.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_r940xa:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D143853-3D62-4AD7-B899-F726036A34D2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_t640_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E2AE262A-7389-4CB1-8A76-7B723563BEF6", "versionEndExcluding": "2.11.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_t640:-:*:*:*:*:*:*:*", "matchCriteriaId": "1DEC0235-DDA1-4EE4-B3F8-512F1B29AFC6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_mx740c_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6552B1DC-BA56-42BC-AC35-374C764F256E", "versionEndExcluding": "2.11.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_mx740c:-:*:*:*:*:*:*:*", "matchCriteriaId": "757039D5-60B9-40B0-B719-38E27409BDDE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:poweredge_mx840c_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "24D97615-28EC-4484-8E1E-BFB8EABE3284", "versionEndExcluding": "2.11.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:poweredge_mx840c:-:*:*:*:*:*:*:*", "matchCriteriaId": "E4305D0F-CB59-49D5-8D21-8ECC3342C36C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a heap-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment."}, {"lang": "es", "value": "Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, y T640 Server BIOS contienen una vulnerabilidad de desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria en sistemas con NVDIMM-N instalados. Un usuario local malicioso con privilegios elevados puede explotar potencialmente esta vulnerabilidad, conllevando a una denegaci\u00f3n de servicio, una ejecuci\u00f3n de c\u00f3digo arbitrario o una divulgaci\u00f3n de informaci\u00f3n en UEFI o BIOS Preboot Environment"}], "id": "CVE-2021-21555", "lastModified": "2024-11-21T05:48:35.320", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 0.6, "impactScore": 5.5, "source": "security_alert@emc.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-14T19:15:08.273", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/000187958"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/000187958"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "security_alert@emc.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:dell:poweredge_r640_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : C6D7153C-E15D-4041-B45F-207DEB0B13AE (string)

versionEndExcluding : 2.11.2 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:dell:poweredge_r640:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 81416C16-D7FA-4165-BB0E-6458A4EA5AEE (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:dell:poweredge_r740_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 4502AE6D-BA6B-46AA-A214-99143272BA70 (string)

versionEndExcluding : 2.11.2 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:dell:poweredge_r740:-:*:*:*:*:*:*:* (string)

matchCriteriaId : DE562535-3D9B-4A82-AC0D-6A2225E63E8D (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:dell:poweredge_r740xd_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 3798FD8A-8A44-49F3-83E0-FD3D541DBCC2 (string)

versionEndExcluding : 2.11.2 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:dell:poweredge_r740xd:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 868ECD3F-77CD-4F5D-86E5-61689E4C5BA0 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

3 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:dell:poweredge_r940_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : CD596C2D-BA27-4ED0-BCF4-F9792AD3E358 (string)

versionEndExcluding : 2.11.2 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:dell:poweredge_r940:-:*:*:*:*:*:*:* (string)

matchCriteriaId : B581E1DE-4E94-49E5-B5CF-2A94B2570708 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

4 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:dell:poweredge_r840_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 9E8EDAF7-4C73-49F5-840A-A3E3DD4ED72D (string)

versionEndExcluding : 2.11.2 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:dell:poweredge_r840:-:*:*:*:*:*:*:* (string)

matchCriteriaId : E058B9C6-CD1C-42F5-8781-05450254E9E5 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

5 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:dell:poweredge_r940xa_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : F96E70D7-502B-42B9-8C50-30B685CC0E9E (string)

versionEndExcluding : 2.11.2 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:dell:poweredge_r940xa:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 3D143853-3D62-4AD7-B899-F726036A34D2 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

6 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:dell:poweredge_t640_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : E2AE262A-7389-4CB1-8A76-7B723563BEF6 (string)

versionEndExcluding : 2.11.2 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:dell:poweredge_t640:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 1DEC0235-DDA1-4EE4-B3F8-512F1B29AFC6 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

7 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:dell:poweredge_mx740c_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 6552B1DC-BA56-42BC-AC35-374C764F256E (string)

versionEndExcluding : 2.11.2 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:dell:poweredge_mx740c:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 757039D5-60B9-40B0-B719-38E27409BDDE (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

8 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:dell:poweredge_mx840c_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 24D97615-28EC-4484-8E1E-BFB8EABE3284 (string)

versionEndExcluding : 2.11.2 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:dell:poweredge_mx840c:-:*:*:*:*:*:*:* (string)

matchCriteriaId : E4305D0F-CB59-49D5-8D21-8ECC3342C36C (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a heap-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment. (string)

}

1 : { »

lang : es (string)

value : Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, y T640 Server BIOS contienen una vulnerabilidad de desbordamiento del búfer en la región stack de la memoria en sistemas con NVDIMM-N instalados. Un usuario local malicioso con privilegios elevados puede explotar potencialmente esta vulnerabilidad, conllevando a una denegación de servicio, una ejecución de código arbitrario o una divulgación de información en UEFI o BIOS Preboot Environment (string)

}

]

id : CVE-2021-21555 (string)

lastModified : 2024-11-21T05:48:35.320 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : LOCAL (string)

authentication : NONE (string)

availabilityImpact : COMPLETE (string)

baseScore : 7.2 (number)

confidentialityImpact : COMPLETE (string)

integrityImpact : COMPLETE (string)

vectorString : AV:L/AC:L/Au:N/C:C/I:C/A:C (string)

version : 2.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 10 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : LOW (string)

baseScore : 6.1 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L (string)

version : 3.1 (string)

}

exploitabilityScore : 0.6 (number)

impactScore : 5.5 (number)

source : security_alert@emc.com (string)

type : Secondary (string)

}

1 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 6.7 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 0.8 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2021-06-14T19:15:08.273 (string)

references : [ »

0 : { »

source : security_alert@emc.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.dell.com/support/kbdoc/000187958 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.dell.com/support/kbdoc/000187958 (string)

}

]

sourceIdentifier : security_alert@emc.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-122 (string)

}

]

source : security_alert@emc.com (string)

type : Secondary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-787 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction Required

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction Required

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object