Vulnerability identifier: #VU52877

Vulnerability risk: Low

CVSSv3.1: 8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N/E:H/RL:O/RC:C]

CVE-ID: CVE-2021-21551

CWE-ID: CWE-284

Exploitation vector: Local

Exploits in database: 10

• January 16, 2023
  • CVE-2021-21551 (Dell Driver EoP (CVE-2021-21551)) [Github]
• June 26, 2022
  • kernel-mii (Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.) [Github]
• September 5, 2021
  • Dell-Driver-EoP-CVE-2021-21551 (Dell Driver EoP (CVE-2021-21551)) [Github]
• July 19, 2021
  • CVE-2021-21551-POC (An extended proof-of-concept for the CVE-2021-21551 Dell ‘dbutil_2_3.sys’ Kernel Exploit) [Github]
• June 17, 2021
  • DELL dbutil_2_3.sys 2.3 - Arbitrary Write to Local Privilege Escalation (LPE) [Exploit-DB]
• May 30, 2021
  • PS-CVE-2021-21551 (Script to patch your domain computers about the CVE-2021-21551. Privesc on machines that have the driver dbutil_2_3.sys, installed by some DELL tools (BIOS updater, SupportAssist...)) [Github]
  • CVE-2021-21551 (arbitrary kernel read/write in dbutil_2_3.sys, Proof of Concept Local Privilege Escalation to nt authority/system) [Github]
• May 24, 2021
  • CVE-2021-21551 () [Github]
• May 14, 2021
  • Dell DBUtil_2_3.sys IOCTL memmove [Metasploit]
• May 13, 2021
  • CVE-2021-21551 (Exploit to SYSTEM for CVE-2021-21551) [Github]

Impact: Information disclosure and data manipulation

Vulnerable software:
DBUtil
Hardware solutions / Drivers

Vendor: Dell