Search

Find a vulnerability

Search criteria

    5 vulnerabilities found for dbutil by Dell

    VAR-202105-0569

    Vulnerability from variot - Updated: 2025-11-18 13:04

    Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. DELL Dell dbutil Driver is an application software of Dell (DELL). Provides a driver for Dell devices. The following products and versions are affected: DBUtil: 2.3

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202105-0569",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "dbutil",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dell",
            "version": "2.3"
          },
          {
            "model": "dbutil 2 3.sys",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30c7\u30eb",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-006336"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21551"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Paolo Stagno",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202105-124"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2021-21551",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-21551",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "VHN-379955",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2021-21551",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "security_alert@emc.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.0,
                "id": "CVE-2021-21551",
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-21551",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-21551",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "security_alert@emc.com",
                "id": "CVE-2021-21551",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-21551",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202104-975",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202105-124",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-379955",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-21551",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-379955"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21551"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202105-124"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-006336"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21551"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21551"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. DELL Dell dbutil Driver is an application software of Dell (DELL). Provides a driver for Dell devices. The following products and versions are affected: DBUtil: 2.3",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-21551"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-006336"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "VULHUB",
            "id": "VHN-379955"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21551"
          }
        ],
        "trust": 2.34
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-379955",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-379955"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-21551",
            "trust": 3.4
          },
          {
            "db": "PACKETSTORM",
            "id": "162604",
            "trust": 2.5
          },
          {
            "db": "PACKETSTORM",
            "id": "162739",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-006336",
            "trust": 0.8
          },
          {
            "db": "EXPLOIT-DB",
            "id": "49893",
            "trust": 0.7
          },
          {
            "db": "CS-HELP",
            "id": "SB2021041363",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6
          },
          {
            "db": "CXSECURITY",
            "id": "WLB-2021050083",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021050502",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202105-124",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-379955",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21551",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-379955"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21551"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202105-124"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-006336"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21551"
          }
        ]
      },
      "id": "VAR-202105-0569",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-379955"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-11-18T13:04:12.453000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "DSA-2021-088",
            "trust": 0.8,
            "url": "https://www.dell.com/support/kbdoc/en-us/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability"
          },
          {
            "title": "Dell dbutil Driver Remediation measures for authorization problem vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=149155"
          },
          {
            "title": "CVE-2021-21551",
            "trust": 0.1,
            "url": "https://github.com/ch3rn0byl/CVE-2021-21551 "
          },
          {
            "title": "Blue Team Notes\nShell Style\nWindows\nLinux\nMacOS\nMalware\ntidying up\nSOC\nHoneypots\nNetwork Traffic\nAdd\nDigital Forensics",
            "trust": 0.1,
            "url": "https://github.com/ayann01/Codename-Team-Blue "
          },
          {
            "title": "Blue Team Notes\nShell Style\nWindows\nLinux\nmacOS\nMalware\ntidying up\nSOC\nHoneypots\nNetwork Traffic\nAdd\nDigital Forensics",
            "trust": 0.1,
            "url": "https://github.com/Purp1eW0lf/Blue-Team-Notes "
          },
          {
            "title": "CVE-2021-21551",
            "trust": 0.1,
            "url": "https://github.com/waldo-irc/CVE-2021-21551 "
          },
          {
            "title": "Blue Team Notes\nShell Style\nWindows\nLinux\nmacOS\nMalware\ntidying up\nSOC\nHoneypots\nNetwork Traffic\nAdd\nDigital Forensics",
            "trust": 0.1,
            "url": "https://github.com/Mirko76/Blue-Team-Notes "
          },
          {
            "title": "DbUtilAx",
            "trust": 0.1,
            "url": "https://github.com/mzakocs/CVE-2021-21551-POC "
          },
          {
            "title": "Dell Driver EoP (CVE-2021-21551)",
            "trust": 0.1,
            "url": "https://github.com/ihack4falafel/Dell-Driver-EoP-CVE-2021-21551 "
          },
          {
            "title": "Blue Team Notes\nShell Style\nWindows\nLinux\nMacOS\nMalware\ntidying up\nSOC\nHoneypots\nNetwork Traffic\nAdd\nDigital Forensics",
            "trust": 0.1,
            "url": "https://github.com/edsonjt81/-Blue-Team-Notes "
          },
          {
            "title": "Blue Team Notes\nShell Style\nWindows\nLinux\nMacOS\nMalware\ntidying up\nSOC\nHoneypots\nNetwork Traffic\nAdd\nDigital Forensics",
            "trust": 0.1,
            "url": "https://github.com/bleszily/My_BlueTeam_Notes "
          },
          {
            "title": "aws-sdk-s3-myapp",
            "trust": 0.1,
            "url": "https://github.com/ashburndev/aws-sdk-s3-myapp "
          },
          {
            "title": "Policies",
            "trust": 0.1,
            "url": "https://github.com/fsctcommunity/Policies "
          },
          {
            "title": "https://github.com/tijme/kernel-mii",
            "trust": 0.1,
            "url": "https://github.com/tijme/kernel-mii "
          },
          {
            "title": "CVE-2021-21551",
            "trust": 0.1,
            "url": "https://github.com/houseofxyz/CVE-2021-21551 "
          },
          {
            "title": "Description\nUsage - Remote version\nUsage - Local version",
            "trust": 0.1,
            "url": "https://github.com/arnaudluti/PS-CVE-2021-21551 "
          },
          {
            "title": "CVE-2021-21551",
            "trust": 0.1,
            "url": "https://github.com/mathisvickie/CVE-2021-21551 "
          },
          {
            "title": "Artichoke Consulting",
            "trust": 0.1,
            "url": "https://github.com/SyncroScripting/Artichoke_Consulting "
          },
          {
            "title": "Blue Team Notes\nShell Style\nWindows\nLinux\nMacOS\nMalware\ntidying up\nSOC\nHoneypots\nNetwork Traffic\nAdd\nDigital Forensics",
            "trust": 0.1,
            "url": "https://github.com/hack-parthsharma/Blue-Team-Notes "
          },
          {
            "title": "CVE-2021-21551\nDescription",
            "trust": 0.1,
            "url": "https://github.com/nanabingies/CVE-2021-21551 "
          },
          {
            "title": "BofAllTheThings",
            "trust": 0.1,
            "url": "https://github.com/N7WEra/BofAllTheThings "
          },
          {
            "title": "PoshDellDBUtil - 0.2.0",
            "trust": 0.1,
            "url": "https://github.com/Kinsiinoo/PoshDellDBUtil "
          },
          {
            "title": "Blue Team Notes\nShell Style\nWindows\nLinux\nMacOS\nMalware\ntidying up\nSOC\nHoneypots\nNetwork Traffic\nAdd\nDigital Forensics",
            "trust": 0.1,
            "url": "https://github.com/cyb3rpeace/Blue-Team-Notes "
          },
          {
            "title": "Windows-Exploits",
            "trust": 0.1,
            "url": "https://github.com/xct/windows-kernel-exploits "
          },
          {
            "title": "Kernel-Cactus\nDescription\nPre - Reqs\nDisclaimer\nOffsets\nUsage\nAuthors\nTODO\nHonorable Mentions",
            "trust": 0.1,
            "url": "https://github.com/SpikySabra/Kernel-Cactus "
          },
          {
            "title": "Awesome CobaltStrike",
            "trust": 0.1,
            "url": "https://github.com/fei9747/Awesome-CobaltStrike "
          },
          {
            "title": "KDU\nPurpose and Features\nCurrently Supported Providers\nHow it work\nShellcode versions\nBuild and Notes\nUtils and Notes\nReporting bugs and incompatibilities\nDisclaimer\nThird party code usage\nReferences\nWormhole drivers code\nAuthors",
            "trust": 0.1,
            "url": "https://github.com/sl4v3k/KDU "
          },
          {
            "title": "KDU\nPurpose and Features\nCurrently Supported Providers\nHow it work\nShellcode versions\nBuild and Notes\nUtils and Notes\nReporting bugs and incompatibilities\nDisclaimer\nThird party code usage\nReferences\nWormhole drivers code\nAuthors",
            "trust": 0.1,
            "url": "https://github.com/h4rmy/KDU "
          },
          {
            "title": "What is this\nKDU\nPurpose and Features\nCurrently Supported Providers\nHow it work\nShellcode versions\nBuild\nUtils and Notes\nDisclaimer\nThird party code usage\nReferences\nWormhole drivers code\nAuthors",
            "trust": 0.1,
            "url": "https://github.com/474172261/KDU "
          },
          {
            "title": "https://github.com/CaledoniaProject/drivers-binaries",
            "trust": 0.1,
            "url": "https://github.com/CaledoniaProject/drivers-binaries "
          },
          {
            "title": "Awesome CobaltStrike",
            "trust": 0.1,
            "url": "https://github.com/zer0yu/Awesome-CobaltStrike "
          },
          {
            "title": "UPDATE\nKMAC\nCVEs",
            "trust": 0.1,
            "url": "https://github.com/mathisvickie/KMAC "
          },
          {
            "title": "awesome-game-security",
            "trust": 0.1,
            "url": "https://github.com/gmh5225/awesome-game-security "
          },
          {
            "title": "KDU\nPurpose and Features\nSupported Providers\nKDU provider details, alternatives are available\nHow it work\nShellcode versions\nBuild and Notes\nUtils and Notes\nReporting bugs and incompatibilities\nDisclaimer\nThird party code usage\nReferences\nWormhole drivers code\nAuthors",
            "trust": 0.1,
            "url": "https://github.com/hfiref0x/KDU "
          },
          {
            "title": "writeups about analysis CVEs and Exploits on the Windows\n2022\n2021\n2019\n2018\n2015",
            "trust": 0.1,
            "url": "https://github.com/Creamy-Chicken-Soup/writeups-about-analysis-CVEs-and-Exploits-on-the-Windows "
          },
          {
            "title": "Awesome Stars",
            "trust": 0.1,
            "url": "https://github.com/taielab/awesome-hacking-lists "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-21551"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202105-124"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-006336"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-782",
            "trust": 1.0
          },
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          },
          {
            "problemtype": "Bad authentication (CWE-863) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-006336"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21551"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "http://packetstormsecurity.com/files/162604/dell-dbutil_2_3.sys-ioctl-memory-read-write.html"
          },
          {
            "trust": 2.3,
            "url": "http://packetstormsecurity.com/files/162739/dell-dbutil_2_3.sys-2.3-arbitrary-write-privilege-escalation.html"
          },
          {
            "trust": 1.7,
            "url": "https://www.dell.com/support/kbdoc/en-us/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21551"
          },
          {
            "trust": 1.0,
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2021-21551"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
          },
          {
            "trust": 0.6,
            "url": "https://www.exploit-db.com/exploits/49893"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021050502"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/issue/wlb-2021050083"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-379955"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202105-124"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-006336"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21551"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-379955"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21551"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202105-124"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-006336"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21551"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-05-04T00:00:00",
            "db": "VULHUB",
            "id": "VHN-379955"
          },
          {
            "date": "2021-05-04T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21551"
          },
          {
            "date": "2021-04-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "date": "2021-05-04T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202105-124"
          },
          {
            "date": "2022-01-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-006336"
          },
          {
            "date": "2021-05-04T16:15:07.867000",
            "db": "NVD",
            "id": "CVE-2021-21551"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-14T00:00:00",
            "db": "VULHUB",
            "id": "VHN-379955"
          },
          {
            "date": "2023-10-05T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21551"
          },
          {
            "date": "2021-04-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "date": "2022-07-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202105-124"
          },
          {
            "date": "2022-01-05T07:41:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-006336"
          },
          {
            "date": "2025-10-28T14:05:36.670000",
            "db": "NVD",
            "id": "CVE-2021-21551"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202105-124"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dell\u00a0dbutil_2_3.sys\u00a0 Driver fraudulent authentication vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-006336"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202105-124"
          }
        ],
        "trust": 1.2
      }
    }

    CVE-2021-36276 (GCVE-0-2021-36276)

    Vulnerability from nvd – Published: 2021-08-09 21:05 – Updated: 2024-09-17 02:42
    VLAI
    Summary
    Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell dbutil Affected: 2.5, 2.6
    Create a notification for this product.
    Date Public
    2021-08-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:54:50.767Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000190105/dsa-2021-152-dell-client-platform-security-update-for-an-insufficient-access-control-vulnerability-in-the-dell-dbutildrv2-sys-driver"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "dbutil",
              "vendor": "Dell",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.5, 2.6"
                }
              ]
            }
          ],
          "datePublic": "2021-08-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285: Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-08-09T21:05:32.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000190105/dsa-2021-152-dell-client-platform-security-update-for-an-insufficient-access-control-vulnerability-in-the-dell-dbutildrv2-sys-driver"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@dell.com",
              "DATE_PUBLIC": "2021-08-02",
              "ID": "CVE-2021-36276",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "dbutil",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "2.5, 2.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.8,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-285: Improper Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dell.com/support/kbdoc/en-us/000190105/dsa-2021-152-dell-client-platform-security-update-for-an-insufficient-access-control-vulnerability-in-the-dell-dbutildrv2-sys-driver",
                  "refsource": "MISC",
                  "url": "https://www.dell.com/support/kbdoc/en-us/000190105/dsa-2021-152-dell-client-platform-security-update-for-an-insufficient-access-control-vulnerability-in-the-dell-dbutildrv2-sys-driver"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2021-36276",
        "datePublished": "2021-08-09T21:05:33.040Z",
        "dateReserved": "2021-07-08T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:42:58.797Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-21551 (GCVE-0-2021-21551)

    Vulnerability from nvd – Published: 2021-05-04 15:15 – Updated: 2025-10-21 23:25
    VLAI CISA KEVIntel
    Summary
    Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-782 - Exposed IOCTL with Insufficient Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Dell dbutil Affected: 2.3
    Create a notification for this product.
    Date Public
    2021-05-03 18:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:16:22.923Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/162604/Dell-DBUtil_2_3.sys-IOCTL-Memory-Read-Write.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/162739/DELL-dbutil_2_3.sys-2.3-Arbitrary-Write-Privilege-Escalation.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-21551",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T12:41:16.782641Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-03-31",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21551"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:25:47.458Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21551"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-03-31T00:00:00.000Z",
                "value": "CVE-2021-21551 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "dbutil",
              "vendor": "Dell",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.3"
                }
              ]
            }
          ],
          "datePublic": "2021-05-03T18:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.\u003c/p\u003e"
                }
              ],
              "value": "Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-782",
                  "description": "CWE-782: Exposed IOCTL with Insufficient Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-05T05:21:14.199Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/162604/Dell-DBUtil_2_3.sys-IOCTL-Memory-Read-Write.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/162739/DELL-dbutil_2_3.sys-2.3-Arbitrary-Write-Privilege-Escalation.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@dell.com",
              "DATE_PUBLIC": "2021-05-04",
              "ID": "CVE-2021-21551",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "dbutil",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "2.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.8,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-285: Improper Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dell.com/support/kbdoc/en-us/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability",
                  "refsource": "MISC",
                  "url": "https://www.dell.com/support/kbdoc/en-us/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability"
                },
                {
                  "name": "http://packetstormsecurity.com/files/162604/Dell-DBUtil_2_3.sys-IOCTL-Memory-Read-Write.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/162604/Dell-DBUtil_2_3.sys-IOCTL-Memory-Read-Write.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/162739/DELL-dbutil_2_3.sys-2.3-Arbitrary-Write-Privilege-Escalation.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/162739/DELL-dbutil_2_3.sys-2.3-Arbitrary-Write-Privilege-Escalation.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2021-21551",
        "datePublished": "2021-05-04T15:15:21.388Z",
        "dateReserved": "2021-01-04T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:25:47.458Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-36276 (GCVE-0-2021-36276)

    Vulnerability from cvelistv5 – Published: 2021-08-09 21:05 – Updated: 2024-09-17 02:42
    VLAI
    Summary
    Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell dbutil Affected: 2.5, 2.6
    Create a notification for this product.
    Date Public
    2021-08-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:54:50.767Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000190105/dsa-2021-152-dell-client-platform-security-update-for-an-insufficient-access-control-vulnerability-in-the-dell-dbutildrv2-sys-driver"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "dbutil",
              "vendor": "Dell",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.5, 2.6"
                }
              ]
            }
          ],
          "datePublic": "2021-08-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285: Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-08-09T21:05:32.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000190105/dsa-2021-152-dell-client-platform-security-update-for-an-insufficient-access-control-vulnerability-in-the-dell-dbutildrv2-sys-driver"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@dell.com",
              "DATE_PUBLIC": "2021-08-02",
              "ID": "CVE-2021-36276",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "dbutil",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "2.5, 2.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.8,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-285: Improper Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dell.com/support/kbdoc/en-us/000190105/dsa-2021-152-dell-client-platform-security-update-for-an-insufficient-access-control-vulnerability-in-the-dell-dbutildrv2-sys-driver",
                  "refsource": "MISC",
                  "url": "https://www.dell.com/support/kbdoc/en-us/000190105/dsa-2021-152-dell-client-platform-security-update-for-an-insufficient-access-control-vulnerability-in-the-dell-dbutildrv2-sys-driver"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2021-36276",
        "datePublished": "2021-08-09T21:05:33.040Z",
        "dateReserved": "2021-07-08T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:42:58.797Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-21551 (GCVE-0-2021-21551)

    Vulnerability from cvelistv5 – Published: 2021-05-04 15:15 – Updated: 2025-10-21 23:25
    VLAI CISA KEVIntel
    Summary
    Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-782 - Exposed IOCTL with Insufficient Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Dell dbutil Affected: 2.3
    Create a notification for this product.
    Date Public
    2021-05-03 18:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:16:22.923Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/162604/Dell-DBUtil_2_3.sys-IOCTL-Memory-Read-Write.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/162739/DELL-dbutil_2_3.sys-2.3-Arbitrary-Write-Privilege-Escalation.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-21551",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T12:41:16.782641Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-03-31",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21551"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:25:47.458Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21551"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-03-31T00:00:00.000Z",
                "value": "CVE-2021-21551 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "dbutil",
              "vendor": "Dell",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.3"
                }
              ]
            }
          ],
          "datePublic": "2021-05-03T18:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.\u003c/p\u003e"
                }
              ],
              "value": "Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-782",
                  "description": "CWE-782: Exposed IOCTL with Insufficient Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-05T05:21:14.199Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/162604/Dell-DBUtil_2_3.sys-IOCTL-Memory-Read-Write.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/162739/DELL-dbutil_2_3.sys-2.3-Arbitrary-Write-Privilege-Escalation.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@dell.com",
              "DATE_PUBLIC": "2021-05-04",
              "ID": "CVE-2021-21551",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "dbutil",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "2.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 8.8,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-285: Improper Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dell.com/support/kbdoc/en-us/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability",
                  "refsource": "MISC",
                  "url": "https://www.dell.com/support/kbdoc/en-us/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability"
                },
                {
                  "name": "http://packetstormsecurity.com/files/162604/Dell-DBUtil_2_3.sys-IOCTL-Memory-Read-Write.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/162604/Dell-DBUtil_2_3.sys-IOCTL-Memory-Read-Write.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/162739/DELL-dbutil_2_3.sys-2.3-Arbitrary-Write-Privilege-Escalation.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/162739/DELL-dbutil_2_3.sys-2.3-Arbitrary-Write-Privilege-Escalation.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2021-21551",
        "datePublished": "2021-05-04T15:15:21.388Z",
        "dateReserved": "2021-01-04T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:25:47.458Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }