Out-of-Bounds Array Access Vulnerability in Dell PowerEdge Server BIOS
CVE-2021-21557

8.1HIGH

Key Information:

Vendor: Dell
Status: Poweredge BiOS Intel 15g
Vendor: CVE Published:; 14 June 2021

What is CVE-2021-21557?

Dell PowerEdge Server BIOS and selected Precision Rack BIOS versions are affected by an out-of-bounds array access vulnerability. This weakness can be exploited by a local user with elevated privileges, potentially leading to significant security risks, including denial of service, unauthorized code execution, or sensitive information disclosure while operating in System Management Mode. Proper firmware updates and security practices are essential to mitigate these risks.

Affected Version(s)

PowerEdge BIOS Intel 15G < 2.11.2

References

https://www.dell.com/support/kbdoc/000187958

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 14, 2021
Vulnerability Reserved
Jan 4, 2021