1. CVE-Search
  2. CVE-2021-21555
ID CVE-2021-21555
Summary Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a heap-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.
References
Vulnerable Configurations
  • cpe:2.3:o:dell:poweredge_r640_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:poweredge_r640_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:dell:poweredge_r640_firmware:2.9.4:*:*:*:*:*:*:*
    cpe:2.3:o:dell:poweredge_r640_firmware:2.9.4:*:*:*:*:*:*:*
  • cpe:2.3:h:dell:poweredge_r640:-:*:*:*:*:*:*:*
    cpe:2.3:h:dell:poweredge_r640:-:*:*:*:*:*:*:*
  • cpe:2.3:o:dell:poweredge_r740_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:poweredge_r740_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:dell:poweredge_r740_firmware:2.9.4:*:*:*:*:*:*:*
    cpe:2.3:o:dell:poweredge_r740_firmware:2.9.4:*:*:*:*:*:*:*
  • cpe:2.3:h:dell:poweredge_r740:-:*:*:*:*:*:*:*
    cpe:2.3:h:dell:poweredge_r740:-:*:*:*:*:*:*:*
  • cpe:2.3:o:dell:poweredge_r740xd_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:poweredge_r740xd_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:dell:poweredge_r740xd_firmware:2.9.4:*:*:*:*:*:*:*
    cpe:2.3:o:dell:poweredge_r740xd_firmware:2.9.4:*:*:*:*:*:*:*
  • cpe:2.3:h:dell:poweredge_r740xd:-:*:*:*:*:*:*:*
    cpe:2.3:h:dell:poweredge_r740xd:-:*:*:*:*:*:*:*
  • cpe:2.3:o:dell:poweredge_r940_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:poweredge_r940_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:dell:poweredge_r940_firmware:2.9.4:*:*:*:*:*:*:*
    cpe:2.3:o:dell:poweredge_r940_firmware:2.9.4:*:*:*:*:*:*:*
  • cpe:2.3:h:dell:poweredge_r940:-:*:*:*:*:*:*:*
    cpe:2.3:h:dell:poweredge_r940:-:*:*:*:*:*:*:*
  • cpe:2.3:o:dell:poweredge_r840_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:poweredge_r840_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:dell:poweredge_r840_firmware:2.9.4:*:*:*:*:*:*:*
    cpe:2.3:o:dell:poweredge_r840_firmware:2.9.4:*:*:*:*:*:*:*
  • cpe:2.3:h:dell:poweredge_r840:-:*:*:*:*:*:*:*
    cpe:2.3:h:dell:poweredge_r840:-:*:*:*:*:*:*:*
  • cpe:2.3:o:dell:poweredge_r940xa_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:poweredge_r940xa_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:dell:poweredge_r940xa_firmware:2.9.4:*:*:*:*:*:*:*
    cpe:2.3:o:dell:poweredge_r940xa_firmware:2.9.4:*:*:*:*:*:*:*
  • cpe:2.3:h:dell:poweredge_r940xa:-:*:*:*:*:*:*:*
    cpe:2.3:h:dell:poweredge_r940xa:-:*:*:*:*:*:*:*
  • cpe:2.3:o:dell:poweredge_t640_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:poweredge_t640_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dell:poweredge_t640:-:*:*:*:*:*:*:*
    cpe:2.3:h:dell:poweredge_t640:-:*:*:*:*:*:*:*
  • cpe:2.3:o:dell:poweredge_mx740c_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:poweredge_mx740c_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:dell:poweredge_mx740c_firmware:2.9.4:*:*:*:*:*:*:*
    cpe:2.3:o:dell:poweredge_mx740c_firmware:2.9.4:*:*:*:*:*:*:*
  • cpe:2.3:h:dell:poweredge_mx740c:-:*:*:*:*:*:*:*
    cpe:2.3:h:dell:poweredge_mx740c:-:*:*:*:*:*:*:*
  • cpe:2.3:o:dell:poweredge_mx840c_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:poweredge_mx840c_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:dell:poweredge_mx840c_firmware:2.9.4:*:*:*:*:*:*:*
    cpe:2.3:o:dell:poweredge_mx840c_firmware:2.9.4:*:*:*:*:*:*:*
  • cpe:2.3:h:dell:poweredge_mx840c:-:*:*:*:*:*:*:*
    cpe:2.3:h:dell:poweredge_mx840c:-:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 23-06-2021 - 18:21)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
Last major update 23-06-2021 - 18:21
Published 14-06-2021 - 19:15
Last modified 23-06-2021 - 18:21
Back to Top