May 5, 2021

Dell BIOS Driver Vulnerability (12 years old)

 ─$ ./kvi-cli.py cve 2021-21551 -crsz


 [*] Searching cve-[['2021-21551']] vulnerability definitions within Kenna.VI+....


[ CVE Description ]
 [*] CVE_ID   : CVE-2021-21551
 [*] CVE_Desc : Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.

 [*] Vuln_Risk          : 18.5296
 [*] Exploited [Trend]  : 0 [holding]
 [*] Exploit/likelihood : False [0.1583% confidence]
 [*] C:2021-01-04 / P:2021-05-04 / L:2021-05-04

[ Links / References ]
 [*] Exploits :
     [ --> ] None
 [*] Fixes :
     [ --> ] None
 [*] Malware :
     [ --> ] None
 [*] Threat Actors :
     [ --> ] None
 [*] CVSS 2.0 [Base/Exploit/Impact/Temporal] : AV:L/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C [ 6.8/3.1/10.0/5.0 ]
 [*] CVSS 3.0 [Base/Exploit/Impact/Temporal] : CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C [ 8.8/None/None/7.7 ]

 [*] Malware Family Info : None

 [!] chatter : None [no infomration available]


[ CVE History : CVE-2021-21551 ]
 [*] ID              : 2930594
 [*] Vuln Risk Score : 19
 [*] History         : 1

[ High_Profile_Vulnerability ]
 [!!!]   CVE-2021-21551 : [  18.53 ] []


 ** [5] threads completed [4 tasks] / [1.79 KB] within [10.30 sec].