May 15, 2021

Dell BIOS Driver Vulnerability (Updated)

Remember Dell BIOS Driver Vulnerability that posted 10 days ago? The vuln risk score was 18.52, and now it is 16.68 (downgraded). 

What's new?

A metasploit module (POC) has been released; CVSS3 has also been downgraded from 8.8 to 7.8. 

Below is the latest threat intelligence (new interface). 🙈🙉🙊

└─$ ./kvi-cli.py -v cve 2021-21551 -cz


 [*] Searching cve-[['2021-21551']] vulnerability definitions within Kenna.VI+....


[ CVE Description ]
 [*] CVE_ID : CVE-2021-21551
 [_] Desc   : Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.

[ Kenna.VM Summary ]
 [*] Vuln Risk              : 16.6855
 [*] Easily_Exploit         : True
 [*] Malware_Exploit        : False
 [*] Popular_Target         : False
 [*] Active_Internet_Breach : False

[ Kenna.VI+ ]
 [*] Successful_Exploitations  : 0
 [*] Velocity (D/W/M)          : 0/0/0
 [*] Daily_Trend               : holding
 [*] Pre_NVD                   : True [_FALSE_]
 [*] RCE                       : True [_FALSE_]
 [*] Predicted_Exploitable     : False (0.2411% confidence)

[ Kenna.VI+ Details ]
 [_] Created_at    : 2021-01-04T18:00:05Z
 [_] Published     : 2021-05-04T16:15:00Z
 [_] Last_Modified : 2021-05-10T21:10:00Z

[ Links / References ]
 [*] Malware sample : 0
 [_] Exploits/POC [1]:
     [ --> ]   created_at : 2021-05-15T06:00:18Z
     [ --> ]  external_id : exploit/windows/local/cve_2021_21551_dbutil_memmove
     [ --> ]         name : Dell DBUtil_2_3.sys IOCTL memmove
     [ --> ]          url : http://www.rapid7.com/db/modules/exploit/windows/local/cve_2021_21551_dbutil_memmove

 [_] Fixes [1]:
     [ --> ]  external_id : dell-driver-cve-2021-21551-dsa-2021-088
     [ --> ]          url : None
     [ --> ]      product : None
     [ --> ] published_at : 2021-05-04T00:00:00Z

 [_] Threat Actors [0]:
     [ --> ] None

[ CVSS2 / CVSS3  Details ]

                | Impact  |   |                | CVSS_Access
================+=========+===+================+==============
   Availability | Partial |   |     Complexity | Low
Confidentiality | Partial |   |         Vector | Local access
      Integrity | Partial |   | Authentication | None required

              |                                   CVSS_V2 |                                                    CVSS_V3
==============+===========================================+===========================================================
   Base Score |                                     4.600 |                                                      7.800
Exploit_Score |                                     3.900 |                                                      1.800
 Impact_Score |                                     6.400 |                                                      5.900
     Temporal |                                     3.400 |                                                       None
       Vector | AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

[ Others ]
 [*] Vulnerable Products [1] :
     [ --> ] cpe:2.3:a:dell:dbutil_2_3.sys:-:*:*:*:*:*:*:*


[ CVE Malware Family Info : None ]

[ CVE Chatter Info : None ]

[ CVE History : CVE-2021-21551 ]
 [*] ID              : 2930594
 [*] Vuln Risk Score : 17
 [*] History         : 2

   [**] changed_at : 2021-05-05T04:14:52.000Z
   [**]       from : 25
   [**]         to : 19

   [**] changed_at : 2021-05-11T04:03:25.000Z
   [**]       from : 19
   [**]         to : 17

[ High_Profile_Vulnerability ]
 [!!!]   CVE-2021-21551 (16.6855) : ['hpv_poc']


 ** [5] threads completed [4 tasks] / [2.23 KB] within [3.98 sec].