Pierluigi Paganini May 04, 2021

American multinational computer technology giant Dell addresses a 12-year-old driver flaw, tracked as CVE-2021-21551, impacting millions of computers.

Hundreds of millions of Dell computers worldwide are affected by a 12-year-old vulnerability, tracked as CVE-2021-21551, that affects Dell DBUtil driver. The flaw affects version 2.3 of the Dell BIOS driver, it is one of a series of escalate privileges issues discovered by researchers from SentinelLabs.

The vulnerabilities could be exploited by attackers to access driver functions and execute malicious code with kernel-mode privileges.

An attacker who gained a foothold in the target system could exploit this bug to escalate privilege and take over it, then perform lateral movement within the target network

“These multiple high severity vulnerabilities in Dell software could allow attackers to escalate privileges from a non-administrator user to kernel mode privileges. Over the years, Dell has released BIOS update utilities which contain the vulnerable driver for hundreds of millions of computers (including desktops, laptops, notebooks, and tablets) worldwide.” reads the analysis published by SentinelOne.

Below the list of vulnerabilities reported by the experts:

• CVE-2021-21551: Local Elevation Of Privileges #1 – Memory corruption
• CVE-2021-21551: Local Elevation Of Privileges #2 – Memory corruption
• CVE-2021-21551: Local Elevation Of Privileges #3 – Lack of input validation
• CVE-2021-21551: Local Elevation Of Privileges #4 – Lack of input validation
• CVE-2021-21551: Denial Of Service – Code logic issue

“The high severity flaws could allow any user on the computer, even without privileges, to escalate their privileges and run code in kernel mode. Among the obvious abuses of such vulnerabilities are that they could be used to bypass security products.” continues SentinelLabs.

“An attacker with access to an organization’s network may also gain access to execute code on unpatched Dell systems and use this vulnerability to gain local elevation of privilege.”

The vulnerabilities were initially reported to Dell in December 2020 which addressed the flaws.

Administrators should install the Dell DBUtil updates as soon as possible.

The experts also published a video PoC to demonstrate the first LPE due to memory corruption.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, Dell DBUtil)

[adrotate banner=”5″]

[adrotate banner=”13″]