Vulnerability Details : CVE-2021-36276
Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.
Vulnerability category: BypassGain privilegeDenial of serviceInformation leak
Products affected by CVE-2021-36276
- cpe:2.3:o:dell:dbutildrv2.sys_firmware:2.5:*:*:*:*:*:*:*
- cpe:2.3:o:dell:dbutildrv2.sys_firmware:2.6:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-36276
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-36276
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
2.0
|
6.0
|
Dell |
CWE ids for CVE-2021-36276
-
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.Assigned by: security_alert@emc.com (Secondary)
References for CVE-2021-36276
-
https://www.dell.com/support/kbdoc/en-us/000190105/dsa-2021-152-dell-client-platform-security-update-for-an-insufficient-access-control-vulnerability-in-the-dell-dbutildrv2-sys-driver
DSA-2021-152: Dell Client Platform Security Update for an Insufficient Access Control Vulnerability in the Dell DBUtilDrv2.sys Driver | Dell NederlandPatch;Vendor Advisory
Jump to