Vulnerability detail
Enriched intelligence for a single CVE
High
CVE-2021-21551
PUBLISHEDDell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or...
- Vendor
- Dell
- Product
- dbutil
- Published
- May 04, 2021
- EPSS
- —
Description
Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.
CVSS scores
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Exploitation status
Exploited in the wild
Recorded 2022-03-31 00:00:00 UTC · Source
SSVC decision points
- Exploitation
- active
- Automatable
- No
- Technical impact
- total
References
- https://www.dell.com/support/kbdoc/en-us/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability
- http://packetstormsecurity.com/files/162604/Dell-DBUtil_2_3.sys-IOCTL-Memory-Read-Write.html
- http://packetstormsecurity.com/files/162739/DELL-dbutil_2_3.sys-2.3-Arbitrary-Write-Privilege-Escalation.html
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CISA | Mar 31, 2022 |
Scanner integrations
| Scanner | Reference | Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/cve_2021_21551_dbutil_memmove.rb | Apr 28, 2025 |
Potential proof of concepts
These PoCs are unverified and could contain malware. Use at your own risk.
github · Created 2023-01-07 02:42:59 UTC · 25 stars
Dell Driver EoP (CVE-2021-21551)
github · Created 2021-09-03 01:47:03 UTC · 32 stars
Dell Driver EoP (CVE-2021-21551)
github · Created 2021-06-02 05:13:07 UTC · 24 stars
An extended proof-of-concept for the CVE-2021-21551 Dell ‘dbutil_2_3.sys’ Kernel Exploit
github · Created 2021-05-30 10:15:10 UTC · 56 stars
arbitrary kernel read/write in dbutil_2_3.sys, Proof of Concept Local Privilege Escalation to nt authority/system
github · Created 2021-05-21 03:13:58 UTC · 26 stars
github · Created 2021-05-13 13:23:38 UTC · 237 stars
Exploit to SYSTEM for CVE-2021-21551
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel
-
Detected by Metasploit