Dell dbutil Driver Insufficient Access Control (DSA-2021-088)

high Nessus Plugin ID 149524

Synopsis

Detects potential dbutil_2_3.sys driver in Dell client platform systems for an insufficient access control vulnerability.

Description

This plugin detects the potential presence of dbutil_2_3.sys in selected directories. Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required. It is recommended that the results are manually verified and appropriate remediation actions taken.

Note that Nessus has not tested for this issue but has instead looked for the dbutil_2_3.sys driver that could be potentially vulnerable.

Solution

Please check Dell security advisory for remediation.

See Also

http://www.nessus.org/u?9edc96bf

Plugin Details

Severity: High

ID: 149524

File Name: dell_CVE-2021-21551.nbin

Version: 1.86

Type: local

Agent: windows

Family: Windows

Published: 5/17/2021

Updated: 6/24/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.6

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 4

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-21551

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:dell:dbutil_2_3.sys

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/11/2021

Vulnerability Publication Date: 5/4/2021

CISA Known Exploited Vulnerability Due Dates: 4/21/2022

Exploitable With

Core Impact

Metasploit (Dell DBUtil_2_3.sys IOCTL memmove)

Reference Information

CVE: CVE-2021-21551