Security Alert (A21-05-04): Vulnerability in Dell products


 

Published on: 05 May 2021

Share on Facebook    Share on X   

Description:

Dell has released a security advisory update to fix an insufficient access control vulnerability in the Dell dbutil driver. A local authenticated attacker could execute a specially crafted code to exploit the vulnerability.

 

Affected Systems:

  • Dell Windows operating system using firmware update utility package, Dell Command Update, Dell Update, Alienware Update, Dell System Inventory Agent, Dell Platform Tags, or Dell notification solution.

 

Impact:

A successful attack could lead to escalation of privileges, denial of service, or information disclosure on an affected system.

 

Recommendation:

The product vendor has released a utility to remove the vulnerable dbutil driver from the affected system. Users and system administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk. The utility are available at:

https://www.dell.com/support/home/drivers/driversdetails?driverid=7PR57

To prevent reintroduction of a vulnerable dbutil driver, users of affected systems should also obtain and run the latest firmware update utility package, Dell Command Update, Dell Update, Alienware Update, Dell System Inventory Agent, or Dell Platform Tags as applicable.

 

More Information:

  • https://www.dell.com/support/kbdoc/en-hk/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21551


Tag: Dell , Dell firmware update utility package , Dell Command Update , Dell update , Alienware Update , Dell System Inventory Agent , Dell Platform Tags , Dell notification solution
Tags