Vulnerability Details CVE-2021-21555
Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a heap-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 36.9%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 7.2
References
Products affected by CVE-2021-21555
-
cpe:2.3:h:dell:poweredge_mx740c:-
-
cpe:2.3:h:dell:poweredge_mx840c:-
-
cpe:2.3:h:dell:poweredge_r640:-
-
cpe:2.3:h:dell:poweredge_r740:-
-
cpe:2.3:h:dell:poweredge_r740xd:-
-
cpe:2.3:h:dell:poweredge_r840:-
-
cpe:2.3:h:dell:poweredge_r940:-
-
cpe:2.3:h:dell:poweredge_r940xa:-
-
cpe:2.3:h:dell:poweredge_t640:-
-
cpe:2.3:o:dell:poweredge_mx740c_firmware:-
-
cpe:2.3:o:dell:poweredge_mx740c_firmware:2.9.4
-
cpe:2.3:o:dell:poweredge_mx840c_firmware:-
-
cpe:2.3:o:dell:poweredge_mx840c_firmware:2.9.4
-
cpe:2.3:o:dell:poweredge_r640_firmware:-
-
cpe:2.3:o:dell:poweredge_r640_firmware:2.9.4
-
cpe:2.3:o:dell:poweredge_r740_firmware:-
-
cpe:2.3:o:dell:poweredge_r740_firmware:2.9.4
-
cpe:2.3:o:dell:poweredge_r740xd_firmware:-
-
cpe:2.3:o:dell:poweredge_r740xd_firmware:2.9.4
-
cpe:2.3:o:dell:poweredge_r840_firmware:-
-
cpe:2.3:o:dell:poweredge_r840_firmware:2.9.4
-
cpe:2.3:o:dell:poweredge_r940_firmware:-
-
cpe:2.3:o:dell:poweredge_r940_firmware:2.9.4
-
cpe:2.3:o:dell:poweredge_r940xa_firmware:-
-
cpe:2.3:o:dell:poweredge_r940xa_firmware:2.9.4
-
cpe:2.3:o:dell:poweredge_t640_firmware:-