{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2021-022.pdf"
    },
    "title": "Insufficient Access Control Vulnerability in the Dell Driver",
    "serial_number": "2021-022",
    "publish_date": "05-05-2021 10:30:00",
    "description": "On the 5th of May 2021, Dell has released a security advisory to address multiple vulnerabilities. Those could be exploited by attackers to access driver functions and execute malicious code with kernel-mode privileges.",
    "url_title": "2021-022",
    "content_markdown": "---\ntitle: ' Insufficient Access Control Vulnerability in the Dell Driver'\nversion: '1.0'\nnumber: '2021-022'\ndate: 'May 5, 2021'\n---\n\nHistory:\n\n- 05/05/2021 --- v1.0 -- Initial publication\n\n# Summary\n\nOn the 5th of May 2021, Dell has released a security advisory to address multiple vulnerabilities [1]. Those could be exploited by attackers to access driver functions and execute malicious code with kernel-mode privileges.\n\n# Technical Details\n\n12-year-old multiple high severity vulnerabilities, tracked as CVE-2021-21551 affect Dell `dbutil` driver. An attacker who gained a foothold in the target system could exploit this bug to escalate privilege and take over it, then perform lateral movement within the target network. Dell has assigned one CVE to cover all the flaws in the firmware update driver, but this single CVE was broken down to the following five separate flaws by SentinelLabs researchers who discovered the issue [2]:\n\n- CVE-2021-21551: Local Elevation Of Privileges #1 \u2013 Memory corruption\n- CVE-2021-21551: Local Elevation Of Privileges #2 \u2013 Memory corruption\n- CVE-2021-21551: Local Elevation Of Privileges #3 \u2013 Lack of input validation\n- CVE-2021-21551: Local Elevation Of Privileges #4 \u2013 Lack of input validation\n- CVE-2021-21551: Denial Of Service \u2013 Code logic issue\n\nSentinelOne reported  that they have not seen any indicators of these vulnerabilities being exploited in the wild up till now, but with hundreds of million of enterprises and users currently vulnerable it would change.\n\n\n# Affected Products\n\nThese vulnerabilities affects several Dell platforms running Windows operating system. A comprehensive table in Dell advisory details the platforms and software that are impacted by the vulnerable `dbutil_2_3.sys` driver [1].\n\nIt is important to note that over the years Dell released BIOS update utilities which contain the vulnerable driver for hundreds of millions of computers (including desktops, laptops, notebooks, and tablets) worldwide.\n\n# Recommendations\n\nTo fix the issue the vulnerable driver should be removed from the affected system and the latest firmware update utility should be run. Remediation steps are described in detail in [1].\n\n# References\n\n[1] <https://www.dell.com/support/kbdoc/nl-nl/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability>\n\n[2] <https://labs.sentinelone.com/cve-2021-21551-hundreds-of-millions-of-dell-computers-at-risk-due-to-multiple-bios-driver-privilege-escalation-flaws/>\n",
    "content_html": "<p>History:</p><ul><li>05/05/2021 --- v1.0 -- Initial publication</li></ul><h2 id=\"summary\">Summary</h2><p>On the 5th of May 2021, Dell has released a security advisory to address multiple vulnerabilities [1]. Those could be exploited by attackers to access driver functions and execute malicious code with kernel-mode privileges.</p><h2 id=\"technical-details\">Technical Details</h2><p>12-year-old multiple high severity vulnerabilities, tracked as CVE-2021-21551 affect Dell <code>dbutil</code> driver. An attacker who gained a foothold in the target system could exploit this bug to escalate privilege and take over it, then perform lateral movement within the target network. Dell has assigned one CVE to cover all the flaws in the firmware update driver, but this single CVE was broken down to the following five separate flaws by SentinelLabs researchers who discovered the issue [2]:</p><ul><li>CVE-2021-21551: Local Elevation Of Privileges #1 \u2013 Memory corruption</li><li>CVE-2021-21551: Local Elevation Of Privileges #2 \u2013 Memory corruption</li><li>CVE-2021-21551: Local Elevation Of Privileges #3 \u2013 Lack of input validation</li><li>CVE-2021-21551: Local Elevation Of Privileges #4 \u2013 Lack of input validation</li><li>CVE-2021-21551: Denial Of Service \u2013 Code logic issue</li></ul><p>SentinelOne reported that they have not seen any indicators of these vulnerabilities being exploited in the wild up till now, but with hundreds of million of enterprises and users currently vulnerable it would change.</p><h2 id=\"affected-products\">Affected Products</h2><p>These vulnerabilities affects several Dell platforms running Windows operating system. A comprehensive table in Dell advisory details the platforms and software that are impacted by the vulnerable <code>dbutil_2_3.sys</code> driver [1].</p><p>It is important to note that over the years Dell released BIOS update utilities which contain the vulnerable driver for hundreds of millions of computers (including desktops, laptops, notebooks, and tablets) worldwide.</p><h2 id=\"recommendations\">Recommendations</h2><p>To fix the issue the vulnerable driver should be removed from the affected system and the latest firmware update utility should be run. Remediation steps are described in detail in [1].</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.dell.com/support/kbdoc/nl-nl/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability\">https://www.dell.com/support/kbdoc/nl-nl/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://labs.sentinelone.com/cve-2021-21551-hundreds-of-millions-of-dell-computers-at-risk-due-to-multiple-bios-driver-privilege-escalation-flaws/\">https://labs.sentinelone.com/cve-2021-21551-hundreds-of-millions-of-dell-computers-at-risk-due-to-multiple-bios-driver-privilege-escalation-flaws/</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}