CVE-2021-21557
HIGHDell Poweredge R640 Firmware < 2.11.2 - Improper Input Validation
Title source: ruleDescription
Dell PowerEdge Server BIOS and select Dell Precision Rack BIOS contain an out-of-bounds array access vulnerability. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of service, arbitrary code execution, or information disclosure in System Management Mode.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.dell.com/support/kbdoc/000187958
Scores
CVSS v3
8.1
EPSS
0.0002
EPSS Percentile
7.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
Details
CWE
CWE-125
CWE-20
Status
published
Products (31)
dell/poweredge_c4140_firmware
< 2.11.2
dell/poweredge_c6420_firmware
< 2.11.2
dell/poweredge_c6525_firmware
< 2.2.4
dell/poweredge_fc640_firmware
< 2.11.2
dell/poweredge_m640_firmware
< 2.11.2
dell/poweredge_m640p_firmware
< 2.11.2
dell/poweredge_mx740c_firmware
< 2.11.2
dell/poweredge_mx840c_firmware
< 2.11.2
dell/poweredge_r240_firmware
< 2.5.1
dell/poweredge_r340_firmware
< 2.5.1
... and 21 more
Published
Jun 14, 2021
Tracked Since
Feb 18, 2026