CVE-2021-36276

HIGH EXPLOITED

Dell DBUtilDrv2.sys <2.7 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2021-36276 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.

References (1)

Core 1

Scores

CVSS v3 8.8
EPSS 0.0015
EPSS Percentile 35.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

VulnCheck KEV 2025-04-07
CWE
CWE-285
Status published
Products (2)
dell/dbutildrv2.sys_firmware 2.5
dell/dbutildrv2.sys_firmware 2.6
Published Aug 09, 2021
Tracked Since Feb 18, 2026