By Need

By Industry

By Function

Cybersecurity & Risk Management

Dell High Severity 12-Year-Old Vulnerability Leaves Hundreds of Millions of Systems Exposed.

By Randy Becker, VP & Principal Security Architect

On May 4, 2021, SentinelLabs posted that they had discovered five Dell security bugs collectively tracked as CVE-2021-21551. This local privilege-escalation (LPE) has a CVSS vulnerability-severity rating of 8.8 out of 10. SentinelLabs proactively reported their findings to Dell on Dec 1, 2020. These five high-severity security vulnerabilities in Dell’s firmware update driver have the potential to impact hundreds of millions of Dell desktops, laptops, notebooks, and tablets.


These vulnerabilities could permit threat actors to escalate privileges from a non-admin user account to kernel mode privileges! If you are like our security team, we immediately went to work thinking of creative ways to bypass security controls, run malicious code, then simply pivot to other devices on the network for lateral movement during red-teaming exercises.


What to do if you are affected

According to Dell Security Advisory Update – DSA-2021-088 the vulnerability exists in the dbutil_2_3.sys driver. “This driver file may have been installed on your Dell Windows operating system when you used firmware update utility packages, Dell Command Update, Dell Update, Alienware Update, Dell System Inventory Agent, or Dell Platform Tags, including when using any Dell notification solution to update drivers, BIOS, or firmware for your system. To best protect yourself, Dell recommends removing the dbutil_2_3.sys driver from your system” Dell provides 3 options for removal until a replacement is released on May 10, 2021. Per Dell’s security advisory “Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.”

Dell did make this simple and provided a single CVE to cover all the vulnerabilities impacting the dbutil_2_3.sys driver. The detail on CVE-2021-21551 covers these five separate flaws with Local Privilege Escalation (LPE) and DoS:

LPE #1 – Memory corruption
LPE #2 – Memory corruption
LPE #3 – Lack of input validation
LPE #4 – Lack of input validation
Denial of Service – Code logic issue

In the post from SentinelLabs, they describe some of the general problems with the dbutil_2_3.sys. They are holding off sharing the PoC code “However, to enable Dell customers the opportunity to remediate this vulnerability, we are withholding sharing our Proof of Concept until June 1, 2021. That proof of concept will demonstrate the first local EOP which arises out of a memory corruption issue.”

Important steps we should all be taking:

If you need help with this issue, reach out to your GreenPages Account Manager or reach out to us!

Randy Becker

VP and Principal Security Architect

At Blue Mantis, Randy responsible for the leadership of the offensive security team. Randy provides leadership for the cyber security practice and advising our customers on how to better protect their assets while reducing risk. With strong expertise in offensive security, cyber security and risk management; cloud security, security consulting, operations, and optimization; infrastructure modernization; and hybrid cloud architecture, design, and implementation. Randy’s security certifications include OSEP, OSCP, CISSP, and CCNP.

Working closely with clients, he regularly designs and implement security solutions that enable organizations to effectively shrink their attack surface in an increasingly dangerous, dynamic cyber security landscape. In addition to preemptive maneuvers, he also develops cyber security strategies to help clients contain, combat, and remediate threats where they appear – while ensuring that both industry-specific and federal compliance mandates are met.