PC maker Dell has issued an replace to repair a number of crucial privilege escalation vulnerabilities that went undetected since 2009, probably permitting attackers to realize kernel-mode privileges and trigger a denial-of-service situation.
The problems, reported to Dell by researchers from SentinelOne on Dec. 1, 2020, reside in a firmware replace driver named “dbutil_2_3.sys” that comes pre-installed on its gadgets. Tons of of hundreds of thousands of desktops, laptops, notebooks, and tablets manufactured by the corporate are stated to be weak.
“Dell dbutil_2_3.sys driver incorporates an inadequate entry management vulnerability which can result in escalation of privileges, denial-of-service, or info disclosure. Native authenticated consumer entry is required,” Dell said in an advisory.
All 5 separate flaws have been assigned the CVE identifier CVE-2021-21551 with a CVSS rating of 8.8. A breakdown of the shortcomings is as follows –
- CVE-2021-21551: Native Elevation Of Privileges #1 – Reminiscence corruption
- CVE-2021-21551: Native Elevation Of Privileges #2 – Reminiscence corruption
- CVE-2021-21551: Native Elevation Of Privileges #3 – Lack of enter validation
- CVE-2021-21551: Native Elevation Of Privileges #4 – Lack of enter validation
- CVE-2021-21551: Denial Of Service – Code logic concern
“The excessive severity flaws may permit any consumer on the pc, even with out privileges, to escalate their privileges and run code in kernel mode,” SentinelOne Senior Safety Researcher Kasif Dekel noted in a Tuesday evaluation. “Among the many apparent abuses of such vulnerabilities are that they might be used to bypass safety merchandise.”
Since these are native privilege escalation bugs, they’re unlikely to be exploited remotely over the web. To hold out an assault, an adversary might want to have gained entry to a non-administrator account on a weak system, following which the driving force vulnerability might be abused to realize native elevation of privilege. Armed with this entry, the attacker can then leverage different methods to execute arbitrary code and laterally transfer throughout a corporation’s community.
Though no proof of in-the-wild abuse has been detected, SentinelOne stated it plans to launch the proof-of-concept (PoC) code on June 1, 2021, giving Dell clients ample time to remediate the vulnerability.
SentinelOne’s disclosure is the third time the identical concern has been reported to Dell during the last two years, according to Crowdtrike’s Chief Architect Alex Ionescu, first by the Sunnyvale-based cybersecurity agency in 2019 and once more by IOActive. Dell additionally credited Scott Noone of OSR Open Techniques Assets with reporting the vulnerability.