CVE Database · CVE-2021-21551
CVSS v3.1
8.8
EPSS
58.13%
Published
May 4, 2021
Modified
Oct 28, 2025
CISA Known Exploited Vulnerability
Added: 2022-03-31 · Due: 2022-04-21
Apply updates per vendor instructions.
Public PoC / Exploit (10)
All weaponized →Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HWeaknesses (CWE)
Affected Products (568)
References (7)
...and 518 more