A Vulnerable Dell Driver Might Be Putting Millions of Systems at Risk
From the data gathered so far, it’s estimated that hundreds of millions of Dell desktops, laptops, and tablets have received the driver containing the vulnerability through various BIOS updates.
Collectively tracked as CVE-2021-21551, five flaws have been discovered in DBUtil, a driver from that Dell machines.
Kasif Dekel, a security researcher at cybersecurity company SentinelOne, found that the DBUtil can be exploited in order to escalate privileges from a non-administrator user to kernel mode privileges, therefore allowing an attacker to obtain unrestricted access to all hardware available on the system.
This type of vulnerability is not considered critical because in order for an attacker to be able to exploit it the computer should be compromised beforehand, but unfortunately, it allows threat actors and malware to gain persistence on the infected system.
The vulnerability is tracked under a single tracking number, but five separate flaws exist within it with most of them leading to privilege escalation.
According to Dekel, Dell has prepared a security advisory for this vulnerability, so we can expect them to fix the driver, even if at this time the company had not revoked the certificate for the vulnerable driver.
An attacker with access to an organization’s network may also gain access to execute code on unpatched Dell systems and use this vulnerability to gain local elevation of privilege. Attackers can then leverage other techniques to pivot to the broader network, like lateral movement.
Considering the longevity of the vulnerable DBUtil driver and a large number of potential victims, it’s an interesting fact that we have not seen any indicators regarding these vulnerabilities exploited in the wild so far.