Details of VAR-202104-0669

ID

VAR-202104-0669

CVE

CVE-2021-21529

TITLE

Dell System Update Resource Depletion Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-005189

DESCRIPTION

Dell System Update (DSU) 1.9 and earlier versions contain a denial of service vulnerability. A local authenticated malicious user with low privileges may potentially exploit this vulnerability to cause the system to run out of memory by running multiple instances of the vulnerable application. Dell System Update is an application software package of Dell (Dell). Provide application update function

Trust: 1.8

sources: NVD: CVE-2021-21529 // JVNDB: JVNDB-2021-005189 // VULHUB: VHN-379933 // VULMON: CVE-2021-21529

AFFECTED PRODUCTS

vendor:	dell	model:	system update	scope:	lt	version:	1.9	Trust: 1.0
vendor:	デル	model:	dell system update	scope:	lte	version:	1.9 and earlier	Trust: 0.8
vendor:	デル	model:	dell system update	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-005189 // NVD: CVE-2021-21529

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-21529
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2021-21529
value:	LOW
Trust: 1.0
NVD:	CVE-2021-21529
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202104-070
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-379933
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-21529
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-21529
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-379933
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-21529
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2021-21529
baseSeverity:	LOW
baseScore:	3.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	2.0
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2021-21529
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-379933 // VULMON: CVE-2021-21529 // JVNDB: JVNDB-2021-005189 // CNNVD: CNNVD-202104-070 // NVD: CVE-2021-21529 // NVD: CVE-2021-21529

PROBLEMTYPE DATA

problemtype:	CWE-400	Trust: 1.1
problemtype:	Resource exhaustion (CWE-400) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-379933 // JVNDB: JVNDB-2021-005189 // NVD: CVE-2021-21529

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202104-070

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202104-070

PATCH

title:	DSA-2021-059	url:	https://www.dell.com/support/kbdoc/ja-jp/000184608/dsa-2021-059-dell-emc-system-update-dsu-security-update-for-denial-of-service-vulnerability	Trust: 0.8
title:	Dell System Update Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=146958	Trust: 0.6

sources: JVNDB: JVNDB-2021-005189 // CNNVD: CNNVD-202104-070

EXTERNAL IDS

db:	NVD	id:	CVE-2021-21529	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-005189	Trust: 0.8
db:	CNNVD	id:	CNNVD-202104-070	Trust: 0.6
db:	CNVD	id:	CNVD-2022-42747	Trust: 0.1
db:	VULHUB	id:	VHN-379933	Trust: 0.1
db:	VULMON	id:	CVE-2021-21529	Trust: 0.1

sources: VULHUB: VHN-379933 // VULMON: CVE-2021-21529 // JVNDB: JVNDB-2021-005189 // CNNVD: CNNVD-202104-070 // NVD: CVE-2021-21529

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000184608/dsa-2021-059-dell-emc-system-update-dsu-security-update-for-denial-of-service-vulnerability	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21529	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/400.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/199363	Trust: 0.1

sources: VULHUB: VHN-379933 // VULMON: CVE-2021-21529 // JVNDB: JVNDB-2021-005189 // CNNVD: CNNVD-202104-070 // NVD: CVE-2021-21529

SOURCES

db:	VULHUB	id:	VHN-379933
db:	VULMON	id:	CVE-2021-21529
db:	JVNDB	id:	JVNDB-2021-005189
db:	CNNVD	id:	CNNVD-202104-070
db:	NVD	id:	CVE-2021-21529

LAST UPDATE DATE

2024-11-23T22:40:41.363000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-379933	date:	2021-04-08T00:00:00
db:	VULMON	id:	CVE-2021-21529	date:	2021-04-08T00:00:00
db:	JVNDB	id:	JVNDB-2021-005189	date:	2021-12-09T06:17:00
db:	CNNVD	id:	CNNVD-202104-070	date:	2021-04-09T00:00:00
db:	NVD	id:	CVE-2021-21529	date:	2024-11-21T05:48:31.900

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-379933	date:	2021-04-02T00:00:00
db:	VULMON	id:	CVE-2021-21529	date:	2021-04-02T00:00:00
db:	JVNDB	id:	JVNDB-2021-005189	date:	2021-12-09T00:00:00
db:	CNNVD	id:	CNNVD-202104-070	date:	2021-04-02T00:00:00
db:	NVD	id:	CVE-2021-21529	date:	2021-04-02T22:15:13.240