menu arrow_back 湛蓝安全空间 |狂野湛蓝,暴躁每天 chevron_right All_wiki chevron_right --Vulnerability-main chevron_right Dell BIOS驱动权限提升漏洞(CVE-2021-21551).md
  • home 首页
  • brightness_4 暗黑模式
    • cloud
    xLIYhHS7e34ez7Ma
    cloud
    湛蓝安全
    code
    Github
    Dell BIOS驱动权限提升漏洞(CVE-2021-21551).md
    873 B / 2021-05-21 09:14:38
        # Dell BIOS驱动权限提升漏洞(CVE-2021-21551)


在Dell 的BIOS驱动中由于固件更新程序接受IOCTL(输入输出控制)请求,而没有ACL(访问控制列表),即可以被任意用户调用,通过此方法,造成了任意读取/写入漏洞,如果任意读写可以将当前用户提升至更高权限。

PoC:https://github.com/waldo-irc/CVE-2021-21551

Metasploit  Exploit:https://github.com/rapid7/metasploit-framework/pull/15190

https://github.com/zeroSteiner/metasploit-framework/blob/feat/cve-2021-21551/modules/exploits/windows/local/cve_2021_21551_dbutil_memmove.rb


```
use exploit/windows/local/cve_2021_21551_dbutil_memmove
设置SESSION和PAYLOAD
run
```

ref:

* https://github.com/rapid7/metasploit-framework/pull/15190
* https://nvd.nist.gov/vuln/detail/CVE-2021-21551
* https://github.com/waldo-irc/CVE-2021-21551
    links
    file_download