Dell - Security Vulnerability CVE-2021-21551 Detection
Summary
This monitor will look for endpoints that may be vulnerable to Dell CVE-2021-21551.
Details
Suggested "Limit to": Dell machines
Suggested Alert Style: Once
Suggested Alert Template: Autofix - Run Dell CVE-2021-21551 fix.
Insert the details of the monitor in the table below.
| Check Action | Server Address | Check Type | Check Value | Comparator | Interval | Result |
|---|---|---|---|---|---|---|
| System | 127.0.0.1 | Run File | C:/Windows/System32/WindowsPowerShell/v1.0/powershell.exe -ExecutionPolicy Bypass -Command "$Profiles=(Get-WmiObject win32_userprofile).LocalPath;$FileList=@();foreach ($profile in $profiles){$FileList += "/$profile/AppData/Local/Temp/dbutil_2_3.sys/"};$FileList += "/$env:SystemRoot/Temp/dbutil_2_3.sys/";$FileFound=$false;$Errors=$false;foreach ($file in $FileList){if (test-path -PathType Leaf "$file"){ $FileFound=$true}};if($FileFound -eq 'True'){write-host "Vulnerable"}else{write-host "Protected"} | Does Not Contain | 3600 (1 hour) | Vulnerable |
Dependencies
Target
Managed Dell endpoints.