Lucene search

DellCVE-2021-21507

HistoryApr 30, 2021 - 9:15 p.m.

CVE-2021-21507

2021-04-3021:15:08

CWE-326

CWE-261

dell

web.nvd.nist.gov

cve-2021-21507

dell emc

networking

x-series

poweredge

vrtx

switch module

firmware

weak password encryption

vulnerability

nvd

cybersecurity

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.004

Percentile

73.0%

JSON

Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX Switch Module firmware versions prior to 2.0.0.82 contain a Weak Password Encryption Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account.

Affected configurations

Nvd

Vulners

Node

dellx1008pMatch-

AND

dellx1008p_firmwareRange<3.0.1.8

Node

dellx1018pMatch-

AND

dellx1018p_firmwareRange<3.0.1.8

Node

dellx1026pMatch-

AND

dellx1026p_firmwareRange<3.0.1.8

Node

dellx1052pMatch-

AND

dellx1052p_firmwareRange<3.0.1.8

Node

dellx4012Match-

AND

dellx4012_firmwareRange<3.0.1.8

Node

dellr1-2401Match-

AND

dellr1-2401_firmwareRange<2.0.0.82

Node

dellr1-2210Match-

AND

dellr1-2210_firmwareRange<2.0.0.82

Node

dellx1008_firmwareRange<3.0.1.8

AND

dellx1008Match-

Node

dellx1018_firmwareRange<3.0.1.8

AND

dellx1018Match-

Node

dellx1026_firmwareRange<3.0.1.8

AND

dellx1026Match-

Node

dellx1052_firmwareRange<3.0.1.8

AND

dellx1052Match-

VendorProductVersionCPE
dellx1008p-cpe:2.3:h:dell:x1008p:-:*:*:*:*:*:*:*
dellx1008p_firmware*cpe:2.3:o:dell:x1008p_firmware:*:*:*:*:*:*:*:*
dellx1018p-cpe:2.3:h:dell:x1018p:-:*:*:*:*:*:*:*
dellx1018p_firmware*cpe:2.3:o:dell:x1018p_firmware:*:*:*:*:*:*:*:*
dellx1026p-cpe:2.3:h:dell:x1026p:-:*:*:*:*:*:*:*
dellx1026p_firmware*cpe:2.3:o:dell:x1026p_firmware:*:*:*:*:*:*:*:*
dellx1052p-cpe:2.3:h:dell:x1052p:-:*:*:*:*:*:*:*
dellx1052p_firmware*cpe:2.3:o:dell:x1052p_firmware:*:*:*:*:*:*:*:*
dellx4012-cpe:2.3:h:dell:x4012:-:*:*:*:*:*:*:*
dellx4012_firmware*cpe:2.3:o:dell:x4012_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	x1008p	-	cpe:2.3:h:dell:x1008p:-:::::::*
dell	x1008p_firmware	*	cpe:2.3:o:dell:x1008p_firmware::::::::
dell	x1018p	-	cpe:2.3:h:dell:x1018p:-:::::::*
dell	x1018p_firmware	*	cpe:2.3:o:dell:x1018p_firmware::::::::
dell	x1026p	-	cpe:2.3:h:dell:x1026p:-:::::::*
dell	x1026p_firmware	*	cpe:2.3:o:dell:x1026p_firmware::::::::
dell	x1052p	-	cpe:2.3:h:dell:x1052p:-:::::::*
dell	x1052p_firmware	*	cpe:2.3:o:dell:x1052p_firmware::::::::
dell	x4012	-	cpe:2.3:h:dell:x4012:-:::::::*
dell	x4012_firmware	*	cpe:2.3:o:dell:x4012_firmware::::::::

Rows per page:

1-10 of 221

CNA Affected

[
  {
    "product": "VRTX Switch Modules",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "2.0.0.82",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/000185252

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.004

Percentile

73.0%

JSON

Related for CVE-2021-21507