Lucene search

[email protected]CVE-2021-36320

HistoryNov 20, 2021 - 2:15 a.m.

CVE-2021-36320

2021-11-2002:15:00

CWE-331

[email protected]

web.nvd.nist.gov

In Wild

cve-2021-36320

dell

networking

x-series

firmware

authentication bypass

vulnerability

hijack

session

webserver

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

73.8%

JSON

Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially hijack a session and access the webserver by forging the session ID.

CPENameOperatorVersion
dell:x1008p_firmwaredell x1008p firmwarelt3.0.1.8
dell:x1018p_firmwaredell x1018p firmwarelt3.0.1.8
dell:x1026p_firmwaredell x1026p firmwarelt3.0.1.8
dell:x1052p_firmwaredell x1052p firmwarelt3.0.1.8
dell:x4012_firmwaredell x4012 firmwarelt3.0.1.8
dell:x1008_firmwaredell x1008 firmwarelt3.0.1.8
dell:x1018_firmwaredell x1018 firmwarelt3.0.1.8
dell:x1026_firmwaredell x1026 firmwarelt3.0.1.8
dell:x1052_firmwaredell x1052 firmwarelt3.0.1.8

CPE	Name	Operator	Version
dell:x1008p_firmware	dell x1008p firmware	lt	3.0.1.8
dell:x1018p_firmware	dell x1018p firmware	lt	3.0.1.8
dell:x1026p_firmware	dell x1026p firmware	lt	3.0.1.8
dell:x1052p_firmware	dell x1052p firmware	lt	3.0.1.8
dell:x4012_firmware	dell x4012 firmware	lt	3.0.1.8
dell:x1008_firmware	dell x1008 firmware	lt	3.0.1.8
dell:x1018_firmware	dell x1018 firmware	lt	3.0.1.8
dell:x1026_firmware	dell x1026 firmware	lt	3.0.1.8
dell:x1052_firmware	dell x1052 firmware	lt	3.0.1.8

References

www.dell.com/support/kbdoc/en-us/000193230/dsa-2021-191-dell-networking-x-series-security-update-for-multiple-security-vulnerabilities

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

73.8%

JSON

Related for CVE-2021-36320

cnvd1 prion1 attackerkb1