Lucene search

DellCVELIST:CVE-2021-36320

HistoryNov 20, 2021 - 1:40 a.m.

CVE-2021-36320

2021-11-2001:40:24

CWE-331

dell

www.cve.org

dell

networking

x-series

firmware

authentication

bypass

vulnerability

remote attacker

hijack

session

access

webserver

session id

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.005

Percentile

75.5%

JSON

Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially hijack a session and access the webserver by forging the session ID.

CNA Affected

[
  {
    "product": "Networking X-Series",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "3.0.1.9",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000193230/dsa-2021-191-dell-networking-x-series-security-update-for-multiple-security-vulnerabilities

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.005

Percentile

75.5%

JSON

Related for CVELIST:CVE-2021-36320