Vulnerabilites related to dell - r1-2401
Vulnerability from fkie_nvd
Published
2020-04-10 19:15
Modified
2024-11-21 05:33
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell EMC Networking PC5500 firmware versions 4.1.0.22 and older and Dell EMC PowerEdge VRTX Switch Modules firmware versions 2.0.0.77 and older contain an information disclosure vulnerability. A remote unauthenticated attacker could exploit this vulnerability to retrieve sensitive data by sending a specially crafted request to the affected endpoints.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | r1-2210_firmware | * | |
| dell | r1-2210 | - | |
| dell | r1-2401_firmware | * | |
| dell | r1-2401 | - | |
| dell | pc5500_firmware | * | |
| dell | pc5500 | - | |
| dell | x1000_firmware | * | |
| dell | x1000 | - | |
| dell | x4012_firmware | * | |
| dell | x4012 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:r1-2210_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94DF3A44-BB28-45A3-ABF5-E3B5882CC067",
"versionEndIncluding": "3.0.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:r1-2210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C987205B-1645-41F7-8F0C-10ADF28B6106",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:r1-2401_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "765C10B8-2CC1-4AE2-ABA5-B8F07142FA69",
"versionEndIncluding": "3.0.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:r1-2401:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D1BA0CC-6EC3-4B4D-BC40-EAF3B1CD54C3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:pc5500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5622529B-4854-4013-9A8E-1B475104BA08",
"versionEndIncluding": "4.1.0.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:pc5500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BBB5C861-DE33-4671-BBA3-9D00D04D3322",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:x1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2627465D-B58C-40DD-92F5-4B91C54F4003",
"versionEndIncluding": "2.0.0.77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:x1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8557B38A-35FD-4F4D-B423-90AFC2CA5172",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:x4012_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F5CA031-093B-4267-81AF-E8AFA1F9E02E",
"versionEndIncluding": "2.0.0.77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:x4012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44113AAD-07FF-45DB-BDCF-A21BF483E286",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell EMC Networking PC5500 firmware versions 4.1.0.22 and older and Dell EMC PowerEdge VRTX Switch Modules firmware versions 2.0.0.77 and older contain an information disclosure vulnerability. A remote unauthenticated attacker could exploit this vulnerability to retrieve sensitive data by sending a specially crafted request to the affected endpoints."
},
{
"lang": "es",
"value": "Dell EMC Networking X-Series versiones de firmware 3.0.1.2 y anteriores, Dell EMC Networking PC5500 versiones de firmware 4.1.0.22 y anteriores y Dell EMC PowerEdge VRTX Switch Modules versiones de firmware 2.0.0.77 y anteriores, contienen una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n. Un atacante no autenticado remoto podr\u00eda explotar esta vulnerabilidad al recuperar datos confidenciales mediante el env\u00edo de una petici\u00f3n especialmente dise\u00f1ada hacia los endpoints afectados."
}
],
"id": "CVE-2020-5330",
"lastModified": "2024-11-21T05:33:55.537",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-10T19:15:13.413",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/171723/Cisco-Dell-Netgear-Information-Disclosure-Hash-Decrypter.html"
},
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/article/en-us/sln320366/dsa-2020-042-dell-emc-networking-security-update-for-an-information-disclosure-vulnerability?lang=en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/171723/Cisco-Dell-Netgear-Information-Disclosure-Hash-Decrypter.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/article/en-us/sln320366/dsa-2020-042-dell-emc-networking-security-update-for-an-information-disclosure-vulnerability?lang=en"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security_alert@emc.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-30 21:15
Modified
2024-11-21 05:48
Severity ?
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX Switch Module firmware versions prior to 2.0.0.82 contain a Weak Password Encryption Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | https://www.dell.com/support/kbdoc/000185252 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dell.com/support/kbdoc/000185252 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | x1008p_firmware | * | |
| dell | x1008p | - | |
| dell | x1018p_firmware | * | |
| dell | x1018p | - | |
| dell | x1026p_firmware | * | |
| dell | x1026p | - | |
| dell | x1052p_firmware | * | |
| dell | x1052p | - | |
| dell | x4012_firmware | * | |
| dell | x4012 | - | |
| dell | r1-2401_firmware | * | |
| dell | r1-2401 | - | |
| dell | r1-2210_firmware | * | |
| dell | r1-2210 | - | |
| dell | x1008_firmware | * | |
| dell | x1008 | - | |
| dell | x1018_firmware | * | |
| dell | x1018 | - | |
| dell | x1026_firmware | * | |
| dell | x1026 | - | |
| dell | x1052_firmware | * | |
| dell | x1052 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:x1008p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "797B281A-1F97-45EA-B63B-310C631E5300",
"versionEndExcluding": "3.0.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:x1008p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D29913E0-EB40-4088-845E-478859BE9AA6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:x1018p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDA3F68D-0C01-4235-8A6C-317D7FAF4EC4",
"versionEndExcluding": "3.0.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:x1018p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B86EE4BF-6DA7-4F74-9116-FCC93A5D0C8B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:x1026p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE3522DC-9259-4B4B-BD11-B6106C5F4C8E",
"versionEndExcluding": "3.0.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:x1026p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "470280E0-8C95-40E1-B523-F6D8A998FDA2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:x1052p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A657AA7A-4462-4AEF-A377-57B99066B142",
"versionEndExcluding": "3.0.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:x1052p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BCA777B-BA3F-4585-8F42-D3EF3F3E805D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:x4012_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0013FB8E-D762-4D5A-929E-C4FF1064A122",
"versionEndExcluding": "3.0.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:x4012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44113AAD-07FF-45DB-BDCF-A21BF483E286",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:r1-2401_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F70190-8D9F-4A81-AF65-0559346960AA",
"versionEndExcluding": "2.0.0.82",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:r1-2401:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D1BA0CC-6EC3-4B4D-BC40-EAF3B1CD54C3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:r1-2210_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC4E63C-90E4-4606-9953-7FB8242E83E4",
"versionEndExcluding": "2.0.0.82",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:r1-2210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C987205B-1645-41F7-8F0C-10ADF28B6106",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:x1008_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "600B25AD-39D3-4A94-88DC-BEDBEC32E490",
"versionEndExcluding": "3.0.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:x1008:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A34519BF-43D5-4D05-984F-EF4F584B5756",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:x1018_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B705EFB-0224-4719-B77D-FFD86FA99B37",
"versionEndExcluding": "3.0.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:x1018:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66BE7D70-2B8F-4B94-A9F2-E2CD89CE1762",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:x1026_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DC0ADD8-7AFE-41EA-B30B-32629E364355",
"versionEndExcluding": "3.0.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:x1026:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ACB73FAE-5682-42FA-A423-23B1FC193244",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:x1052_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD4C67D4-0009-4FF0-AEE5-D3ACA36E3796",
"versionEndExcluding": "3.0.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:x1052:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93A4CE96-3213-4BBA-8C31-8CFB3001BCC1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX Switch Module firmware versions prior to 2.0.0.82 contain a Weak Password Encryption Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account."
},
{
"lang": "es",
"value": "Dell EMC Networking X-Series versiones anteriores a 3.0.1.8 y Dell EMC PowerEdge VRTX Module, versiones de firrmware anteriores a 2.0.0.82, contienen una vulnerabilidad de Cifrado de Contrase\u00f1a D\u00e9bil.\u0026#xa0;Un atacante remoto no autenticado podr\u00eda explotar potencialmente esta vulnerabilidad, conllevando a una divulgaci\u00f3n de determinadas credenciales de usuario.\u0026#xa0;El atacante puede usar las credenciales expuestas para acceder al sistema vulnerable con privilegios de la cuenta comprometida."
}
],
"id": "CVE-2021-21507",
"lastModified": "2024-11-21T05:48:30.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-30T21:15:08.597",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/000185252"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/000185252"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-261"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-326"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-5330 (GCVE-0-2020-5330)
Vulnerability from cvelistv5
Published
2020-04-10 18:55
Modified
2024-09-16 20:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell EMC Networking PC5500 firmware versions 4.1.0.22 and older and Dell EMC PowerEdge VRTX Switch Modules firmware versions 2.0.0.77 and older contain an information disclosure vulnerability. A remote unauthenticated attacker could exploit this vulnerability to retrieve sensitive data by sending a specially crafted request to the affected endpoints.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Dell PowerConnect |
Version: unspecified < X series 3.0.1.2 and older, PC5500 fw versions 4.1.0.22 and older |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:09.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.dell.com/support/article/en-us/sln320366/dsa-2020-042-dell-emc-networking-security-update-for-an-information-disclosure-vulnerability?lang=en"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171723/Cisco-Dell-Netgear-Information-Disclosure-Hash-Decrypter.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Dell PowerConnect",
"vendor": "Dell",
"versions": [
{
"lessThan": "X series 3.0.1.2 and older, PC5500 fw versions 4.1.0.22 and older",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell EMC Networking PC5500 firmware versions 4.1.0.22 and older and Dell EMC PowerEdge VRTX Switch Modules firmware versions 2.0.0.77 and older contain an information disclosure vulnerability. A remote unauthenticated attacker could exploit this vulnerability to retrieve sensitive data by sending a specially crafted request to the affected endpoints."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-06T00:00:00",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"url": "https://www.dell.com/support/article/en-us/sln320366/dsa-2020-042-dell-emc-networking-security-update-for-an-information-disclosure-vulnerability?lang=en"
},
{
"url": "http://packetstormsecurity.com/files/171723/Cisco-Dell-Netgear-Information-Disclosure-Hash-Decrypter.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2020-5330",
"datePublished": "2020-04-10T18:55:11.617623Z",
"dateReserved": "2020-01-03T00:00:00",
"dateUpdated": "2024-09-16T20:16:29.129Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21507 (GCVE-0-2021-21507)
Vulnerability from cvelistv5
Published
2021-04-30 21:10
Modified
2024-09-16 22:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-261 - Weak Cryptography for Passwords
Summary
Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX Switch Module firmware versions prior to 2.0.0.82 contain a Weak Password Encryption Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | VRTX Switch Modules |
Version: unspecified < 2.0.0.82 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:16:22.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/000185252"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VRTX Switch Modules",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.0.0.82",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX Switch Module firmware versions prior to 2.0.0.82 contain a Weak Password Encryption Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-261",
"description": "CWE-261: Weak Cryptography for Passwords",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-30T21:10:17",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/000185252"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2021-04-14",
"ID": "CVE-2021-21507",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VRTX Switch Modules",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.0.0.82"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX Switch Module firmware versions prior to 2.0.0.82 contain a Weak Password Encryption Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-261: Weak Cryptography for Passwords"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/000185252",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/000185252"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2021-21507",
"datePublished": "2021-04-30T21:10:17.341849Z",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-09-16T22:51:51.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}