Vulnerabilites related to dell - x1008p_firmware
Vulnerability from fkie_nvd
Published
2021-11-20 02:15
Modified
2024-11-21 06:13
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Dell Networking X-Series firmware versions prior to 3.0.1.8 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary host header values to poison the web-cache or trigger redirections.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | x1008p_firmware | * | |
| dell | x1008p | - | |
| dell | x1018p_firmware | * | |
| dell | x1018p | - | |
| dell | x1026p_firmware | * | |
| dell | x1026p | - | |
| dell | x1052p_firmware | * | |
| dell | x1052p | - | |
| dell | x4012_firmware | * | |
| dell | x4012 | - | |
| dell | x1008_firmware | * | |
| dell | x1008 | - | |
| dell | x1018_firmware | * | |
| dell | x1018 | - | |
| dell | x1026_firmware | * | |
| dell | x1026 | - | |
| dell | x1052_firmware | * | |
| dell | x1052 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:x1008p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "797B281A-1F97-45EA-B63B-310C631E5300",
"versionEndExcluding": "3.0.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:x1008p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D29913E0-EB40-4088-845E-478859BE9AA6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:x1018p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDA3F68D-0C01-4235-8A6C-317D7FAF4EC4",
"versionEndExcluding": "3.0.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:x1018p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B86EE4BF-6DA7-4F74-9116-FCC93A5D0C8B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:x1026p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE3522DC-9259-4B4B-BD11-B6106C5F4C8E",
"versionEndExcluding": "3.0.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:x1026p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "470280E0-8C95-40E1-B523-F6D8A998FDA2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:x1052p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A657AA7A-4462-4AEF-A377-57B99066B142",
"versionEndExcluding": "3.0.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:x1052p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BCA777B-BA3F-4585-8F42-D3EF3F3E805D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:x4012_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0013FB8E-D762-4D5A-929E-C4FF1064A122",
"versionEndExcluding": "3.0.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:x4012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44113AAD-07FF-45DB-BDCF-A21BF483E286",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:x1008_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "600B25AD-39D3-4A94-88DC-BEDBEC32E490",
"versionEndExcluding": "3.0.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:x1008:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A34519BF-43D5-4D05-984F-EF4F584B5756",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:x1018_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B705EFB-0224-4719-B77D-FFD86FA99B37",
"versionEndExcluding": "3.0.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:x1018:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66BE7D70-2B8F-4B94-A9F2-E2CD89CE1762",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:x1026_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DC0ADD8-7AFE-41EA-B30B-32629E364355",
"versionEndExcluding": "3.0.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:x1026:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ACB73FAE-5682-42FA-A423-23B1FC193244",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:x1052_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD4C67D4-0009-4FF0-AEE5-D3ACA36E3796",
"versionEndExcluding": "3.0.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:x1052:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93A4CE96-3213-4BBA-8C31-8CFB3001BCC1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell Networking X-Series firmware versions prior to 3.0.1.8 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary host header values to poison the web-cache or trigger redirections."
},
{
"lang": "es",
"value": "Dell Networking X-Series versiones de firmware anteriores a la 3.0.1.8, contienen una vulnerabilidad de inyecci\u00f3n de encabezado de host. Un atacante remoto no autenticado puede explotar esta vulnerabilidad inyectando valores de encabezado de host arbitrarios para envenenar la cach\u00e9 web o desencadenar redireccionamientos"
}
],
"id": "CVE-2021-36322",
"lastModified": "2024-11-21T06:13:29.840",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-20T02:15:07.510",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000193230/dsa-2021-191-dell-networking-x-series-security-update-for-multiple-security-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000193230/dsa-2021-191-dell-networking-x-series-security-update-for-multiple-security-vulnerabilities"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-20 02:15
Modified
2024-11-21 06:13
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially hijack a session and access the webserver by forging the session ID.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | x1008p_firmware | * | |
| dell | x1008p | - | |
| dell | x1018p_firmware | * | |
| dell | x1018p | - | |
| dell | x1026p_firmware | * | |
| dell | x1026p | - | |
| dell | x1052p_firmware | * | |
| dell | x1052p | - | |
| dell | x4012_firmware | * | |
| dell | x4012 | - | |
| dell | x1008_firmware | * | |
| dell | x1008 | - | |
| dell | x1018_firmware | * | |
| dell | x1018 | - | |
| dell | x1026_firmware | * | |
| dell | x1026 | - | |
| dell | x1052_firmware | * | |
| dell | x1052 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:x1008p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "797B281A-1F97-45EA-B63B-310C631E5300",
"versionEndExcluding": "3.0.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:x1008p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D29913E0-EB40-4088-845E-478859BE9AA6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:x1018p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDA3F68D-0C01-4235-8A6C-317D7FAF4EC4",
"versionEndExcluding": "3.0.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:x1018p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B86EE4BF-6DA7-4F74-9116-FCC93A5D0C8B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:x1026p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE3522DC-9259-4B4B-BD11-B6106C5F4C8E",
"versionEndExcluding": "3.0.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:x1026p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "470280E0-8C95-40E1-B523-F6D8A998FDA2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:x1052p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A657AA7A-4462-4AEF-A377-57B99066B142",
"versionEndExcluding": "3.0.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:x1052p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BCA777B-BA3F-4585-8F42-D3EF3F3E805D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:x4012_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0013FB8E-D762-4D5A-929E-C4FF1064A122",
"versionEndExcluding": "3.0.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:x4012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44113AAD-07FF-45DB-BDCF-A21BF483E286",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:x1008_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "600B25AD-39D3-4A94-88DC-BEDBEC32E490",
"versionEndExcluding": "3.0.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:x1008:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A34519BF-43D5-4D05-984F-EF4F584B5756",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:x1018_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B705EFB-0224-4719-B77D-FFD86FA99B37",
"versionEndExcluding": "3.0.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:x1018:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66BE7D70-2B8F-4B94-A9F2-E2CD89CE1762",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:x1026_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DC0ADD8-7AFE-41EA-B30B-32629E364355",
"versionEndExcluding": "3.0.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:x1026:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ACB73FAE-5682-42FA-A423-23B1FC193244",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:x1052_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD4C67D4-0009-4FF0-AEE5-D3ACA36E3796",
"versionEndExcluding": "3.0.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:x1052:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93A4CE96-3213-4BBA-8C31-8CFB3001BCC1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially hijack a session and access the webserver by forging the session ID."
},
{
"lang": "es",
"value": "Dell Networking X-Series versiones del firmware anteriores a 3.0.1.8, contienen una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n. Un atacante remoto no autentificado puede potencialmente secuestrar una sesi\u00f3n y acceder al servidor web al falsificar el ID de la sesi\u00f3n\n"
}
],
"id": "CVE-2021-36320",
"lastModified": "2024-11-21T06:13:29.567",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-20T02:15:07.387",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000193230/dsa-2021-191-dell-networking-x-series-security-update-for-multiple-security-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000193230/dsa-2021-191-dell-networking-x-series-security-update-for-multiple-security-vulnerabilities"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-331"
}
],
"source": "security_alert@emc.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-30 21:15
Modified
2024-11-21 05:48
Severity ?
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX Switch Module firmware versions prior to 2.0.0.82 contain a Weak Password Encryption Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | https://www.dell.com/support/kbdoc/000185252 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dell.com/support/kbdoc/000185252 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | x1008p_firmware | * | |
| dell | x1008p | - | |
| dell | x1018p_firmware | * | |
| dell | x1018p | - | |
| dell | x1026p_firmware | * | |
| dell | x1026p | - | |
| dell | x1052p_firmware | * | |
| dell | x1052p | - | |
| dell | x4012_firmware | * | |
| dell | x4012 | - | |
| dell | r1-2401_firmware | * | |
| dell | r1-2401 | - | |
| dell | r1-2210_firmware | * | |
| dell | r1-2210 | - | |
| dell | x1008_firmware | * | |
| dell | x1008 | - | |
| dell | x1018_firmware | * | |
| dell | x1018 | - | |
| dell | x1026_firmware | * | |
| dell | x1026 | - | |
| dell | x1052_firmware | * | |
| dell | x1052 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:x1008p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "797B281A-1F97-45EA-B63B-310C631E5300",
"versionEndExcluding": "3.0.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:x1008p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D29913E0-EB40-4088-845E-478859BE9AA6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:x1018p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDA3F68D-0C01-4235-8A6C-317D7FAF4EC4",
"versionEndExcluding": "3.0.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:x1018p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B86EE4BF-6DA7-4F74-9116-FCC93A5D0C8B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:x1026p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE3522DC-9259-4B4B-BD11-B6106C5F4C8E",
"versionEndExcluding": "3.0.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:x1026p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "470280E0-8C95-40E1-B523-F6D8A998FDA2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:x1052p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A657AA7A-4462-4AEF-A377-57B99066B142",
"versionEndExcluding": "3.0.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:x1052p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BCA777B-BA3F-4585-8F42-D3EF3F3E805D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:x4012_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0013FB8E-D762-4D5A-929E-C4FF1064A122",
"versionEndExcluding": "3.0.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:x4012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44113AAD-07FF-45DB-BDCF-A21BF483E286",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:r1-2401_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F70190-8D9F-4A81-AF65-0559346960AA",
"versionEndExcluding": "2.0.0.82",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:r1-2401:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D1BA0CC-6EC3-4B4D-BC40-EAF3B1CD54C3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:r1-2210_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC4E63C-90E4-4606-9953-7FB8242E83E4",
"versionEndExcluding": "2.0.0.82",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:r1-2210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C987205B-1645-41F7-8F0C-10ADF28B6106",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:x1008_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "600B25AD-39D3-4A94-88DC-BEDBEC32E490",
"versionEndExcluding": "3.0.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:x1008:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A34519BF-43D5-4D05-984F-EF4F584B5756",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:x1018_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B705EFB-0224-4719-B77D-FFD86FA99B37",
"versionEndExcluding": "3.0.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:x1018:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66BE7D70-2B8F-4B94-A9F2-E2CD89CE1762",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:x1026_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DC0ADD8-7AFE-41EA-B30B-32629E364355",
"versionEndExcluding": "3.0.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:x1026:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ACB73FAE-5682-42FA-A423-23B1FC193244",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:x1052_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD4C67D4-0009-4FF0-AEE5-D3ACA36E3796",
"versionEndExcluding": "3.0.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:x1052:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93A4CE96-3213-4BBA-8C31-8CFB3001BCC1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX Switch Module firmware versions prior to 2.0.0.82 contain a Weak Password Encryption Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account."
},
{
"lang": "es",
"value": "Dell EMC Networking X-Series versiones anteriores a 3.0.1.8 y Dell EMC PowerEdge VRTX Module, versiones de firrmware anteriores a 2.0.0.82, contienen una vulnerabilidad de Cifrado de Contrase\u00f1a D\u00e9bil.\u0026#xa0;Un atacante remoto no autenticado podr\u00eda explotar potencialmente esta vulnerabilidad, conllevando a una divulgaci\u00f3n de determinadas credenciales de usuario.\u0026#xa0;El atacante puede usar las credenciales expuestas para acceder al sistema vulnerable con privilegios de la cuenta comprometida."
}
],
"id": "CVE-2021-21507",
"lastModified": "2024-11-21T05:48:30.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-30T21:15:08.597",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/000185252"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/000185252"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-261"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-326"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-20 02:15
Modified
2024-11-21 06:13
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an improper input validation vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by sending specially crafted data to trigger a denial of service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | x1008p_firmware | * | |
| dell | x1008p | - | |
| dell | x1018p_firmware | * | |
| dell | x1018p | - | |
| dell | x1026p_firmware | * | |
| dell | x1026p | - | |
| dell | x1052p_firmware | * | |
| dell | x1052p | - | |
| dell | x4012_firmware | * | |
| dell | x4012 | - | |
| dell | x1008_firmware | * | |
| dell | x1008 | - | |
| dell | x1018_firmware | * | |
| dell | x1018 | - | |
| dell | x1026_firmware | * | |
| dell | x1026 | - | |
| dell | x1052_firmware | * | |
| dell | x1052 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:x1008p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "797B281A-1F97-45EA-B63B-310C631E5300",
"versionEndExcluding": "3.0.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:x1008p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D29913E0-EB40-4088-845E-478859BE9AA6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:x1018p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDA3F68D-0C01-4235-8A6C-317D7FAF4EC4",
"versionEndExcluding": "3.0.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:x1018p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B86EE4BF-6DA7-4F74-9116-FCC93A5D0C8B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:x1026p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE3522DC-9259-4B4B-BD11-B6106C5F4C8E",
"versionEndExcluding": "3.0.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:x1026p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "470280E0-8C95-40E1-B523-F6D8A998FDA2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:x1052p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A657AA7A-4462-4AEF-A377-57B99066B142",
"versionEndExcluding": "3.0.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:x1052p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BCA777B-BA3F-4585-8F42-D3EF3F3E805D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:x4012_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0013FB8E-D762-4D5A-929E-C4FF1064A122",
"versionEndExcluding": "3.0.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:x4012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44113AAD-07FF-45DB-BDCF-A21BF483E286",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:x1008_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "600B25AD-39D3-4A94-88DC-BEDBEC32E490",
"versionEndExcluding": "3.0.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:x1008:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A34519BF-43D5-4D05-984F-EF4F584B5756",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:x1018_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B705EFB-0224-4719-B77D-FFD86FA99B37",
"versionEndExcluding": "3.0.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:x1018:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66BE7D70-2B8F-4B94-A9F2-E2CD89CE1762",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:x1026_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DC0ADD8-7AFE-41EA-B30B-32629E364355",
"versionEndExcluding": "3.0.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:x1026:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ACB73FAE-5682-42FA-A423-23B1FC193244",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:x1052_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD4C67D4-0009-4FF0-AEE5-D3ACA36E3796",
"versionEndExcluding": "3.0.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:x1052:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93A4CE96-3213-4BBA-8C31-8CFB3001BCC1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an improper input validation vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by sending specially crafted data to trigger a denial of service."
},
{
"lang": "es",
"value": "Dell Networking X-Series versiones del firmware anteriores a 3.0.1.8, contienen una vulnerabilidad de comprobaci\u00f3n de entrada inapropiada. Un atacante remoto no autenticado puede explotar esta vulnerabilidad al enviar datos especialmente dise\u00f1ados para desencadenar una denegaci\u00f3n de servicio"
}
],
"id": "CVE-2021-36321",
"lastModified": "2024-11-21T06:13:29.703",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-20T02:15:07.450",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000193230/dsa-2021-191-dell-networking-x-series-security-update-for-multiple-security-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000193230/dsa-2021-191-dell-networking-x-series-security-update-for-multiple-security-vulnerabilities"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security_alert@emc.com",
"type": "Primary"
}
]
}
CVE-2021-21507 (GCVE-0-2021-21507)
Vulnerability from cvelistv5
Published
2021-04-30 21:10
Modified
2024-09-16 22:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-261 - Weak Cryptography for Passwords
Summary
Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX Switch Module firmware versions prior to 2.0.0.82 contain a Weak Password Encryption Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | VRTX Switch Modules |
Version: unspecified < 2.0.0.82 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:16:22.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/000185252"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VRTX Switch Modules",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.0.0.82",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX Switch Module firmware versions prior to 2.0.0.82 contain a Weak Password Encryption Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-261",
"description": "CWE-261: Weak Cryptography for Passwords",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-30T21:10:17",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/000185252"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2021-04-14",
"ID": "CVE-2021-21507",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VRTX Switch Modules",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.0.0.82"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX Switch Module firmware versions prior to 2.0.0.82 contain a Weak Password Encryption Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-261: Weak Cryptography for Passwords"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/000185252",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/000185252"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2021-21507",
"datePublished": "2021-04-30T21:10:17.341849Z",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-09-16T22:51:51.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36322 (GCVE-0-2021-36322)
Vulnerability from cvelistv5
Published
2021-11-20 01:40
Modified
2024-09-17 01:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Dell Networking X-Series firmware versions prior to 3.0.1.8 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary host header values to poison the web-cache or trigger redirections.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Networking X-Series |
Version: unspecified < 3.0.1.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:54:51.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000193230/dsa-2021-191-dell-networking-x-series-security-update-for-multiple-security-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Networking X-Series",
"vendor": "Dell",
"versions": [
{
"lessThan": "3.0.1.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell Networking X-Series firmware versions prior to 3.0.1.8 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary host header values to poison the web-cache or trigger redirections."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-20T01:40:27",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000193230/dsa-2021-191-dell-networking-x-series-security-update-for-multiple-security-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2021-11-03",
"ID": "CVE-2021-36322",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Networking X-Series",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.0.1.9"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell Networking X-Series firmware versions prior to 3.0.1.8 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary host header values to poison the web-cache or trigger redirections."
}
]
},
"impact": {
"cvss": {
"baseScore": 6.1,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/en-us/000193230/dsa-2021-191-dell-networking-x-series-security-update-for-multiple-security-vulnerabilities",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/en-us/000193230/dsa-2021-191-dell-networking-x-series-security-update-for-multiple-security-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2021-36322",
"datePublished": "2021-11-20T01:40:27.169266Z",
"dateReserved": "2021-07-08T00:00:00",
"dateUpdated": "2024-09-17T01:31:45.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36321 (GCVE-0-2021-36321)
Vulnerability from cvelistv5
Published
2021-11-20 01:40
Modified
2024-09-16 22:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an improper input validation vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by sending specially crafted data to trigger a denial of service.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Networking X-Series |
Version: unspecified < 3.0.1.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:54:51.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000193230/dsa-2021-191-dell-networking-x-series-security-update-for-multiple-security-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Networking X-Series",
"vendor": "Dell",
"versions": [
{
"lessThan": "3.0.1.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an improper input validation vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by sending specially crafted data to trigger a denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-20T01:40:25",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000193230/dsa-2021-191-dell-networking-x-series-security-update-for-multiple-security-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2021-11-03",
"ID": "CVE-2021-36321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Networking X-Series",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.0.1.9"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an improper input validation vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by sending specially crafted data to trigger a denial of service."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.5,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/en-us/000193230/dsa-2021-191-dell-networking-x-series-security-update-for-multiple-security-vulnerabilities",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/en-us/000193230/dsa-2021-191-dell-networking-x-series-security-update-for-multiple-security-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2021-36321",
"datePublished": "2021-11-20T01:40:25.789744Z",
"dateReserved": "2021-07-08T00:00:00",
"dateUpdated": "2024-09-16T22:41:36.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36320 (GCVE-0-2021-36320)
Vulnerability from cvelistv5
Published
2021-11-20 01:40
Modified
2024-09-16 16:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-331 - Insufficient Entropy
Summary
Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially hijack a session and access the webserver by forging the session ID.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Networking X-Series |
Version: unspecified < 3.0.1.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:54:51.547Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000193230/dsa-2021-191-dell-networking-x-series-security-update-for-multiple-security-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Networking X-Series",
"vendor": "Dell",
"versions": [
{
"lessThan": "3.0.1.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially hijack a session and access the webserver by forging the session ID."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-331",
"description": "CWE-331: Insufficient Entropy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-20T01:40:24",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000193230/dsa-2021-191-dell-networking-x-series-security-update-for-multiple-security-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2021-11-03",
"ID": "CVE-2021-36320",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Networking X-Series",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.0.1.9"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially hijack a session and access the webserver by forging the session ID."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.5,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-331: Insufficient Entropy"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/en-us/000193230/dsa-2021-191-dell-networking-x-series-security-update-for-multiple-security-vulnerabilities",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/en-us/000193230/dsa-2021-191-dell-networking-x-series-security-update-for-multiple-security-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2021-36320",
"datePublished": "2021-11-20T01:40:24.454266Z",
"dateReserved": "2021-07-08T00:00:00",
"dateUpdated": "2024-09-16T16:54:08.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}