Impact
High
Details
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
CVE-2021-36320 |
Dell Networking X-Series firmware versions before 3.0.1.9 and Dell PowerEdge VRTX Switch Module firmware versions before 2.0.0.83 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially hijack a session and access the webserver by forging the session ID. |
7.5 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
CVE-2021-36321 |
Dell Networking X-Series firmware versions before 3.0.1.9 and Dell PowerEdge VRTX Switch Module firmware versions before 2.0.0.83 contain an improper input validation vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by sending specially crafted data to trigger a denial of service. |
7.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
CVE-2021-36322 |
Dell Networking X-Series firmware versions before 3.0.1.9 and Dell PowerEdge VRTX Switch Module firmware versions before 2.0.0.83 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary host header values to poison the web-cache or trigger redirections. |
6.1 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
CVE-2021-36320 |
Dell Networking X-Series firmware versions before 3.0.1.9 and Dell PowerEdge VRTX Switch Module firmware versions before 2.0.0.83 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially hijack a session and access the webserver by forging the session ID. |
7.5 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
CVE-2021-36321 |
Dell Networking X-Series firmware versions before 3.0.1.9 and Dell PowerEdge VRTX Switch Module firmware versions before 2.0.0.83 contain an improper input validation vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by sending specially crafted data to trigger a denial of service. |
7.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
CVE-2021-36322 |
Dell Networking X-Series firmware versions before 3.0.1.9 and Dell PowerEdge VRTX Switch Module firmware versions before 2.0.0.83 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary host header values to poison the web-cache or trigger redirections. |
6.1 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.
CVEs Addressed |
Product |
Affected Versions |
Updated Versions |
Link to Update |
CVE-2021-36320 |
Dell Networking X-Series Firmware |
Versions 3.0.1.8 and earlier |
3.0.1.9 |
X1000 X4012 |
CVE-2021-36321 |
CVE-2021-36322 |
CVEs Addressed |
Product |
Affected Versions |
Updated Versions |
Link to Update |
CVE-2021-36320 |
Dell Networking X-Series Firmware |
Versions 3.0.1.8 and earlier |
3.0.1.9 |
X1000 X4012 |
CVE-2021-36321 |
CVE-2021-36322 |
Dell Technologies would like to thank Ken Pyle, Partner and Exploit Developer at CYBIR, for reporting these issues.
Revision History
Revision | Date | Description |
1.0 | 2021-11-03 | Initial Release |
1.1 | 2021-11-29 | CVE Description updated |
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide
Affected Products
Dell Networking X1000 Series, Dell Networking X4000 Series, Product Security Information