Article Number: 000194020
High
Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
CVE-2021-36320 | Dell Networking X-Series firmware versions before 3.0.1.9 and Dell PowerEdge VRTX Switch Module firmware versions before 2.0.0.83 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially hijack a session and access the webserver by forging the session ID. | 7.5 | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
CVE-2021-36321 | Dell Networking X-Series firmware versions before 3.0.1.9 and Dell PowerEdge VRTX Switch Module firmware versions before 2.0.0.83 contain an improper input validation vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by sending specially crafted data to trigger a denial of service. | 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
CVE-2021-36322 | Dell Networking X-Series firmware versions before 3.0.1.9 and Dell PowerEdge VRTX Switch Module firmware versions before 2.0.0.83 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary host header values to poison the web-cache or trigger redirections. | 6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
CVE-2021-36320 | Dell Networking X-Series firmware versions before 3.0.1.9 and Dell PowerEdge VRTX Switch Module firmware versions before 2.0.0.83 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially hijack a session and access the webserver by forging the session ID. | 7.5 | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
CVE-2021-36321 | Dell Networking X-Series firmware versions before 3.0.1.9 and Dell PowerEdge VRTX Switch Module firmware versions before 2.0.0.83 contain an improper input validation vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by sending specially crafted data to trigger a denial of service. | 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
CVE-2021-36322 | Dell Networking X-Series firmware versions before 3.0.1.9 and Dell PowerEdge VRTX Switch Module firmware versions before 2.0.0.83 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary host header values to poison the web-cache or trigger redirections. | 6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Product | Affected Versions | Updated Versions | Link to Update |
Dell PowerEdge VRTX | VRTX 1GbE Switch Module (R1-2401) firmware versions 2.0.0.82 and earlier | 2.0.0.83 | R1-2401 |
Dell PowerEdge VRTX | VRTX 1GbE Switch Module (R1-2210) firmware versions 2.0.0.82 and earlier | 2.0.0.83 | R1-2210 |
Product | Affected Versions | Updated Versions | Link to Update |
Dell PowerEdge VRTX | VRTX 1GbE Switch Module (R1-2401) firmware versions 2.0.0.82 and earlier | 2.0.0.83 | R1-2401 |
Dell PowerEdge VRTX | VRTX 1GbE Switch Module (R1-2210) firmware versions 2.0.0.82 and earlier | 2.0.0.83 | R1-2210 |
Dell Technologies would like to thank Ken Pyle, Partner and Exploit Developer at CYBIR, for reporting these issues.
Revision | Date | Description |
1.0 | 2021-12-01 | Initial Release |
POWEREDGE VRTX, Product Security Information
06 Dec 2021
Dell Security Advisory