Número del artículo: 000193076
High
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-36306 | Networking OS10, versions before October 2021 with RESTCONF API enabled, contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access and perform actions on the affected system. | 8.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2021-36307 | Networking OS10, versions before October 2021 with RESTCONF API enabled, contain a privilege escalation vulnerability. A malicious low privileged user with specific access to the API may potentially exploit this vulnerability to gain admin privileges on the affected system. | 8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| CVE-2021-36308 | Networking OS10, versions before October 2021 with Smart Fabric Services enabled, contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access and perform actions on the affected system. | 5.9 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
| CVE-2021-36310 | Dell Networking OS10, versions 10.4.3.x, 10.5.0.x, 10.5.1.x, and 10.5.2.x, contain an uncontrolled resource consumption flaw in its API service. A high-privileged API user may potentially exploit this vulnerability, leading to a denial of service. | 4.9 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
| CVE-2021-36319 | Dell Networking OS10 versions 10.4.3.x, 10.5.0.x, and 10.5.1.x contain an information exposure vulnerability. A low privileged authenticated malicious user may potentially gain access to SNMP authentication failure messages. | 3.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
| Third-Party Component | CVEs | More information |
| OpenSSL | CVE-2021-23840 | https://www.openssl.org/news/secadv/20210216.txt https://www.openssl.org/news/secadv/20210824.txt https://www.openssl.org/news/secadv/20220315.txt |
| CVE-2021-3711 | ||
| CVE-2021-3712 | ||
| CVE-2022-0778 |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-36306 | Networking OS10, versions before October 2021 with RESTCONF API enabled, contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access and perform actions on the affected system. | 8.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2021-36307 | Networking OS10, versions before October 2021 with RESTCONF API enabled, contain a privilege escalation vulnerability. A malicious low privileged user with specific access to the API may potentially exploit this vulnerability to gain admin privileges on the affected system. | 8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| CVE-2021-36308 | Networking OS10, versions before October 2021 with Smart Fabric Services enabled, contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access and perform actions on the affected system. | 5.9 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
| CVE-2021-36310 | Dell Networking OS10, versions 10.4.3.x, 10.5.0.x, 10.5.1.x, and 10.5.2.x, contain an uncontrolled resource consumption flaw in its API service. A high-privileged API user may potentially exploit this vulnerability, leading to a denial of service. | 4.9 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
| CVE-2021-36319 | Dell Networking OS10 versions 10.4.3.x, 10.5.0.x, and 10.5.1.x contain an information exposure vulnerability. A low privileged authenticated malicious user may potentially gain access to SNMP authentication failure messages. | 3.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
| Third-Party Component | CVEs | More information |
| OpenSSL | CVE-2021-23840 | https://www.openssl.org/news/secadv/20210216.txt https://www.openssl.org/news/secadv/20210824.txt https://www.openssl.org/news/secadv/20220315.txt |
| CVE-2021-3711 | ||
| CVE-2021-3712 | ||
| CVE-2022-0778 |
| Product | Affected Versions | Updated Versions | Link to Update |
| SmartFabric OS10 | Versions before 10.4.3.8 | 10.4.3.9 | Link to update |
| Versions before 10.5.0.10 | 10.5.0.10 | Link to update | |
| Versions before 10.5.1.11 | 10.5.1.11 | Link to update | |
| Versions before 10.5.2.11 | 10.5.2.11 | Link to update | |
| Versions before 10.5.3.5 | 10.5.3.5 | Link to update |
| Product | Affected Versions | Updated Versions | Link to Update |
| SmartFabric OS10 | Versions before 10.4.3.8 | 10.4.3.9 | Link to update |
| Versions before 10.5.0.10 | 10.5.0.10 | Link to update | |
| Versions before 10.5.1.11 | 10.5.1.11 | Link to update | |
| Versions before 10.5.2.11 | 10.5.2.11 | Link to update | |
| Versions before 10.5.3.5 | 10.5.3.5 | Link to update |
Dell Technologies would like to thank James Hebden for reporting CVE-2021-36306, CVE-2021-36307, and CVE-2021-36308.
| Revision | Date | Description |
| 1.0 | 2021-11-01 | Initial Release |
| 1.1 | 2022-01-13 | Updated CVE |
| 1.2 | 2022-09-01 | Version Update |
Product Security Information, SmartFabric OS10 Software
01 sept 2022
4
Dell Security Advisory