DSA-2021-189: Dell EMC SmartFabric OS10 Security Update for a Multiple Security Vulnerabilities

Tabla de contenido

Artículo detallado

Impacto

Detalles

Corrección y productos afectados

Historial de revisiones

Reconocimientos

Información relacionada

Descargo de responsabilidad

Productos afectados

Deje sus comentarios

Resumen: Dell EMC SmartFabric OS10 remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Este artículo se aplica a Este artículo no se aplica a Este artículo no está vinculado a ningún producto específico. No se identifican todas las versiones del producto en este artículo.

Consulte estos recursos

Impacto

High

Detalles

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2021-36306	Networking OS10, versions before October 2021 with RESTCONF API enabled, contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access and perform actions on the affected system.	8.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-36307	Networking OS10, versions before October 2021 with RESTCONF API enabled, contain a privilege escalation vulnerability. A malicious low privileged user with specific access to the API may potentially exploit this vulnerability to gain admin privileges on the affected system.	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-36308	Networking OS10, versions before October 2021 with Smart Fabric Services enabled, contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access and perform actions on the affected system.	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-36310	Dell Networking OS10, versions 10.4.3.x, 10.5.0.x, 10.5.1.x, and 10.5.2.x, contain an uncontrolled resource consumption flaw in its API service. A high-privileged API user may potentially exploit this vulnerability, leading to a denial of service.	4.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2021-36319	Dell Networking OS10 versions 10.4.3.x, 10.5.0.x, and 10.5.1.x contain an information exposure vulnerability. A low privileged authenticated malicious user may potentially gain access to SNMP authentication failure messages.	3.3	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Third-Party Component	CVEs	More information
OpenSSL	CVE-2021-23840	https://www.openssl.org/news/secadv/20210216.txt https://www.openssl.org/news/secadv/20210824.txt https://www.openssl.org/news/secadv/20220315.txt
	CVE-2021-3711
	CVE-2021-3712
	CVE-2022-0778

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2021-36306	Networking OS10, versions before October 2021 with RESTCONF API enabled, contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access and perform actions on the affected system.	8.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-36307	Networking OS10, versions before October 2021 with RESTCONF API enabled, contain a privilege escalation vulnerability. A malicious low privileged user with specific access to the API may potentially exploit this vulnerability to gain admin privileges on the affected system.	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-36308	Networking OS10, versions before October 2021 with Smart Fabric Services enabled, contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access and perform actions on the affected system.	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-36310	Dell Networking OS10, versions 10.4.3.x, 10.5.0.x, 10.5.1.x, and 10.5.2.x, contain an uncontrolled resource consumption flaw in its API service. A high-privileged API user may potentially exploit this vulnerability, leading to a denial of service.	4.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2021-36319	Dell Networking OS10 versions 10.4.3.x, 10.5.0.x, and 10.5.1.x contain an information exposure vulnerability. A low privileged authenticated malicious user may potentially gain access to SNMP authentication failure messages.	3.3	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Third-Party Component	CVEs	More information
OpenSSL	CVE-2021-23840	https://www.openssl.org/news/secadv/20210216.txt https://www.openssl.org/news/secadv/20210824.txt https://www.openssl.org/news/secadv/20220315.txt
	CVE-2021-3711
	CVE-2021-3712
	CVE-2022-0778

Dell Technologies recomienda que todos los clientes tengan en cuenta tanto la puntuación base como cualquier otra puntuación ambiental y temporal relevante que pueda afectar la posible gravedad asociada con la vulnerabilidad de seguridad en particular.

Corrección y productos afectados

Product	Affected Versions	Updated Versions	Link to Update
SmartFabric OS10	Versions before 10.4.3.8	10.4.3.9	Link to update
	Versions before 10.5.0.10	10.5.0.10	Link to update
	Versions before 10.5.1.11	10.5.1.11	Link to update
	Versions before 10.5.2.11	10.5.2.11	Link to update
	Versions before 10.5.3.5	10.5.3.5	Link to update

Note: The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.

Product	Affected Versions	Updated Versions	Link to Update
SmartFabric OS10	Versions before 10.4.3.8	10.4.3.9	Link to update
	Versions before 10.5.0.10	10.5.0.10	Link to update
	Versions before 10.5.1.11	10.5.1.11	Link to update
	Versions before 10.5.2.11	10.5.2.11	Link to update
	Versions before 10.5.3.5	10.5.3.5	Link to update

Note: The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.

Historial de revisiones

Revision	Date	Description
1.0	2021-11-01	Initial Release
1.1	2022-01-13	Updated CVE
1.2	2022-09-01	Version Update

Reconocimientos

Dell Technologies would like to thank James Hebden for reporting CVE-2021-36306, CVE-2021-36307, and CVE-2021-36308.

Información relacionada

Descargo de responsabilidad

Productos afectados

Product Security Information, SmartFabric OS10 Software

Número del artículo: 000193076

Tipo de artículo: Dell Security Advisory

Última modificación: 01 sept 2022

Compruebe si el dispositivo está cubierto por los servicios de soporte.

DSA-2021-189: Dell EMC SmartFabric OS10 Security Update for a Multiple Security Vulnerabilities

Resumen: Dell EMC SmartFabric OS10 remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Impacto

Detalles

Corrección y productos afectados

Historial de revisiones

Reconocimientos

Información relacionada

Descargo de responsabilidad

Productos afectados

Propiedades del artículo

Encuentre respuestas a sus preguntas de otros usuarios de Dell

Servicios de soporte

Propiedades del artículo

Encuentre respuestas a sus preguntas de otros usuarios de Dell

Servicios de soporte