Omitir para ir al contenido principal
  • Hacer pedidos rápida y fácilmente
  • Ver pedidos y realizar seguimiento al estado del envío
  • Cree y acceda a una lista de sus productos

DSA-2021-189: Dell EMC SmartFabric OS10 Security Update for a Multiple Security Vulnerabilities

Resumen: Dell EMC SmartFabric OS10 remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Este artículo se aplica a   Este artículo no se aplica a 

Impacto

High

Detalles

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2021-36306 Networking OS10, versions before October 2021 with RESTCONF API enabled, contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access and perform actions on the affected system. 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-36307 Networking OS10, versions before October 2021 with RESTCONF API enabled, contain a privilege escalation vulnerability. A malicious low privileged user with specific access to the API may potentially exploit this vulnerability to gain admin privileges on the affected system. 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-36308 Networking OS10, versions before October 2021 with Smart Fabric Services enabled, contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access and perform actions on the affected system. 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-36310 Dell Networking OS10, versions 10.4.3.x, 10.5.0.x, 10.5.1.x, and 10.5.2.x, contain an uncontrolled resource consumption flaw in its API service. A high-privileged API user may potentially exploit this vulnerability, leading to a denial of service. 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2021-36319 Dell Networking OS10 versions 10.4.3.x, 10.5.0.x, and 10.5.1.x contain an information exposure vulnerability. A low privileged authenticated malicious user may potentially gain access to SNMP authentication failure messages. 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
 
Third-Party Component CVEs More information
OpenSSL CVE-2021-23840 https://www.openssl.org/news/secadv/20210216.txt
https://www.openssl.org/news/secadv/20210824.txt
https://www.openssl.org/news/secadv/20220315.txt
CVE-2021-3711
CVE-2021-3712
CVE-2022-0778
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2021-36306 Networking OS10, versions before October 2021 with RESTCONF API enabled, contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access and perform actions on the affected system. 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-36307 Networking OS10, versions before October 2021 with RESTCONF API enabled, contain a privilege escalation vulnerability. A malicious low privileged user with specific access to the API may potentially exploit this vulnerability to gain admin privileges on the affected system. 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-36308 Networking OS10, versions before October 2021 with Smart Fabric Services enabled, contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access and perform actions on the affected system. 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-36310 Dell Networking OS10, versions 10.4.3.x, 10.5.0.x, 10.5.1.x, and 10.5.2.x, contain an uncontrolled resource consumption flaw in its API service. A high-privileged API user may potentially exploit this vulnerability, leading to a denial of service. 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2021-36319 Dell Networking OS10 versions 10.4.3.x, 10.5.0.x, and 10.5.1.x contain an information exposure vulnerability. A low privileged authenticated malicious user may potentially gain access to SNMP authentication failure messages. 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
 
Third-Party Component CVEs More information
OpenSSL CVE-2021-23840 https://www.openssl.org/news/secadv/20210216.txt
https://www.openssl.org/news/secadv/20210824.txt
https://www.openssl.org/news/secadv/20220315.txt
CVE-2021-3711
CVE-2021-3712
CVE-2022-0778
Dell Technologies recomienda que todos los clientes tengan en cuenta tanto la puntuación base como cualquier otra puntuación ambiental y temporal relevante que pueda afectar la posible gravedad asociada con la vulnerabilidad de seguridad en particular.

Corrección y productos afectados

Product Affected Versions Updated Versions Link to Update
SmartFabric OS10 Versions before 10.4.3.8 10.4.3.9 Link to update
Versions before 10.5.0.10 10.5.0.10 Link to update
Versions before 10.5.1.11 10.5.1.11 Link to update
Versions before 10.5.2.11 10.5.2.11 Link to update
  Versions before 10.5.3.5 10.5.3.5 Link to update


Note: The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
Product Affected Versions Updated Versions Link to Update
SmartFabric OS10 Versions before 10.4.3.8 10.4.3.9 Link to update
Versions before 10.5.0.10 10.5.0.10 Link to update
Versions before 10.5.1.11 10.5.1.11 Link to update
Versions before 10.5.2.11 10.5.2.11 Link to update
  Versions before 10.5.3.5 10.5.3.5 Link to update


Note: The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.

Historial de revisiones

RevisionDateDescription
1.02021-11-01Initial Release 
1.12022-01-13Updated CVE
1.22022-09-01Version Update

Reconocimientos

Dell Technologies would like to thank James Hebden for reporting CVE-2021-36306, CVE-2021-36307, and CVE-2021-36308. 

Información relacionada

Productos afectados

Product Security Information, SmartFabric OS10 Software
Propiedades del artículo
Número del artículo: 000193076
Tipo de artículo: Dell Security Advisory
Última modificación: 01 sept 2022
Encuentre respuestas a sus preguntas de otros usuarios de Dell
Servicios de soporte
Compruebe si el dispositivo está cubierto por los servicios de soporte.