DSA-2021-189: Dell EMC SmartFabric OS10 Security Update for a Multiple Security Vulnerabilities
Resumen:Dell EMC SmartFabric OS10 remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
Seleccione un producto para comprobar la relevancia del artículo
Este artículo se aplica a Este artículo no se aplica a
Networking OS10, versions before October 2021 with RESTCONF API enabled, contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access and perform actions on the affected system.
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-36307
Networking OS10, versions before October 2021 with RESTCONF API enabled, contain a privilege escalation vulnerability. A malicious low privileged user with specific access to the API may potentially exploit this vulnerability to gain admin privileges on the affected system.
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-36308
Networking OS10, versions before October 2021 with Smart Fabric Services enabled, contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access and perform actions on the affected system.
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-36310
Dell Networking OS10, versions 10.4.3.x, 10.5.0.x, 10.5.1.x, and 10.5.2.x, contain an uncontrolled resource consumption flaw in its API service. A high-privileged API user may potentially exploit this vulnerability, leading to a denial of service.
4.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2021-36319
Dell Networking OS10 versions 10.4.3.x, 10.5.0.x, and 10.5.1.x contain an information exposure vulnerability. A low privileged authenticated malicious user may potentially gain access to SNMP authentication failure messages.
Networking OS10, versions before October 2021 with RESTCONF API enabled, contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access and perform actions on the affected system.
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-36307
Networking OS10, versions before October 2021 with RESTCONF API enabled, contain a privilege escalation vulnerability. A malicious low privileged user with specific access to the API may potentially exploit this vulnerability to gain admin privileges on the affected system.
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-36308
Networking OS10, versions before October 2021 with Smart Fabric Services enabled, contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access and perform actions on the affected system.
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-36310
Dell Networking OS10, versions 10.4.3.x, 10.5.0.x, 10.5.1.x, and 10.5.2.x, contain an uncontrolled resource consumption flaw in its API service. A high-privileged API user may potentially exploit this vulnerability, leading to a denial of service.
4.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2021-36319
Dell Networking OS10 versions 10.4.3.x, 10.5.0.x, and 10.5.1.x contain an information exposure vulnerability. A low privileged authenticated malicious user may potentially gain access to SNMP authentication failure messages.
Dell Technologies recomienda que todos los clientes tengan en cuenta tanto la puntuación base como cualquier otra puntuación ambiental y temporal relevante que pueda afectar la posible gravedad asociada con la vulnerabilidad de seguridad en particular.