DSA-2021-191: Dell Networking X-Series Security Update for Multiple Security Vulnerabilities
摘要: Dell Networking X-Series remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
本文章適用於
本文章不適用於
本文無關於任何特定產品。
本文未識別所有產品版本。
影響
High
詳細資料
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-36320 | Dell Networking X-Series firmware versions before 3.0.1.9 and Dell PowerEdge VRTX Switch Module firmware versions before 2.0.0.83 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially hijack a session and access the webserver by forging the session ID. | 7.5 | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
| CVE-2021-36321 | Dell Networking X-Series firmware versions before 3.0.1.9 and Dell PowerEdge VRTX Switch Module firmware versions before 2.0.0.83 contain an improper input validation vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by sending specially crafted data to trigger a denial of service. | 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| CVE-2021-36322 | Dell Networking X-Series firmware versions before 3.0.1.9 and Dell PowerEdge VRTX Switch Module firmware versions before 2.0.0.83 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary host header values to poison the web-cache or trigger redirections. | 6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-36320 | Dell Networking X-Series firmware versions before 3.0.1.9 and Dell PowerEdge VRTX Switch Module firmware versions before 2.0.0.83 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially hijack a session and access the webserver by forging the session ID. | 7.5 | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
| CVE-2021-36321 | Dell Networking X-Series firmware versions before 3.0.1.9 and Dell PowerEdge VRTX Switch Module firmware versions before 2.0.0.83 contain an improper input validation vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by sending specially crafted data to trigger a denial of service. | 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| CVE-2021-36322 | Dell Networking X-Series firmware versions before 3.0.1.9 and Dell PowerEdge VRTX Switch Module firmware versions before 2.0.0.83 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary host header values to poison the web-cache or trigger redirections. | 6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
受影響的產品與補救措施
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-36320 | Dell Networking X-Series Firmware | Versions 3.0.1.8 and earlier | 3.0.1.9 | X1000 X4012 |
| CVE-2021-36321 | ||||
| CVE-2021-36322 |
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-36320 | Dell Networking X-Series Firmware | Versions 3.0.1.8 and earlier | 3.0.1.9 | X1000 X4012 |
| CVE-2021-36321 | ||||
| CVE-2021-36322 |
Dell Technologies would like to thank Ken Pyle, Partner and Exploit Developer at CYBIR, for reporting these issues.
修訂歷史記錄
| Revision | Date | Description |
| 1.0 | 2021-11-03 | Initial Release |
| 1.1 | 2021-11-29 | CVE Description updated |
相關資訊
法律免責聲明
受影響的產品
Dell Networking X1000 Series, Dell Networking X4000 Series, Product Security Information文章屬性
文章編號: 000193230
文章類型: Dell Security Advisory
上次修改時間: 18 9月 2025
向其他 Dell 使用者尋求您問題的答案
支援服務
檢查您的裝置是否在支援服務的涵蓋範圍內。