CVE-2021-36320 : Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an authentic

Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially hijack a session and access the webserver by forging the session ID.

Published 2021-11-20 02:15:07

Updated 2021-11-23 13:58:33

Source Dell

View at NVD, CVE.org

Products affected by CVE-2021-36320

Dell » X4012 Firmware
Versions before (<) 3.0.1.8
cpe:2.3:o:dell:x4012_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » X4012 » Version: N/A
Dell » X1008p Firmware
Versions before (<) 3.0.1.8
cpe:2.3:o:dell:x1008p_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » X1008p » Version: N/A
Dell » X1018p Firmware
Versions before (<) 3.0.1.8
cpe:2.3:o:dell:x1018p_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » X1018p » Version: N/A
Dell » X1026p Firmware
Versions before (<) 3.0.1.8
cpe:2.3:o:dell:x1026p_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » X1026p » Version: N/A
Dell » X1052p Firmware
Versions before (<) 3.0.1.8
cpe:2.3:o:dell:x1052p_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » X1052p » Version: N/A
Dell » X1008 Firmware
Versions before (<) 3.0.1.8
cpe:2.3:o:dell:x1008_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » X1008 » Version: N/A
Dell » X1018 Firmware
Versions before (<) 3.0.1.8
cpe:2.3:o:dell:x1018_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » X1018 » Version: N/A
Dell » X1026 Firmware
Versions before (<) 3.0.1.8
cpe:2.3:o:dell:x1026_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » X1026 » Version: N/A
Dell » X1052 Firmware
Versions before (<) 3.0.1.8
cpe:2.3:o:dell:x1052_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dell » X1052 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2021-36320

EPSS FAQ

0.63%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 79 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-36320

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
7.5	HIGH	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H	1.6	5.9	Dell
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2021-36320

CWE-331 Insufficient Entropy

The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

Assigned by: security_alert@emc.com (Primary)

References for CVE-2021-36320

https://www.dell.com/support/kbdoc/en-us/000193230/dsa-2021-191-dell-networking-x-series-security-update-for-multiple-security-vulnerabilities

Access Denied
Patch;Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2021-36320

Products affected by CVE-2021-36320

Exploit prediction scoring system (EPSS) score for CVE-2021-36320

CVSS scores for CVE-2021-36320

CWE ids for CVE-2021-36320

References for CVE-2021-36320