Details of VAR-202104-0691

ID

VAR-202104-0691

CVE

CVE-2021-21507

TITLE

Dell EMC Networking X Series and Dell EMC PowerEdge VRTX Switch Module Vulnerability in cryptography

Trust: 0.8

sources: JVNDB: JVNDB-2021-006326

DESCRIPTION

Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX Switch Module firmware versions prior to 2.0.0.82 contain a Weak Password Encryption Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account. DELL Dell EMC Networking X-Series is an X-series Ethernet switch from Dell (DELL)

Trust: 2.25

sources: NVD: CVE-2021-21507 // JVNDB: JVNDB-2021-006326 // CNVD: CNVD-2022-42746 // VULMON: CVE-2021-21507

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-42746

AFFECTED PRODUCTS

vendor:	dell	model:	x1008p	scope:	lt	version:	3.0.1.8	Trust: 1.0
vendor:	dell	model:	x1018	scope:	lt	version:	3.0.1.8	Trust: 1.0
vendor:	dell	model:	x1018p	scope:	lt	version:	3.0.1.8	Trust: 1.0
vendor:	dell	model:	r1-2401	scope:	lt	version:	2.0.0.82	Trust: 1.0
vendor:	dell	model:	x1026	scope:	lt	version:	3.0.1.8	Trust: 1.0
vendor:	dell	model:	x1052p	scope:	lt	version:	3.0.1.8	Trust: 1.0
vendor:	dell	model:	x1008	scope:	lt	version:	3.0.1.8	Trust: 1.0
vendor:	dell	model:	x1052	scope:	lt	version:	3.0.1.8	Trust: 1.0
vendor:	dell	model:	r1-2210	scope:	lt	version:	2.0.0.82	Trust: 1.0
vendor:	dell	model:	x4012	scope:	lt	version:	3.0.1.8	Trust: 1.0
vendor:	dell	model:	x1026p	scope:	lt	version:	3.0.1.8	Trust: 1.0
vendor:	デル	model:	x1026p	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	x1018p	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	x1052p	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	x1018	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	x4012	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	r1-2401	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	x1008p	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	x1008	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	x1026	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	r1-2210	scope:	-	version:	-	Trust: 0.8
vendor:	dell	model:	x1008p	scope:	gt	version:	3.0.1.8	Trust: 0.6
vendor:	dell	model:	x1008p	scope:	-	version:	-	Trust: 0.6
vendor:	dell	model:	x1018p	scope:	gt	version:	3.0.1.8	Trust: 0.6
vendor:	dell	model:	x1018p	scope:	-	version:	-	Trust: 0.6
vendor:	dell	model:	x1026p	scope:	gt	version:	3.0.1.8	Trust: 0.6
vendor:	dell	model:	x1026p	scope:	-	version:	-	Trust: 0.6
vendor:	dell	model:	x1052p	scope:	gt	version:	3.0.1.8	Trust: 0.6
vendor:	dell	model:	x1052p	scope:	-	version:	-	Trust: 0.6
vendor:	dell	model:	x4012	scope:	gt	version:	3.0.1.8	Trust: 0.6
vendor:	dell	model:	-	scope:	eq	version:	x4012	Trust: 0.6
vendor:	dell	model:	r1-2401	scope:	gt	version:	2.0.0.82	Trust: 0.6
vendor:	dell	model:	r1-2401	scope:	-	version:	-	Trust: 0.6
vendor:	dell	model:	r1-2210	scope:	gt	version:	2.0.0.82	Trust: 0.6
vendor:	dell	model:	r1-2210	scope:	-	version:	-	Trust: 0.6
vendor:	dell	model:	x1008	scope:	gt	version:	3.0.1.8	Trust: 0.6
vendor:	dell	model:	-	scope:	eq	version:	x1008	Trust: 0.6
vendor:	dell	model:	x1018	scope:	gt	version:	3.0.1.8	Trust: 0.6
vendor:	dell	model:	-	scope:	eq	version:	x1018	Trust: 0.6
vendor:	dell	model:	x1026	scope:	gt	version:	3.0.1.8	Trust: 0.6
vendor:	dell	model:	-	scope:	eq	version:	x1026	Trust: 0.6
vendor:	dell	model:	x1052	scope:	gt	version:	3.0.1.8	Trust: 0.6
vendor:	dell	model:	-	scope:	eq	version:	x1052	Trust: 0.6

sources: CNVD: CNVD-2022-42746 // JVNDB: JVNDB-2021-006326 // NVD: CVE-2021-21507

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-21507
value:	CRITICAL
Trust: 1.0
security_alert@emc.com:	CVE-2021-21507
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-21507
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2022-42746
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202104-2281
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2021-21507
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-21507
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2022-42746
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-21507
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2021-21507
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-21507
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-42746 // VULMON: CVE-2021-21507 // JVNDB: JVNDB-2021-006326 // CNNVD: CNNVD-202104-2281 // NVD: CVE-2021-21507 // NVD: CVE-2021-21507

PROBLEMTYPE DATA

problemtype:	CWE-261	Trust: 1.0
problemtype:	CWE-326	Trust: 1.0
problemtype:	Inadequate encryption strength (CWE-326) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-006326 // NVD: CVE-2021-21507

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-2281

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-202104-2281

PATCH

title:	DSA-2021-080	url:	https://www.dell.com/support/kbdoc/ja-jp/000185252/dsa-2020-080-dell-emc-poweredge-vrtx-security-update-for-a-vrtx-switch-module-vulnerability	Trust: 0.8
title:	Patch for Dell EMC Networking X-Series Encryption Issue Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/334666	Trust: 0.6
title:	Dell EMC Networking X-Series Fixes for encryption problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=149946	Trust: 0.6

sources: CNVD: CNVD-2022-42746 // JVNDB: JVNDB-2021-006326 // CNNVD: CNNVD-202104-2281

EXTERNAL IDS

db:	NVD	id:	CVE-2021-21507	Trust: 3.9
db:	JVNDB	id:	JVNDB-2021-006326	Trust: 0.8
db:	CNVD	id:	CNVD-2022-42746	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-2281	Trust: 0.6
db:	VULMON	id:	CVE-2021-21507	Trust: 0.1

sources: CNVD: CNVD-2022-42746 // VULMON: CVE-2021-21507 // JVNDB: JVNDB-2021-006326 // CNNVD: CNNVD-202104-2281 // NVD: CVE-2021-21507

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2021-21507	Trust: 2.0
url:	https://www.dell.com/support/kbdoc/000185252	Trust: 1.7
url:	https://cwe.mitre.org/data/definitions/326.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-42746 // VULMON: CVE-2021-21507 // JVNDB: JVNDB-2021-006326 // CNNVD: CNNVD-202104-2281 // NVD: CVE-2021-21507

SOURCES

db:	CNVD	id:	CNVD-2022-42746
db:	VULMON	id:	CVE-2021-21507
db:	JVNDB	id:	JVNDB-2021-006326
db:	CNNVD	id:	CNNVD-202104-2281
db:	NVD	id:	CVE-2021-21507

LAST UPDATE DATE

2024-08-14T15:01:29.675000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-42746	date:	2022-06-02T00:00:00
db:	VULMON	id:	CVE-2021-21507	date:	2021-05-10T00:00:00
db:	JVNDB	id:	JVNDB-2021-006326	date:	2022-01-05T06:28:00
db:	CNNVD	id:	CNNVD-202104-2281	date:	2021-05-11T00:00:00
db:	NVD	id:	CVE-2021-21507	date:	2021-05-10T19:54:30.157

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-42746	date:	2021-06-02T00:00:00
db:	VULMON	id:	CVE-2021-21507	date:	2021-04-30T00:00:00
db:	JVNDB	id:	JVNDB-2021-006326	date:	2022-01-05T00:00:00
db:	CNNVD	id:	CNNVD-202104-2281	date:	2021-04-30T00:00:00
db:	NVD	id:	CVE-2021-21507	date:	2021-04-30T21:15:08.597