Sign-up

ID

VAR-202111-1214


CVE

CVE-2021-36308


TITLE

Networking OS10  Authentication vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-015283

DESCRIPTION

Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to gain access and perform actions on the affected system. Networking OS10 There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2021-36308 // JVNDB: JVNDB-2021-015283 // VULHUB: VHN-398192

AFFECTED PRODUCTS

vendor:dellmodel:networking os10scope:ltversion:10.4.3.8

Trust: 1.0

vendor:dellmodel:networking os10scope:gteversion:10.5.2.0

Trust: 1.0

vendor:dellmodel:networking os10scope:ltversion:10.5.2.8

Trust: 1.0

vendor:dellmodel:networking os10scope:gteversion:10.5.1.0

Trust: 1.0

vendor:dellmodel:networking os10scope:gteversion:10.5.0.0

Trust: 1.0

vendor:dellmodel:networking os10scope:ltversion:10.5.1.10

Trust: 1.0

vendor:dellmodel:networking os10scope:ltversion:10.5.0.10

Trust: 1.0

vendor:デルmodel:dell networking os10scope:eqversion: -

Trust: 0.8

vendor:デルmodel:dell networking os10scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-015283 // NVD: CVE-2021-36308

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-36308
value: CRITICAL

Trust: 1.0

security_alert@emc.com: CVE-2021-36308
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-36308
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202111-1686
value: CRITICAL

Trust: 0.6

VULHUB: VHN-398192
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-36308
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-398192
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-36308
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

security_alert@emc.com: CVE-2021-36308
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-36308
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-398192 // JVNDB: JVNDB-2021-015283 // CNNVD: CNNVD-202111-1686 // NVD: CVE-2021-36308 // NVD: CVE-2021-36308

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.1

problemtype:CWE-288

Trust: 1.1

problemtype:Inappropriate authentication (CWE-287) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-398192 // JVNDB: JVNDB-2021-015283 // NVD: CVE-2021-36308

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202111-1686

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202111-1686

PATCH

title:DSA-2021-189url:https://www.dell.com/support/kbdoc/ja-jp/000193076/dsa-2021-189-dell-emc-smartfabric-os10-security-update-for-a-multiple-component-vulnerabilities

Trust: 0.8

title:Dell Networking OS10 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=172495

Trust: 0.6

sources: JVNDB: JVNDB-2021-015283 // CNNVD: CNNVD-202111-1686

EXTERNAL IDS

db:NVDid:CVE-2021-36308

Trust: 3.3

db:JVNDBid:JVNDB-2021-015283

Trust: 0.8

db:CNNVDid:CNNVD-202111-1686

Trust: 0.6

db:VULHUBid:VHN-398192

Trust: 0.1

sources: VULHUB: VHN-398192 // JVNDB: JVNDB-2021-015283 // CNNVD: CNNVD-202111-1686 // NVD: CVE-2021-36308

REFERENCES

url:https://www.dell.com/support/kbdoc/en-us/000193076

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-36308

Trust: 1.4

sources: VULHUB: VHN-398192 // JVNDB: JVNDB-2021-015283 // CNNVD: CNNVD-202111-1686 // NVD: CVE-2021-36308

SOURCES

db:VULHUBid:VHN-398192
db:JVNDBid:JVNDB-2021-015283
db:CNNVDid:CNNVD-202111-1686
db:NVDid:CVE-2021-36308

LAST UPDATE DATE

2024-08-14T15:27:34.370000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-398192date:2022-04-25T00:00:00
db:JVNDBid:JVNDB-2021-015283date:2022-11-15T04:56:00
db:CNNVDid:CNNVD-202111-1686date:2022-04-26T00:00:00
db:NVDid:CVE-2021-36308date:2022-04-25T18:08:00.103

SOURCES RELEASE DATE

db:VULHUBid:VHN-398192date:2021-11-20T00:00:00
db:JVNDBid:JVNDB-2021-015283date:2022-11-15T00:00:00
db:CNNVDid:CNNVD-202111-1686date:2021-11-20T00:00:00
db:NVDid:CVE-2021-36308date:2021-11-20T02:15:07.203