Sign-up

ID

VAR-202111-1216


CVE

CVE-2021-36306


TITLE

Networking OS10  Authentication vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-015285

DESCRIPTION

Networking OS10, versions prior to October 2021 with RESTCONF API enabled, contains an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to gain access and perform actions on the affected system. Networking OS10 There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2021-36306 // JVNDB: JVNDB-2021-015285 // VULHUB: VHN-398190

AFFECTED PRODUCTS

vendor:dellmodel:networking os10scope:ltversion:10.4.3.8

Trust: 1.0

vendor:dellmodel:networking os10scope:gteversion:10.5.2.0

Trust: 1.0

vendor:dellmodel:networking os10scope:ltversion:10.5.2.8

Trust: 1.0

vendor:dellmodel:networking os10scope:gteversion:10.5.1.0

Trust: 1.0

vendor:dellmodel:networking os10scope:gteversion:10.5.0.0

Trust: 1.0

vendor:dellmodel:networking os10scope:ltversion:10.5.1.10

Trust: 1.0

vendor:dellmodel:networking os10scope:ltversion:10.5.0.10

Trust: 1.0

vendor:デルmodel:dell networking os10scope:eqversion: -

Trust: 0.8

vendor:デルmodel:dell networking os10scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-015285 // NVD: CVE-2021-36306

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-36306
value: CRITICAL

Trust: 1.0

security_alert@emc.com: CVE-2021-36306
value: HIGH

Trust: 1.0

NVD: CVE-2021-36306
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202111-1687
value: CRITICAL

Trust: 0.6

VULHUB: VHN-398190
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-36306
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-398190
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-36306
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

security_alert@emc.com: CVE-2021-36306
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-36306
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-398190 // JVNDB: JVNDB-2021-015285 // CNNVD: CNNVD-202111-1687 // NVD: CVE-2021-36306 // NVD: CVE-2021-36306

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.1

problemtype:Inappropriate authentication (CWE-287) [ others ]

Trust: 0.8

sources: VULHUB: VHN-398190 // JVNDB: JVNDB-2021-015285 // NVD: CVE-2021-36306

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202111-1687

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202111-1687

PATCH

title:DSA-2021-189url:https://www.dell.com/support/kbdoc/ja-jp/000193076/dsa-2021-189-dell-emc-smartfabric-os10-security-update-for-a-multiple-component-vulnerabilities

Trust: 0.8

title:Dell Networking OS10 Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=172496

Trust: 0.6

sources: JVNDB: JVNDB-2021-015285 // CNNVD: CNNVD-202111-1687

EXTERNAL IDS

db:NVDid:CVE-2021-36306

Trust: 3.3

db:JVNDBid:JVNDB-2021-015285

Trust: 0.8

db:CNNVDid:CNNVD-202111-1687

Trust: 0.6

db:VULHUBid:VHN-398190

Trust: 0.1

sources: VULHUB: VHN-398190 // JVNDB: JVNDB-2021-015285 // CNNVD: CNNVD-202111-1687 // NVD: CVE-2021-36306

REFERENCES

url:https://www.dell.com/support/kbdoc/en-us/000193076

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-36306

Trust: 1.4

sources: VULHUB: VHN-398190 // JVNDB: JVNDB-2021-015285 // CNNVD: CNNVD-202111-1687 // NVD: CVE-2021-36306

SOURCES

db:VULHUBid:VHN-398190
db:JVNDBid:JVNDB-2021-015285
db:CNNVDid:CNNVD-202111-1687
db:NVDid:CVE-2021-36306

LAST UPDATE DATE

2024-08-14T15:32:57.657000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-398190date:2021-11-23T00:00:00
db:JVNDBid:JVNDB-2021-015285date:2022-11-15T05:17:00
db:CNNVDid:CNNVD-202111-1687date:2021-12-02T00:00:00
db:NVDid:CVE-2021-36306date:2021-11-23T18:45:05.527

SOURCES RELEASE DATE

db:VULHUBid:VHN-398190date:2021-11-20T00:00:00
db:JVNDBid:JVNDB-2021-015285date:2022-11-15T00:00:00
db:CNNVDid:CNNVD-202111-1687date:2021-11-20T00:00:00
db:NVDid:CVE-2021-36306date:2021-11-20T02:15:07.067