CVE-2021-36307

Published: Nov 20, 2021Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Networking OS10, versions prior to October 2021 with RESTCONF API enabled, contains a privilege escalation vulnerability. A malicious low privileged user with specific access to the API could potentially exploit this vulnerability to gain admin privileges on the affected system.

Affected (4)

Products: Dell: Networking Os10

Dell

1 product

Networking Os10

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Dell Networking Os10	Before 10.4.3.8
Dell Networking Os10	From 10.5.0.0 to 10.5.0.10
Dell Networking Os10	From 10.5.1.0 to 10.5.1.10
Dell Networking Os10	From 10.5.2.0 to 10.5.2.8

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://www.dell.com/support/kbdoc/en-us/000193076

Source: security_alert@emc.com

PatchVendor Advisory

https://www.dell.com/support/kbdoc/en-us/000193076

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.