Some article numbers may have changed. If this isn't what you're looking for, try searching all articles. Search articles

Article Number: 000193230

DSA-2021-191: Dell Networking X-Series Security Update for Multiple Security Vulnerabilities

Summary: Dell Networking X-Series remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Article Content

Impact

High

Details

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2021-36320	Dell Networking X-Series firmware versions before 3.0.1.9 and Dell PowerEdge VRTX Switch Module firmware versions before 2.0.0.83 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially hijack a session and access the webserver by forging the session ID.	7.5	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-36321	Dell Networking X-Series firmware versions before 3.0.1.9 and Dell PowerEdge VRTX Switch Module firmware versions before 2.0.0.83 contain an improper input validation vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by sending specially crafted data to trigger a denial of service.	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-36322	Dell Networking X-Series firmware versions before 3.0.1.9 and Dell PowerEdge VRTX Switch Module firmware versions before 2.0.0.83 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary host header values to poison the web-cache or trigger redirections.	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2021-36320	Dell Networking X-Series firmware versions before 3.0.1.9 and Dell PowerEdge VRTX Switch Module firmware versions before 2.0.0.83 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially hijack a session and access the webserver by forging the session ID.	7.5	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-36321	Dell Networking X-Series firmware versions before 3.0.1.9 and Dell PowerEdge VRTX Switch Module firmware versions before 2.0.0.83 contain an improper input validation vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by sending specially crafted data to trigger a denial of service.	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-36322	Dell Networking X-Series firmware versions before 3.0.1.9 and Dell PowerEdge VRTX Switch Module firmware versions before 2.0.0.83 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary host header values to poison the web-cache or trigger redirections.	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

CVEs Addressed	Product	Affected Versions	Updated Versions	Link to Update
CVE-2021-36320	Dell Networking X-Series Firmware	Versions 3.0.1.8 and earlier	3.0.1.9	X1000 X4012
CVE-2021-36321
CVE-2021-36322

CVEs Addressed	Product	Affected Versions	Updated Versions	Link to Update
CVE-2021-36320	Dell Networking X-Series Firmware	Versions 3.0.1.8 and earlier	3.0.1.9	X1000 X4012
CVE-2021-36321
CVE-2021-36322

Dell Technologies would like to thank Ken Pyle, Partner and Exploit Developer at CYBIR, for reporting these issues.

Revision History

Revision	Date	Description
1.0	2021-11-03	Initial Release
1.1	2021-11-29	CVE Description updated

Related Information

Legal Information

Article Properties

Affected Product

Dell Networking X1000 Series, Dell Networking X4000 Series, Product Security Information

Last Published Date

06 Dec 2021

Article Type

Dell Security Advisory

Welcome

Welcome to Dell