Dell PowerEdge VRTX Switch Module remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
Summary:Dell PowerEdge VRTX Switch Module remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
Please select a product to check article relevancy
This article applies to This article does not apply to
Dell Networking X-Series firmware versions before 3.0.1.9 and Dell PowerEdge VRTX Switch Module firmware versions before 2.0.0.83 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially hijack a session and access the webserver by forging the session ID.
7.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-36321
Dell Networking X-Series firmware versions before 3.0.1.9 and Dell PowerEdge VRTX Switch Module firmware versions before 2.0.0.83 contain an improper input validation vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by sending specially crafted data to trigger a denial of service.
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-36322
Dell Networking X-Series firmware versions before 3.0.1.9 and Dell PowerEdge VRTX Switch Module firmware versions before 2.0.0.83 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary host header values to poison the web-cache or trigger redirections.
6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Proprietary Code CVEs
Description
CVSS Base Score
CVSS Vector String
CVE-2021-36320
Dell Networking X-Series firmware versions before 3.0.1.9 and Dell PowerEdge VRTX Switch Module firmware versions before 2.0.0.83 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially hijack a session and access the webserver by forging the session ID.
7.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-36321
Dell Networking X-Series firmware versions before 3.0.1.9 and Dell PowerEdge VRTX Switch Module firmware versions before 2.0.0.83 contain an improper input validation vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by sending specially crafted data to trigger a denial of service.
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-36322
Dell Networking X-Series firmware versions before 3.0.1.9 and Dell PowerEdge VRTX Switch Module firmware versions before 2.0.0.83 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary host header values to poison the web-cache or trigger redirections.
6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.
Affected Products & Remediation
Product
Affected Versions
Updated Versions
Link to Update
Dell PowerEdge VRTX
VRTX 1GbE Switch Module (R1-2401) firmware versions 2.0.0.82 and earlier