CVE-2021-36320

Severity CVSS v4.0:
Pending analysis
Type:
CWE-331 Insufficient Entropy
Publication date:
20/11/2021
Last modified:
23/11/2021

Description

Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially hijack a session and access the webserver by forging the session ID.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:dell:x1008p_firmware:*:*:*:*:*:*:*:* 3.0.1.8 (excluding)
cpe:2.3:h:dell:x1008p:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:x1018p_firmware:*:*:*:*:*:*:*:* 3.0.1.8 (excluding)
cpe:2.3:h:dell:x1018p:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:x1026p_firmware:*:*:*:*:*:*:*:* 3.0.1.8 (excluding)
cpe:2.3:h:dell:x1026p:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:x1052p_firmware:*:*:*:*:*:*:*:* 3.0.1.8 (excluding)
cpe:2.3:h:dell:x1052p:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:x4012_firmware:*:*:*:*:*:*:*:* 3.0.1.8 (excluding)
cpe:2.3:h:dell:x4012:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:x1008_firmware:*:*:*:*:*:*:*:* 3.0.1.8 (excluding)
cpe:2.3:h:dell:x1008:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:x1018_firmware:*:*:*:*:*:*:*:* 3.0.1.8 (excluding)
cpe:2.3:h:dell:x1018:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:x1026_firmware:*:*:*:*:*:*:*:* 3.0.1.8 (excluding)