CVE-2021-36307

Networking OS10, versions prior to October 2021 with RESTCONF API enabled, contains a privilege escalation vulnerability. A malicious low privileged user with specific access to the API could potentially exploit this vulnerability to gain admin privileges on the affected system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
dellCNA
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
VendorProductVersion
dellnetworking_os10
𝑥
< 10.4.3.8
dellnetworking_os10
10.5.0.0 ≤
𝑥
< 10.5.0.10
dellnetworking_os10
10.5.1.0 ≤
𝑥
< 10.5.1.10
dellnetworking_os10
10.5.2.0 ≤
𝑥
< 10.5.2.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.dell.com/support/kbdoc/en-us/000193076
https://www.dell.com/support/kbdoc/en-us/000193076