CVE-2021-36307

EUVD-2021-22927
Networking OS10, versions prior to October 2021 with RESTCONF API enabled, contains a privilege escalation vulnerability. A malicious low privileged user with specific access to the API could potentially exploit this vulnerability to gain admin privileges on the affected system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
dellCNA
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
Affected Products (NVD)
VendorProductVersion
dellnetworking_os10
𝑥
< 10.4.3.8
dellnetworking_os10
10.5.0.0 ≤
𝑥
< 10.5.0.10
dellnetworking_os10
10.5.1.0 ≤
𝑥
< 10.5.1.10
dellnetworking_os10
10.5.2.0 ≤
𝑥
< 10.5.2.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.dell.com/support/kbdoc/en-us/000193076
https://www.dell.com/support/kbdoc/en-us/000193076