CVE-2021-36308
20.11.2021, 02:15
Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to gain access and perform actions on the affected system.Enginsight
| Vendor | Product | Version |
|---|---|---|
| dell | networking_os10 | 𝑥 < 10.4.3.8 |
| dell | networking_os10 | 10.5.0.0 ≤ 𝑥 < 10.5.0.10 |
| dell | networking_os10 | 10.5.1.0 ≤ 𝑥 < 10.5.1.10 |
| dell | networking_os10 | 10.5.2.0 ≤ 𝑥 < 10.5.2.8 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-288 - Authentication Bypass Using an Alternate Path or ChannelA product requires authentication, but the product has an alternate path or channel that does not require authentication.
- CWE-287 - Improper AuthenticationWhen an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.