Authentication Bypass in Dell Networking OS10 with RESTCONF API
CVE-2021-36306

8.1HIGH

Key Information:

Vendor: Dell
Status: Networking Os
Vendor: CVE Published:; 20 November 2021

Summary

Dell Networking OS10, specifically versions released before October 2021, is susceptible to an authentication bypass vulnerability when the RESTCONF API is enabled. This flaw allows remote, unauthenticated attackers to exploit the system, gaining unauthorized access to perform various actions. It is crucial for organizations to review their deployments and implement necessary updates to mitigate this risk and enhance overall network security.

Affected Version(s)

Networking OS < unspecified

References

https://www.dell.com/support/kbdoc/en-us/000193076

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 20, 2021
Vulnerability Reserved
Jul 8, 2021