Privilege Escalation Vulnerability in Networking OS10 by Dell
CVE-2021-36307

8.8HIGH

Key Information:

Vendor: Dell
Status: Networking Os
Vendor: CVE Published:; 20 November 2021

What is CVE-2021-36307?

The Networking OS10 platform by Dell features a security flaw related to the RESTCONF API, allowing low privileged users with specific access rights to escalate their privileges. This situation compromises the system by giving these users the ability to perform actions reserved for administrators. The vulnerability lies in versions of the software released before October 2021, highlighting the importance of regular updates and monitoring of API access controls to safeguard against potential exploit attempts.

Affected Version(s)

Networking OS < unspecified

References

https://www.dell.com/support/kbdoc/en-us/000193076

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 20, 2021
Vulnerability Reserved
Jul 8, 2021