9.8
CVE-2021-21507
- EPSS 0.06%
- Veröffentlicht 30.04.2021 21:15:08
- Zuletzt bearbeitet 21.11.2024 05:48:30
- Quelle security_alert@emc.com
- Teams Watchlist Login
- Unerledigt Login
Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX Switch Module firmware versions prior to 2.0.0.82 contain a Weak Password Encryption Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dell ≫ X1008p Firmware Version < 3.0.1.8
Dell ≫ X1018p Firmware Version < 3.0.1.8
Dell ≫ X1026p Firmware Version < 3.0.1.8
Dell ≫ X1052p Firmware Version < 3.0.1.8
Dell ≫ X4012 Firmware Version < 3.0.1.8
Dell ≫ R1-2401 Firmware Version < 2.0.0.82
Dell ≫ R1-2210 Firmware Version < 2.0.0.82
Dell ≫ X1008 Firmware Version < 3.0.1.8
Dell ≫ X1018 Firmware Version < 3.0.1.8
Dell ≫ X1026 Firmware Version < 3.0.1.8
Dell ≫ X1052 Firmware Version < 3.0.1.8
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.166 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
| security_alert@emc.com | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-261 Weak Encoding for Password
Obscuring a password with a trivial encoding does not protect the password.
CWE-326 Inadequate Encryption Strength
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.