8.8
CVE-2021-36307
- EPSS 0.23%
- Veröffentlicht 20.11.2021 02:15:07
- Zuletzt bearbeitet 21.11.2024 06:13:27
- Quelle security_alert@emc.com
- Teams Watchlist Login
- Unerledigt Login
Networking OS10, versions prior to October 2021 with RESTCONF API enabled, contains a privilege escalation vulnerability. A malicious low privileged user with specific access to the API could potentially exploit this vulnerability to gain admin privileges on the affected system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dell ≫ Networking Os10 Version < 10.4.3.8
Dell ≫ Networking Os10 Version >= 10.5.0.0 < 10.5.0.10
Dell ≫ Networking Os10 Version >= 10.5.1.0 < 10.5.1.10
Dell ≫ Networking Os10 Version >= 10.5.2.0 < 10.5.2.8
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.43 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 8.5 | 6.8 | 10 |
AV:N/AC:M/Au:S/C:C/I:C/A:C
|
| security_alert@emc.com | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.