CVE-2021-21507

Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX Switch Module firmware versions prior to 2.0.0.82 contain a Weak Password Encryption Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account.
References
Link Resource
https://www.dell.com/support/kbdoc/000185252 Patch Vendor Advisory
https://www.dell.com/support/kbdoc/000185252 Patch Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dell:x1008p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:x1008p:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:dell:x1018p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:x1018p:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:dell:x1026p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:x1026p:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:dell:x1052p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:x1052p:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:dell:x4012_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:x4012:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:dell:r1-2401_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:r1-2401:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:dell:r1-2210_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:r1-2210:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:dell:x1008_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:x1008:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:dell:x1018_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:x1018:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:dell:x1026_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:x1026:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:dell:x1052_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:x1052:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:48

Type Values Removed Values Added
References () https://www.dell.com/support/kbdoc/000185252 - Patch, Vendor Advisory () https://www.dell.com/support/kbdoc/000185252 - Patch, Vendor Advisory
CVSS v2 : 5.0
v3 : 9.8
v2 : 5.0
v3 : 8.8

Information

Published : 2021-04-30 21:15

Updated : 2024-11-21 05:48


NVD link : CVE-2021-21507

Mitre link : CVE-2021-21507

CVE.ORG link : CVE-2021-21507


JSON object : View

Products Affected

dell

  • x1018
  • x1026
  • x1052p
  • x1026p_firmware
  • x1052
  • x1026_firmware
  • x4012_firmware
  • x1026p
  • x1018p_firmware
  • r1-2401
  • x1052_firmware
  • x1008
  • x1018p
  • x1008p_firmware
  • x1052p_firmware
  • x1008_firmware
  • x4012
  • r1-2401_firmware
  • x1008p
  • r1-2210
  • r1-2210_firmware
  • x1018_firmware
CWE
CWE-261

Weak Encoding for Password

CWE-326

Inadequate Encryption Strength