CVE-2021-21507

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX Switch Module firmware versions prior to 2.0.0.82 contain a Weak Password Encryption Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account.

Dell EMC Networking X-Series versiones anteriores a 3.0.1.8 y Dell EMC PowerEdge VRTX Module, versiones de firrmware anteriores a 2.0.0.82, contienen una vulnerabilidad de Cifrado de Contraseña Débil. Un atacante remoto no autenticado podría explotar potencialmente esta vulnerabilidad, conllevando a una divulgación de determinadas credenciales de usuario. El atacante puede usar las credenciales expuestas para acceder al sistema vulnerable con privilegios de la cuenta comprometida.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-01-04 CVE Reserved
2021-04-30 CVE Published
2024-01-14 EPSS Updated
2024-09-16 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-261: Weak Encoding for Password
CWE-326: Inadequate Encryption Strength

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://www.dell.com/support/kbdoc/000185252	2021-05-10

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Dell Search vendor "Dell"	X1008p Firmware Search vendor "Dell" for product "X1008p Firmware"	< 3.0.1.8 Search vendor "Dell" for product "X1008p Firmware" and version " < 3.0.1.8"	-	Affected	in	Dell Search vendor "Dell"	X1008p Search vendor "Dell" for product "X1008p"	-	-	Safe
Dell Search vendor "Dell"	X1018p Firmware Search vendor "Dell" for product "X1018p Firmware"	< 3.0.1.8 Search vendor "Dell" for product "X1018p Firmware" and version " < 3.0.1.8"	-	Affected	in	Dell Search vendor "Dell"	X1018p Search vendor "Dell" for product "X1018p"	-	-	Safe
Dell Search vendor "Dell"	X1026p Firmware Search vendor "Dell" for product "X1026p Firmware"	< 3.0.1.8 Search vendor "Dell" for product "X1026p Firmware" and version " < 3.0.1.8"	-	Affected	in	Dell Search vendor "Dell"	X1026p Search vendor "Dell" for product "X1026p"	-	-	Safe
Dell Search vendor "Dell"	X1052p Firmware Search vendor "Dell" for product "X1052p Firmware"	< 3.0.1.8 Search vendor "Dell" for product "X1052p Firmware" and version " < 3.0.1.8"	-	Affected	in	Dell Search vendor "Dell"	X1052p Search vendor "Dell" for product "X1052p"	-	-	Safe
Dell Search vendor "Dell"	X4012 Firmware Search vendor "Dell" for product "X4012 Firmware"	< 3.0.1.8 Search vendor "Dell" for product "X4012 Firmware" and version " < 3.0.1.8"	-	Affected	in	Dell Search vendor "Dell"	X4012 Search vendor "Dell" for product "X4012"	-	-	Safe
Dell Search vendor "Dell"	R1-2401 Firmware Search vendor "Dell" for product "R1-2401 Firmware"	< 2.0.0.82 Search vendor "Dell" for product "R1-2401 Firmware" and version " < 2.0.0.82"	-	Affected	in	Dell Search vendor "Dell"	R1-2401 Search vendor "Dell" for product "R1-2401"	-	-	Safe
Dell Search vendor "Dell"	R1-2210 Firmware Search vendor "Dell" for product "R1-2210 Firmware"	< 2.0.0.82 Search vendor "Dell" for product "R1-2210 Firmware" and version " < 2.0.0.82"	-	Affected	in	Dell Search vendor "Dell"	R1-2210 Search vendor "Dell" for product "R1-2210"	-	-	Safe
Dell Search vendor "Dell"	X1008 Firmware Search vendor "Dell" for product "X1008 Firmware"	< 3.0.1.8 Search vendor "Dell" for product "X1008 Firmware" and version " < 3.0.1.8"	-	Affected	in	Dell Search vendor "Dell"	X1008 Search vendor "Dell" for product "X1008"	-	-	Safe
Dell Search vendor "Dell"	X1018 Firmware Search vendor "Dell" for product "X1018 Firmware"	< 3.0.1.8 Search vendor "Dell" for product "X1018 Firmware" and version " < 3.0.1.8"	-	Affected	in	Dell Search vendor "Dell"	X1018 Search vendor "Dell" for product "X1018"	-	-	Safe
Dell Search vendor "Dell"	X1026 Firmware Search vendor "Dell" for product "X1026 Firmware"	< 3.0.1.8 Search vendor "Dell" for product "X1026 Firmware" and version " < 3.0.1.8"	-	Affected	in	Dell Search vendor "Dell"	X1026 Search vendor "Dell" for product "X1026"	-	-	Safe
Dell Search vendor "Dell"	X1052 Firmware Search vendor "Dell" for product "X1052 Firmware"	< 3.0.1.8 Search vendor "Dell" for product "X1052 Firmware" and version " < 3.0.1.8"	-	Affected	in	Dell Search vendor "Dell"	X1052 Search vendor "Dell" for product "X1052"	-	-	Safe