CVE-2021-36309: DSA-2021-190: Dell Enterprise SONiC OS Security Update for an Information Disclosure Vulnerability

Vaikutus

High

Tiedot

Proprietary Code CVE

Description

CVSS Base Score

CVSS Vector String

CVE-2021-36309

Dell Enterprise SONiC OS versions 3.3.0 and earlier contains a sensitive information disclosure vulnerability. An authenticated malicious user with access to the system may use the TACACS\Radius credentials stored to read sensitive information and use it in further attacks.

7.1

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Proprietary Code CVE

Description

CVSS Base Score

CVSS Vector String

CVE-2021-36309

Dell Enterprise SONiC OS versions 3.3.0 and earlier contains a sensitive information disclosure vulnerability. An authenticated malicious user with access to the system may use the TACACS\Radius credentials stored to read sensitive information and use it in further attacks.

7.1

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen

CVE Addressed

Product

Affected Versions

Updated Version

Link to Update

CVE-2021-36309

Dell Enterprise SONiC OS

Versions 3.3.0 and earlier

3.4.0

Link to update

CVE Addressed

Product

Affected Versions

Updated Version

Link to Update

CVE-2021-36309

Dell Enterprise SONiC OS

Versions 3.3.0 and earlier

3.4.0

Link to update

Versiohistoria

Revision

Date

Description

1.0

2021-09-17

Initial Release

Asiaan liittyvät tiedot

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

23 syysk. 2021