CVE-2021-21507

HIGH

Dell EMC X-Series <3.0.1.8 & PowerEdge VRTX <2.0.0.82 - Info Disclo...

Title source: llm
STIX 2.1

Description

Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX Switch Module firmware versions prior to 2.0.0.82 contain a Weak Password Encryption Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account.

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.dell.com/support/kbdoc/000185252

Scores

CVSS v3 8.8
EPSS 0.0054
EPSS Percentile 40.9%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-326 CWE-261
Status published
Products (11)
dell/r1-2210_firmware < 2.0.0.82
dell/r1-2401_firmware < 2.0.0.82
dell/x1008_firmware < 3.0.1.8
dell/x1008p_firmware < 3.0.1.8
dell/x1018_firmware < 3.0.1.8
dell/x1018p_firmware < 3.0.1.8
dell/x1026_firmware < 3.0.1.8
dell/x1026p_firmware < 3.0.1.8
dell/x1052_firmware < 3.0.1.8
dell/x1052p_firmware < 3.0.1.8
... and 1 more
Published Apr 30, 2021
Tracked Since Feb 18, 2026