Description
Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially hijack a session and access the webserver by forging the session ID.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.dell.com/support/kbdoc/en-us/000193230/dsa-2021-191-dell-networking-x-series-security-update-for-multiple-security-vulnerabilities
Scores
CVSS v3
7.5
EPSS
0.0115
EPSS Percentile
62.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-331
Status
published
Products (9)
dell/x1008_firmware
< 3.0.1.8
dell/x1008p_firmware
< 3.0.1.8
dell/x1018_firmware
< 3.0.1.8
dell/x1018p_firmware
< 3.0.1.8
dell/x1026_firmware
< 3.0.1.8
dell/x1026p_firmware
< 3.0.1.8
dell/x1052_firmware
< 3.0.1.8
dell/x1052p_firmware
< 3.0.1.8
dell/x4012_firmware
< 3.0.1.8
Published
Nov 20, 2021
Tracked Since
Feb 18, 2026