CVE-2021-36306 – CVE-2021-36306 is an authentication bypass vuln... (How to Fix)

Q: What is the severity of CVE-2021-36306?

CVE-2021-36306 has a CVSS score of 8.1 (HIGH). CVE-2021-36306 is an authentication bypass vulnerability in Dell Networking OS10's RESTCONF API that allows remote unauthenticated attackers to gain unauthorized access and perform administrative actions. Affected systems are Dell Networking OS10 devices with RESTCONF API enabled prior to October 2021 patches. This vulnerability enables complete compromise of network infrastructure devices.

📋 TL;DR

CVE-2021-36306 is an authentication bypass vulnerability in Dell Networking OS10's RESTCONF API that allows remote unauthenticated attackers to gain unauthorized access and perform administrative actions. Affected systems are Dell Networking OS10 devices with RESTCONF API enabled prior to October 2021 patches. This vulnerability enables complete compromise of network infrastructure devices.

💻 Affected Systems

Products:

Dell Networking OS10

Versions: All versions prior to October 2021 updates

Operating Systems: Dell OS10

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when RESTCONF API is enabled. Default configuration may have this disabled.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device takeover allowing configuration changes, traffic interception, credential harvesting, and lateral movement to other network segments.

🟠

Likely Case

Unauthorized configuration changes, service disruption, and credential theft leading to network compromise.

🟢

If Mitigated

Limited impact if RESTCONF API is disabled or network access is restricted, though risk remains if exposed.

🌐 Internet-Facing: HIGH - Direct remote exploitation without authentication makes internet-facing devices extremely vulnerable.

🏢 Internal Only: HIGH - Even internally, unauthenticated access allows attackers with network reachability to compromise devices.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Authentication bypass vulnerabilities typically have low exploitation complexity, especially with REST API endpoints.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: October 2021 updates and later

Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000193076

Restart Required: Yes

Instructions:

1. Download latest OS10 firmware from Dell support portal. 2. Backup current configuration. 3. Apply firmware update following Dell's upgrade procedures. 4. Reboot device. 5. Verify version and functionality.

🔧 Temporary Workarounds

Disable RESTCONF API

all

Disable the vulnerable RESTCONF API interface if not required for operations.

configure terminal
no restconf enable
end
write memory

Restrict Network Access

all

Implement network ACLs to restrict access to RESTCONF API ports (typically 443/HTTPS).

configure terminal
ip access-list standard RESTCONF-ACL
permit host [TRUSTED_IP] any
deny any any
interface [API_INTERFACE]
ip access-group RESTCONF-ACL in
end
write memory

🧯 If You Can't Patch

Disable RESTCONF API immediately if not required for operations
Implement strict network segmentation and firewall rules to restrict access to affected devices

🔍 How to Verify

Check if Vulnerable:

Check OS10 version with 'show version' and verify RESTCONF status with 'show restconf' - vulnerable if version predates October 2021 and RESTCONF is enabled.

Check Version:

show version

Verify Fix Applied:

Verify OS10 version is October 2021 or later with 'show version' and confirm RESTCONF functionality if required.

📡 Detection & Monitoring

Log Indicators:

Unauthorized RESTCONF API access attempts
Configuration changes from unexpected sources
Authentication failures followed by successful API calls

Network Indicators:

Unusual REST API traffic to OS10 devices
HTTPS requests to RESTCONF endpoints from unauthorized sources

SIEM Query:

source="os10-logs" AND (event_type="api_access" AND user="unknown" OR event_type="config_change" AND source_ip NOT IN [admin_ips])

📊 Metadata

CVE ID: CVE-2021-36306

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-287

Published: November 20, 2021

Last Updated: November 21, 2024

🔗 References

https://www.dell.com/support/kbdoc/en-us/000193076 Patch,Vendor Advisory
https://www.dell.com/support/kbdoc/en-us/000193076 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-36306, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Networking Os10 by Dell

Networking Os10 by Dell

Networking Os10 by Dell

Networking Os10 by Dell

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable RESTCONF API

Restrict Network Access

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities