CVE-2021-36312 – Dell EMC CloudLink versions 7.1 and earlier con... (How to Fix)

Q: What is the severity of CVE-2021-36312?

CVE-2021-36312 has a CVSS score of 9.1 (CRITICAL). Dell EMC CloudLink versions 7.1 and earlier contain hard-coded credentials that allow remote attackers with knowledge of these credentials to gain unauthorized administrative access. This affects all deployments of CloudLink 7.1 and prior versions. Attackers can potentially take full control of affected systems.

📋 TL;DR

Dell EMC CloudLink versions 7.1 and earlier contain hard-coded credentials that allow remote attackers with knowledge of these credentials to gain unauthorized administrative access. This affects all deployments of CloudLink 7.1 and prior versions. Attackers can potentially take full control of affected systems.

💻 Affected Systems

Products:

Dell EMC CloudLink

Versions: 7.1 and all prior versions

Operating Systems: Not OS-specific - appliance-based

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments are vulnerable by default due to hard-coded credentials.

📦 What is this software?

Cloudlink by Dell

View all CVEs affecting Cloudlink →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attacker to access sensitive data, modify configurations, deploy malware, or use the system as a pivot point for further network attacks.

🟠

Likely Case

Unauthorized administrative access leading to data theft, configuration changes, or service disruption.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent external access to CloudLink interfaces.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires knowledge of hard-coded credentials but is trivial once obtained. No authentication bypass needed beyond credential knowledge.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 7.1.1 or later

Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000193031/https-dellservices-lightning-force-com-one-one-app

Restart Required: Yes

Instructions:

1. Download CloudLink 7.1.1 or later from Dell support portal. 2. Backup current configuration. 3. Apply the update following Dell's upgrade procedures. 4. Restart the appliance. 5. Verify new credentials are in use.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate CloudLink appliance from untrusted networks and limit access to authorized IPs only.

Access Control Lists

all

Implement firewall rules to restrict access to CloudLink management interfaces.

🧯 If You Can't Patch

Immediately change all passwords and credentials used by CloudLink if possible
Implement strict network segmentation and monitor all access to CloudLink interfaces

🔍 How to Verify

Check if Vulnerable:

Check CloudLink version via web interface or CLI. If version is 7.1 or earlier, system is vulnerable.

Check Version:

Check via CloudLink web interface or appliance console

Verify Fix Applied:

Verify version is 7.1.1 or later and test that old hard-coded credentials no longer work.

📡 Detection & Monitoring

Log Indicators:

Failed authentication attempts with known hard-coded credentials
Successful logins from unexpected IP addresses
Configuration changes from unauthorized users

Network Indicators:

Unauthorized access attempts to CloudLink management ports (typically 443/HTTPS)
Traffic patterns indicating credential brute-forcing

SIEM Query:

source="cloudlink" AND (event_type="authentication" AND (username="hardcoded_user" OR result="success" from suspicious_ip))

📊 Metadata

CVE ID: CVE-2021-36312

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-259

Published: November 23, 2021

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-36312, you might also want to check these: