CVE-2021-36330
📋 TL;DR
Dell EMC Streaming Data Platform versions before 1.3 contain an insufficient session expiration vulnerability that allows remote unauthenticated attackers to reuse old session artifacts to impersonate legitimate users. This affects organizations running vulnerable versions of the Dell EMC Streaming Data Platform.
💻 Affected Systems
- Dell EMC Streaming Data Platform
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
An attacker could gain unauthorized administrative access to the streaming data platform, potentially accessing sensitive data streams, modifying configurations, or disrupting operations.
Likely Case
Attackers could impersonate legitimate users to access data streams and platform functionality they shouldn't have access to, leading to data exposure.
If Mitigated
With proper network segmentation and access controls, impact would be limited to the streaming data platform itself rather than broader network compromise.
🎯 Exploit Status
The vulnerability description suggests straightforward exploitation by reusing session artifacts without authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 1.3 or later
Vendor Advisory: https://www.dell.com/support/kbdoc/en-in/000193697/dsa-2021-205-dell-emc-streaming-data-platform-security-update-for-third-party-vulnerabilities
Restart Required: Yes
Instructions:
1. Download Dell EMC Streaming Data Platform version 1.3 or later from Dell support portal. 2. Follow Dell's upgrade documentation for your deployment type (on-premises or cloud). 3. Apply the update following Dell's specific upgrade procedures. 4. Restart the platform services.
🔧 Temporary Workarounds
Network Access Restriction
allRestrict network access to the Streaming Data Platform web interface/API to only trusted IP addresses or internal networks.
Session Timeout Reduction
allConfigure shorter session timeout values in platform settings if available, though this may not fully mitigate the vulnerability.
🧯 If You Can't Patch
- Isolate the Streaming Data Platform in a separate network segment with strict firewall rules limiting inbound connections.
- Implement additional authentication layers such as VPN or reverse proxy with authentication before reaching the platform.
🔍 How to Verify
Check if Vulnerable:
Check the platform version via the web interface admin panel or using platform management APIs.Check Version:
curl -k https://<platform-host>/api/version or check web interface admin panelVerify Fix Applied:
Verify the platform version is 1.3 or higher and test that old session tokens/cookies are properly invalidated after logout or timeout.📡 Detection & Monitoring
Log Indicators:
- Multiple failed login attempts followed by successful access with old session IDs
- User sessions that persist beyond configured timeout periods
- Access from unusual IP addresses using valid session tokens
Network Indicators:
- Unusual API/web interface traffic patterns
- Requests using expired or old session tokens
SIEM Query:
source="streaming-data-platform" AND (event_type="session_reuse" OR (authentication="success" AND session_age>threshold))