Cyber Resilience

CVE-2021-21507

High

Published: 30 April 2021

Published
30 April 2021
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0012 30.0th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-21507 is a high-severity Weak Encoding for Password (CWE-261) vulnerability in Dell X1008P Firmware. Its CVSS base score is 8.8 (High).

Operationally, ranked at the 30.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX Switch Module firmware versions prior to 2.0.0.82 contain a Weak Password Encryption Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the disclosure…

more

of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

dell
x1008p firmware
≤ 3.0.1.8
dell
x1018p firmware
≤ 3.0.1.8
dell
x1026p firmware
≤ 3.0.1.8
dell
x1052p firmware
≤ 3.0.1.8
dell
x4012 firmware
≤ 3.0.1.8
dell
r1-2401 firmware
≤ 2.0.0.82
dell
r1-2210 firmware
≤ 2.0.0.82
dell
x1008 firmware
≤ 3.0.1.8
dell
x1018 firmware
≤ 3.0.1.8
dell
x1026 firmware
≤ 3.0.1.8
+1 more product configuration(s) — see NVD for full list

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-326

Maintaining currency with technologies and practices reduces selection of encryption mechanisms that provide inadequate strength.

addresses: CWE-326

Updated assessments identify when previously adequate encryption strength no longer meets current attack capabilities or compliance drivers.

addresses: CWE-326

Establishment procedures require selection and generation of keys with adequate length and strength for the chosen algorithm.

addresses: CWE-326

Specifies required cryptography types and parameters, preventing selection of inadequate encryption strength.

addresses: CWE-326

Prompt patching corrects inadequate encryption strength when vendors release updates that increase key sizes or algorithm security.

References