CVE-2021-36310
Published: 20 November 2021
Summary
CVE-2021-36310 is a medium-severity Protection Mechanism Failure (CWE-693) vulnerability in Dell Networking Os10. Its CVSS base score is 4.9 (Medium).
Operationally, ranked in the top 44.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-22930
Vulnerability details
Dell Networking OS10, versions 10.4.3.x, 10.5.0.x, 10.5.1.x & 10.5.2.x, contain an uncontrolled resource consumption flaw in its API service. A high-privileged API user may potentially exploit this vulnerability, leading to a denial of service.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Contingency plan testing includes resource exhaustion scenarios to verify recovery, making it harder for attackers to sustain exploits that cause uncontrolled consumption.
The team can analyze and respond to resource exhaustion incidents, reducing the impact of attacks that exploit uncontrolled consumption weaknesses.
Ongoing measurement and reporting of security control performance provides visibility into protection mechanism failures, enabling timely remediation.
Resource consumption and denial-of-service testing performed under the assessment plan detects uncontrolled allocation paths that are subsequently fixed.
Mandates selection and application of resiliency techniques and implementation approaches that strengthen protection mechanisms against failure or bypass.
Alternate paths allow continued C2 operations when an attacker exploits resource-consumption weaknesses against the primary channel.
Monitors for resource exhaustion and denial-of-service patterns that indicate uncontrolled consumption.
Blocking or throttling unsolicited messages at entry/exit points prevents attackers from flooding queues, storage, or processing resources.