Cyber Resilience

CVE-2021-36310

MediumDDoS

Published: 20 November 2021

Published
20 November 2021
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0032 55.3th percentile
Risk Priority 10 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-36310 is a medium-severity Protection Mechanism Failure (CWE-693) vulnerability in Dell Networking Os10. Its CVSS base score is 4.9 (Medium).

Operationally, ranked in the top 44.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Dell Networking OS10, versions 10.4.3.x, 10.5.0.x, 10.5.1.x & 10.5.2.x, contain an uncontrolled resource consumption flaw in its API service. A high-privileged API user may potentially exploit this vulnerability, leading to a denial of service.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

dell
networking os10
≤ 10.4.3.8 · 10.5.0.0 — 10.5.0.10 · 10.5.1.0 — 10.5.1.10

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-400 CWE-693

Contingency plan testing includes resource exhaustion scenarios to verify recovery, making it harder for attackers to sustain exploits that cause uncontrolled consumption.

addresses: CWE-400 CWE-693

The team can analyze and respond to resource exhaustion incidents, reducing the impact of attacks that exploit uncontrolled consumption weaknesses.

addresses: CWE-693 CWE-400

Ongoing measurement and reporting of security control performance provides visibility into protection mechanism failures, enabling timely remediation.

addresses: CWE-400 CWE-693

Resource consumption and denial-of-service testing performed under the assessment plan detects uncontrolled allocation paths that are subsequently fixed.

addresses: CWE-693 CWE-400

Mandates selection and application of resiliency techniques and implementation approaches that strengthen protection mechanisms against failure or bypass.

addresses: CWE-400 CWE-693

Alternate paths allow continued C2 operations when an attacker exploits resource-consumption weaknesses against the primary channel.

addresses: CWE-400 CWE-693

Monitors for resource exhaustion and denial-of-service patterns that indicate uncontrolled consumption.

addresses: CWE-400 CWE-693

Blocking or throttling unsolicited messages at entry/exit points prevents attackers from flooding queues, storage, or processing resources.

References