CVE-2021-36309
published 2021-10-01CVE-2021-36309: Dell Enterprise SONiC OS, versions 3.3.0 and earlier, contains a sensitive information disclosure vulnerability. An authenticated malicious user with access to…
PriorityP432medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.62%
45.4th percentile
Dell Enterprise SONiC OS, versions 3.3.0 and earlier, contains a sensitive information disclosure vulnerability. An authenticated malicious user with access to the system may use the TACACS\Radius credentials stored to read sensitive information and use it in further attacks.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dell | enterprise_sonic_os | <= 3.3.0 | — |
| dell | enterprise_sonic_os | >= unspecified < 3.4.0 | 3.4.0 |
| f5 | nginx | >= 0 < 1.14.0-0ubuntu1.10 | 1.14.0-0ubuntu1.10 |
| f5 | nginx | >= 0 < 1.18.0-0ubuntu1.3 | 1.18.0-0ubuntu1.3 |
| f5 | nginx | >= 0 < 1.18.0-6ubuntu14.1 | 1.18.0-6ubuntu14.1 |
| f5 | nginx | >= 0 < 1.10.3-0ubuntu0.16.04.5+esm3 | 1.10.3-0ubuntu0.16.04.5+esm3 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
osv7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7vj7-47pr-4hg8: Dell Enterprise SONiC OS, versions 3
ghsa_unreviewed·2022-05-24
CVE-2021-36309 [MEDIUM] CWE-200 GHSA-7vj7-47pr-4hg8: Dell Enterprise SONiC OS, versions 3
Dell Enterprise SONiC OS, versions 3.3.0 and earlier, contains a sensitive information disclosure vulnerability. An authenticated malicious user with access to the system may use the TACACS\Radius credentials stored to read sensitive information and use it in further attacks.
OSV
nginx vulnerability
osv·2022-04-28·CVSS 7.5
CVE-2021-3618 nginx vulnerability
nginx vulnerability
USN-5371-1 fixed several vulnerabilities in nginx.
This update provides the fix for CVE-2021-3618 for Ubuntu 22.04 LTS.
Original advisory details:
It was discovered that nginx Lua module mishandled certain inputs.
An attacker could possibly use this issue to perform an HTTP Request
Smuggling attack. This issue was fixed for Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2020-11724)
It was discovered that nginx Lua module mishandled certain inputs.
An attacker could possibly use this issue to disclose sensitive
information. This issue only affects Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2020-36309)
It was discovered that nginx mishandled the use of
compatible certificates among multiple encryption protocols.
If a remote attacker were able to intercept the communica
OSV
nginx vulnerabilities
osv·2022-04-12·CVSS 7.5
CVE-2020-11724 nginx vulnerabilities
nginx vulnerabilities
It was discovered that nginx Lua module mishandled certain inputs.
An attacker could possibly use this issue to perform an HTTP Request
Smuggling attack. This issue was fixed for Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2020-11724)
It was discovered that nginx Lua module mishandled certain inputs.
An attacker could possibly use this issue to disclose sensitive
information. This issue only affects Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2020-36309)
It was discovered that nginx mishandled the use of
compatible certificates among multiple encryption protocols.
If a remote attacker were able to intercept the communication,
this issue could be used to redirect traffic between subdomains.
(CVE-2021-3618)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-10-01
Published