CVE-2021-36322

Name of the Vulnerable Software and Affected Versions Dell Networking X-Series firmware versions prior to 3.0.1.8

Description The issue allows a remote unauthenticated attacker to potentially exploit the vulnerability by injecting arbitrary host header values to poison the web-cache or trigger redirections. This can be achieved through API endpoints, although specific endpoints are not mentioned. The host header values are the vulnerable parameters in this case.

Recommendations For Dell Networking X-Series firmware versions prior to 3.0.1.8, update to version 3.0.1.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the web-cache to minimize the risk of exploitation. Avoid using arbitrary host header values in API requests until the issue is resolved.