CVE-2021-36307

Name of the Vulnerable Software and Affected Versions Networking OS10 versions prior to October 2021

Description The issue is related to a privilege escalation vulnerability in the implementation of the RESTCONF API in the Networking OS10. A malicious low-privileged user with specific access to the API could potentially exploit this vulnerability to gain admin privileges on the affected system. The vulnerability is associated with errors in privilege management.

Recommendations For versions prior to October 2021, consider disabling the RESTCONF API until a patch is available to prevent potential exploitation. Restrict access to the API to minimize the risk of privilege escalation. As a temporary workaround, limit the privileges of low-privileged users to reduce the impact of a potential exploit.