CVE-2021-36306
Description
Authentication bypass in Dell Networking OS10 RESTCONF API allows remote unauthenticated attackers to gain access and perform actions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Authentication bypass in Dell Networking OS10 RESTCONF API allows remote unauthenticated attackers to gain access and perform actions.
Vulnerability
Dell Networking OS10, versions prior to October 2021 with the RESTCONF API enabled, contains an authentication bypass vulnerability [1]. The vulnerability affects all OS10 releases before the October 2021 security update. The RESTCONF API must be enabled for the code path to be reachable [1].
Exploitation
A remote unauthenticated attacker can exploit this vulnerability over the network without any authentication or user interaction. The attack complexity is high, as noted by the CVSS vector string (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) [1]. The attacker does not need to be on the local network; the RESTCONF API must be exposed.
Impact
Successful exploitation grants the attacker full access to the affected system and allows them to perform actions, leading to complete compromise of confidentiality, integrity, and availability (High impact for CIA) [1].
Mitigation
Dell released a security update in October 2021 to address this vulnerability. Fixed versions are included in the October 2021 OS10 release [1]. Users should upgrade to the latest OS10 version. As a workaround, disable the RESTCONF API if not required. This CVE is not currently listed on the CISA KEV.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.dell.com/support/kbdoc/en-us/000193076mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.