CVE-2021-36309 in Enterprise SONiC OS
Summary
by MITRE • 10/02/2021
Dell Enterprise SONiC OS, versions 3.3.0 and earlier, contains a sensitive information disclosure vulnerability. An authenticated malicious user with access to the system may use the TACACS\Radius credentials stored to read sensitive information and use it in further attacks.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 10/08/2021
The vulnerability identified as CVE-2021-36309 affects Dell Enterprise SONiC OS versions 3.3.0 and earlier, representing a critical sensitive information disclosure flaw that undermines system security. This vulnerability specifically targets the handling of TACACS and RADIUS credentials within the operating system, creating a pathway for authenticated attackers to exploit stored authentication data. The flaw resides in how the system manages and stores these critical credentials, potentially exposing them to unauthorized access. TACACS and RADIUS protocols are fundamental to network access control, making this vulnerability particularly dangerous as it could enable attackers to gain deeper system access and escalate their privileges within the network infrastructure.
The technical implementation of this vulnerability stems from inadequate credential storage mechanisms within the SONiC OS framework. When TACACS and RADIUS credentials are stored in the system, they are not properly secured or encrypted, allowing authenticated malicious users to access these sensitive data elements through legitimate system interfaces. The vulnerability demonstrates poor security practices in credential management, where sensitive information is stored in plaintext or with insufficient encryption, violating fundamental security principles. This weakness creates a direct attack vector that can be exploited by users who already possess legitimate access to the system, as they can leverage their authenticated status to retrieve stored credentials and use them for additional malicious activities.
The operational impact of CVE-2021-36309 extends beyond simple credential theft, as it enables attackers to establish persistent access within network environments. Once an attacker retrieves TACACS and RADIUS credentials, they can authenticate to network devices and services that rely on these protocols, potentially compromising entire network segments. This vulnerability aligns with CWE-312 (CWE-312: Cleartext Storage of Sensitive Information) and represents a significant deviation from secure coding practices. The attack surface is particularly concerning in enterprise environments where SONiC OS is deployed for network infrastructure management, as it could lead to complete network compromise. The vulnerability also maps to ATT&CK technique T1550.001 (Use of Valid Credentials) and T1552.001 (Unsecured Credentials), demonstrating how attackers can leverage legitimate access to escalate their operations.
Organizations utilizing Dell Enterprise SONiC OS must implement immediate mitigations to address this vulnerability, including upgrading to versions that have resolved the credential storage issues. The recommended approach involves applying the vendor-provided security patches and updates that properly encrypt or secure credential storage mechanisms. Additionally, system administrators should conduct thorough credential audits to identify and rotate any compromised TACACS and RADIUS credentials that may have been exposed. Network segmentation and access controls should be strengthened to limit the potential impact of credential compromise. The vulnerability highlights the importance of implementing proper key management practices and secure credential storage as outlined in NIST SP 800-57 and ISO/IEC 27001 standards, emphasizing that credential protection must be a fundamental security requirement in all network operating systems.