CVE-2022-29089
6.4 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
4.9 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
43.6%
Dell Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an information disclosure vulnerability. A remote, unauthenticated attacker could potentially exploit this vulnerability by reverse engineering to retrieve sensitive information and access the REST API with admin privileges.
Affected configurations
CNA Affected
[
{
"product": "Dell Networking OS10",
"vendor": "Dell",
"versions": [
{
"lessThan": "10.5.3.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Social References
More
Related
6.4 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
4.9 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
43.6%