Lucene search

DellCVE-2023-32462

HistoryFeb 15, 2024 - 1:15 p.m.

CVE-2023-32462

2024-02-1513:15:45

CWE-20

dell

web.nvd.nist.gov

cve-2023-32462

dell

os10

network switch

command injection

vulnerability

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

Percentile

9.0%

JSON

Dell OS10 Networking Switches running 10.5.2.x and above contain an OS command injection vulnerability when using remote user authentication. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands and possible system takeover. This is a critical vulnerability as it allows an attacker to cause severe damage. Dell recommends customers to upgrade at the earliest opportunity.

Affected configurations

Vulners

Node

dellsmartfabric_os10Match10.5.5.0

dellsmartfabric_os10Match10.5.5.3

dellsmartfabric_os10Match10.5.5.1_\(mx\)

dellsmartfabric_os10Match10.5.5.2_\(mx\)

dellsmartfabric_os10Match10.5.4.0

dellsmartfabric_os10Match10.5.4.6_\(mx\)

dellsmartfabric_os10Match10.5.3.0

dellsmartfabric_os10Match10.5.2.0

VendorProductVersionCPE
dellsmartfabric_os1010.5.5.0cpe:2.3:o:dell:smartfabric_os10:10.5.5.0:*:*:*:*:*:*:*
dellsmartfabric_os1010.5.5.3cpe:2.3:o:dell:smartfabric_os10:10.5.5.3:*:*:*:*:*:*:*
dellsmartfabric_os1010.5.5.1_(mx)cpe:2.3:o:dell:smartfabric_os10:10.5.5.1_\(mx\):*:*:*:*:*:*:*
dellsmartfabric_os1010.5.5.2_(mx)cpe:2.3:o:dell:smartfabric_os10:10.5.5.2_\(mx\):*:*:*:*:*:*:*
dellsmartfabric_os1010.5.4.0cpe:2.3:o:dell:smartfabric_os10:10.5.4.0:*:*:*:*:*:*:*
dellsmartfabric_os1010.5.4.6_(mx)cpe:2.3:o:dell:smartfabric_os10:10.5.4.6_\(mx\):*:*:*:*:*:*:*
dellsmartfabric_os1010.5.3.0cpe:2.3:o:dell:smartfabric_os10:10.5.3.0:*:*:*:*:*:*:*
dellsmartfabric_os1010.5.2.0cpe:2.3:o:dell:smartfabric_os10:10.5.2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	smartfabric_os10	10.5.5.0	cpe:2.3:o:dell:smartfabric_os10:10.5.5.0:::::::*
dell	smartfabric_os10	10.5.5.3	cpe:2.3:o:dell:smartfabric_os10:10.5.5.3:::::::*
dell	smartfabric_os10	10.5.5.1_(mx)	cpe:2.3:o:dell:smartfabric_os10:10.5.5.1_\(mx\):::::::*
dell	smartfabric_os10	10.5.5.2_(mx)	cpe:2.3:o:dell:smartfabric_os10:10.5.5.2_\(mx\):::::::*
dell	smartfabric_os10	10.5.4.0	cpe:2.3:o:dell:smartfabric_os10:10.5.4.0:::::::*
dell	smartfabric_os10	10.5.4.6_(mx)	cpe:2.3:o:dell:smartfabric_os10:10.5.4.6_\(mx\):::::::*
dell	smartfabric_os10	10.5.3.0	cpe:2.3:o:dell:smartfabric_os10:10.5.3.0:::::::*
dell	smartfabric_os10	10.5.2.0	cpe:2.3:o:dell:smartfabric_os10:10.5.2.0:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Dell SmartFabric OS10",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": "10.5.5.0"
      },
      {
        "status": "affected",
        "version": "10.5.5.3"
      },
      {
        "status": "affected",
        "version": "10.5.5.1 (MX)"
      },
      {
        "status": "affected",
        "version": "10.5.5.2 (MX)"
      },
      {
        "status": "affected",
        "version": "10.5.4.x"
      },
      {
        "status": "affected",
        "version": "10.5.4.6 (MX)"
      },
      {
        "status": "affected",
        "version": "10.5.3.x"
      },
      {
        "status": "affected",
        "version": "10.5.2.x"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000216584/dsa-2023-124-security-update-for-dell-smartfabric-os10-multiple-vulnerabilities

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2023-32462