Lucene search

DellCVELIST:CVE-2023-39248

HistoryDec 05, 2023 - 6:04 a.m.

CVE-2023-39248

2023-12-0506:04:01

CWE-400

dell

www.cve.org

dell

os10

networking

switches

uncontrolled resource consumption

denial of service

vlt

vrrp

remote unauthenticated user

outage

upgrade

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0005 Low

EPSS

Percentile

17.1%

JSON

Dell OS10 Networking Switches running 10.5.2.x and above contain an Uncontrolled Resource Consumption (Denial of Service) vulnerability, when switches are configured with VLT and VRRP. A remote unauthenticated user can cause the network to be flooded leading to Denial of Service for actual network users. This is a high severity vulnerability as it allows an attacker to cause an outage of network. Dell recommends customers to upgrade at the earliest opportunity.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Dell Networking OS10",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": "10.5.5.5"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000220138/dsa-2023-278-dell-networking-os10-security-updates-for-uncontrolled-resource-consumption

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for CVELIST:CVE-2023-39248