Lucene search

DellVULNRICHMENT:CVE-2023-28078

HistoryFeb 15, 2024 - 12:35 p.m.

CVE-2023-28078

2024-02-1512:35:00

CWE-923

dell

github.com

dell

os10 networking switches

zeromq

vlt configuration

information disclosure

dos

vulnerability

remote unauthenticated attacker

high severity

sensitive data

upgrade

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

AI Score

6.6

Confidence

High

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

JSON

Dell OS10 Networking Switches running 10.5.2.x and above contain a vulnerability with zeroMQ when VLT is configured. A remote unauthenticated attacker could potentially exploit this vulnerability leading to information disclosure and a possible Denial of Service when a huge number of requests are sent to the switch. This is a high severity vulnerability as it allows an attacker to view sensitive data. Dell recommends customers to upgrade at the earliest opportunity.

CNA Affected

[
  {
    "vendor": "Dell",
    "product": "Dell SmartFabric OS10",
    "versions": [
      {
        "status": "affected",
        "version": "10.5.5.0"
      },
      {
        "status": "affected",
        "version": "10.5.5.3"
      },
      {
        "status": "affected",
        "version": "10.5.5.1 (MX)"
      },
      {
        "status": "affected",
        "version": "10.5.5.2 (MX)"
      },
      {
        "status": "affected",
        "version": "10.5.4.x"
      },
      {
        "status": "affected",
        "version": "10.5.4.6 (MX)"
      },
      {
        "status": "affected",
        "version": "10.5.3.x"
      },
      {
        "status": "affected",
        "version": "10.5.2.x"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:o:dell:smartfabric_os10:*:*:*:*:*:*:*:*"
    ],
    "vendor": "dell",
    "product": "smartfabric_os10",
    "versions": [
      {
        "status": "affected",
        "version": "10.5.5.0"
      },
      {
        "status": "affected",
        "version": "10.5.5.3"
      },
      {
        "status": "affected",
        "version": "10.5.5.1\\(mx\\)"
      },
      {
        "status": "affected",
        "version": "10.5.5.2\\(mx\\)"
      },
      {
        "status": "affected",
        "version": "10.5.2.0",
        "lessThan": "10.5.5.0",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "10.5.4.6\\(mx\\)"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

www.dell.com/support/kbdoc/en-us/000216584/dsa-2023-124-security-update-for-dell-smartfabric-os10-multiple-vulnerabilities

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

AI Score

6.6

Confidence

High

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2023-28078