Information Disclosure in Dell Networking OS10 with Smart Fabric Services
CVE-2022-29089

6.4MEDIUM

Key Information:

Vendor: Dell
Status: Dell Networking Os10
Vendor: CVE Published:; 28 September 2022

Summary

Dell Networking OS10 versions released prior to October 2021, specifically those with Smart Fabric Services enabled, are exposed to an information disclosure risk. An attacker, without authentication, could leverage this vulnerability to reverse engineer and extract sensitive information, gaining unauthorized access to the REST API with administrative privileges. This poses significant risks to the confidentiality and integrity of network configurations and operations.

Affected Version(s)

Dell Networking OS10 < 10.5.3.5

References

https://www.dell.com/support/kbdoc/en-us/000202971/dsa-20...

x_refsource_MISC

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 28, 2022
Vulnerability Reserved
Apr 12, 2022