Dell OS10 Switches Vulnerability: Information Disclosure and Denial of Service Threats
CVE-2023-28078

9.1CRITICAL

Key Information:

Vendor: Dell
Status: Dell Smartfabric Os10
Vendor: CVE Published:; 15 February 2024

What is CVE-2023-28078?

A vulnerability exists in Dell OS10 Networking Switches, specifically in versions 10.5.2.x and above, related to the zeroMQ messaging library when Virtual Link Trunking (VLT) is configured. This vulnerability allows remote unauthenticated attackers to exploit the system under certain conditions. By sending a large number of requests to the switch, attackers can potentially access sensitive information and might induce a Denial of Service, compromising the functionality of the network device. Dell has advised users to upgrade their systems promptly to mitigate this risk.

Affected Version(s)

Dell SmartFabric OS10 10.5.5.0

Dell SmartFabric OS10 10.5.5.3

Dell SmartFabric OS10 10.5.5.1 (MX)

References

https://www.dell.com/support/kbdoc/en-us/000216584/dsa-20...

vendor-advisory

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 15, 2024
Vulnerability Reserved
Mar 10, 2023

Credit

Rafael Schaefer, ERNW Enno Rey Netzwerke GmbH