Dell OS10 Networking Switches Vulnerable to Command Injection Attacks
CVE-2023-32462

9.8CRITICAL

Key Information:

Vendor: Dell
Status: Dell Smartfabric Os10
Vendor: CVE Published:; 15 February 2024

What is CVE-2023-32462?

Dell OS10 Networking Switches running version 10.5.2.x and higher are susceptible to an OS command injection vulnerability that arises during remote user authentication processes. This vulnerability can be exploited by a remote unauthenticated attacker, enabling the execution of arbitrary operating system commands. Such exploitation could lead to unauthorized access or control over the system, posing significant risks to network integrity and data security. Dell advises users to upgrade their systems promptly to mitigate potential threats posed by this vulnerability.

Affected Version(s)

Dell SmartFabric OS10 10.5.5.0

Dell SmartFabric OS10 10.5.5.3

Dell SmartFabric OS10 10.5.5.1 (MX)

References

https://www.dell.com/support/kbdoc/en-us/000216584/dsa-20...

vendor-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 15, 2024
Vulnerability Reserved
May 9, 2023