Low Privileged Attacker Could Exploit Hard-coded Password Vulnerability
CVE-2024-39585

8.1HIGH

Key Information:

Vendor: Dell
Status: Smartfabric Os10 Software
Vendor: CVE Published:; 6 September 2024

Summary

The vulnerability identified in Dell SmartFabric OS10 Software arises from the use of hard-coded passwords, impacting versions 10.5.5.4 through 10.5.5.10 and 10.5.6.x. This flaw creates an opportunity for low privileged attackers with remote access to exploit the system. Successful exploitation could result in client-side request forgery, enabling unauthorized operations and potentially leading to information disclosure. Users of the affected versions should take immediate action to secure their systems against this vulnerability.

Affected Version(s)

SmartFabric OS10 Software 10.5.6.x

SmartFabric OS10 Software 10.5.5.4 <= 10.5.5.10

References

https://www.dell.com/support/kbdoc/en-us/000228357/dsa-20...

vendor-advisory

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 6, 2024
Vulnerability Reserved
Jun 26, 2024

Credit

Dell would like to thank n3k From TIANGONG Team of Legendsec at QI-ANXIN Group for reporting this issue.