Low Privileged Attacker Could Exploit Hard-coded Password Vulnerability
CVE-2024-39585

8.1HIGH

Key Information:

Vendor: Dell
Status: Smartfabric Os10 Software
Vendor: CVE Published:; 6 September 2024

What is CVE-2024-39585?

The vulnerability identified in Dell SmartFabric OS10 Software arises from the use of hard-coded passwords, impacting versions 10.5.5.4 through 10.5.5.10 and 10.5.6.x. This flaw creates an opportunity for low privileged attackers with remote access to exploit the system. Successful exploitation could result in client-side request forgery, enabling unauthorized operations and potentially leading to information disclosure. Users of the affected versions should take immediate action to secure their systems against this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SmartFabric OS10 Software 10.5.6.x

SmartFabric OS10 Software 10.5.5.4 <= 10.5.5.10

References

https://www.dell.com/support/kbdoc/en-us/000228357/dsa-20...

vendor-advisory

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 6, 2024
Vulnerability Reserved
Jun 26, 2024

Credit

Dell would like to thank n3k From TIANGONG Team of Legendsec at QI-ANXIN Group for reporting this issue.

JSON

Dell

What is CVE-2024-39585?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.