Dell SmartFabric OS10 Software Vulnerability - Execution with Unnecessary Privileges
CVE-2024-48837

7.8HIGH

Key Information:

Vendor: Dell
Status: Smartfabric Os10 Software
Vendor: CVE Published:; 12 November 2024

Summary

The vulnerability in Dell SmartFabric OS10 Software versions 10.5.6.x, 10.5.5.x, 10.5.4.x, and 10.5.3.x allows low privileged attackers with local access to exploit the system. This exploitation may lead to execution of arbitrary commands, posing a significant risk to the integrity and confidentiality of the network infrastructure. Security measures should be prioritized to mitigate the potential impacts of this vulnerability to ensure safe network operations.

Affected Version(s)

SmartFabric OS10 Software 10.5.6.x

SmartFabric OS10 Software 10.5.5.x

SmartFabric OS10 Software 10.5.4.x

References

https://www.dell.com/support/kbdoc/en-us/000247217/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 12, 2024
Vulnerability Reserved
Oct 8, 2024

Credit

Dell would like to thank n3k From TIANGONG Team of Legendsec at QI-ANXIN Group for reporting these issues.