Dell SmartFabric OS10 Software Vulnerable to External Access to Files or Directories
CVE-2024-48838

3.3LOW

Key Information:

Vendor: Dell
Status: Smartfabric Os10 Software
Vendor: CVE Published:; 12 November 2024

Summary

The Dell SmartFabric OS10 Software has a vulnerability that permits low privileged attackers with local access to potentially gain access to sensitive files or directories on the filesystem. This flaw poses a notable security risk as it enables unauthorized individuals to exploit weaknesses in the system's access controls, potentially compromising the integrity and confidentiality of the data stored. It is crucial for users of the affected software versions to assess their exposure and implement necessary security measures to mitigate the risks associated with this vulnerability.

Affected Version(s)

SmartFabric OS10 Software 10.5.5.x

SmartFabric OS10 Software 10.5.4.x

SmartFabric OS10 Software 10.5.6.x

References

https://www.dell.com/support/kbdoc/en-us/000247217/dsa-20...

vendor-advisory

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 12, 2024
Vulnerability Reserved
Oct 8, 2024

Credit

Dell would like to thank n3k From TIANGONG Team of Legendsec at QI-ANXIN Group for reporting these issues.