Dell SmartFabric OS10 Software Vulnerability: Elevation of Privileges Attack vector
CVE-2024-49558

7.8HIGH

Key Information:

Vendor: Dell
Status: Smartfabric Os10 Software
Vendor: CVE Published:; 12 November 2024

Summary

The Dell SmartFabric OS10 Software presents a vulnerability associated with improper privilege management across several versions. This issue allows a low privileged attacker with local access to potentially exploit the vulnerability, facilitating the elevation of privileges. Security practitioners must take action to mitigate risks associated with this vulnerability to protect sensitive data and system integrity. Dell has provided a security advisory detailing available updates and recommendations for remediation.

Affected Version(s)

SmartFabric OS10 Software 10.5.6.x

SmartFabric OS10 Software 10.5.5.x

SmartFabric OS10 Software 10.5.4.x

References

https://www.dell.com/support/kbdoc/en-us/000247217/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 12, 2024
Vulnerability Reserved
Oct 16, 2024

Credit

Dell would like to thank n3k From TIANGONG Team of Legendsec at QI-ANXIN Group for reporting these issues.