Dell SmartFabric OS10 Software Vulnerable to Command Injection Attacks

CVE-2024-49560

7.8HIGH

Key Information

Vendor: Dell
Status: Smartfabric Os10 Software
Vendor: CVE Published:; 12 November 2024

Summary

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a command injection vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.

Affected Version(s)

SmartFabric OS10 Software = 10.5.6.x

SmartFabric OS10 Software = 10.5.5.x

SmartFabric OS10 Software = 10.5.4.x

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Nov 12, 2024
Vulnerability Reserved.
Oct 16, 2024

Collectors

NVD DatabaseMitre Database

Credit

Dell would like to thank zzcentury from Ubisectech Sirius Team for reporting this issue.