CVE-2023-28078

Summary

Dell OS10 Networking Switches running 10.5.2.x and above contain a vulnerability with zeroMQ when VLT is configured. A remote unauthenticated attacker could potentially exploit this vulnerability leading to information disclosure and a possible Denial of Service when a huge number of requests are sent to the switch. This is a high severity vulnerability as it allows an attacker to view sensitive data. Dell recommends customers to upgrade at the earliest opportunity.

Affected Software

VendorProductVersion RangeStatus
DellDell SmartFabric OS1010.5.5.0affected
DellDell SmartFabric OS1010.5.5.3affected
DellDell SmartFabric OS1010.5.5.1 (MX)affected
DellDell SmartFabric OS1010.5.5.2 (MX)affected
DellDell SmartFabric OS1010.5.4.xaffected
DellDell SmartFabric OS1010.5.4.6 (MX)affected
DellDell SmartFabric OS1010.5.3.xaffected
DellDell SmartFabric OS1010.5.2.xaffected

Weaknesses

  • CWE-923: CWE-923: Improper Restriction of Communication Channel to Intended Endpoints

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References