CVE-2023-32462
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Dell OS10 Networking Switches running 10.5.2.x and above contain an OS command injection vulnerability when using remote user authentication. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands and possible system takeover. This is a critical vulnerability as it allows an attacker to cause severe damage. Dell recommends customers to upgrade at the earliest opportunity.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Dell | Dell SmartFabric OS10 | 10.5.5.0 | affected |
| Dell | Dell SmartFabric OS10 | 10.5.5.3 | affected |
| Dell | Dell SmartFabric OS10 | 10.5.5.1 (MX) | affected |
| Dell | Dell SmartFabric OS10 | 10.5.5.2 (MX) | affected |
| Dell | Dell SmartFabric OS10 | 10.5.4.x | affected |
| Dell | Dell SmartFabric OS10 | 10.5.4.6 (MX) | affected |
| Dell | Dell SmartFabric OS10 | 10.5.3.x | affected |
| Dell | Dell SmartFabric OS10 | 10.5.2.x | affected |
Weaknesses
- CWE-20: CWE-20: Improper Input Validation
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.