DSA-2019-019: Dell Networking OS10 OS Command Injection Vulnerability

DSA-2019-019: Dell Networking OS10 OS Command Injection Vulnerability




CVE Identifier: CVE-2018-15778

Dell Identifier: DSA-2019-019

Severity: High

Severity Rating: CVSS Base Score: 8.8 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)

Affected products:

Dell OS10 versions prior to 10.4.2.1

Summary:

Dell OS10 has been updated to address a vulnerability which may be potentially exploited to compromise the system.

Details:

Dell OS10 versions prior to 10.4.2.1 contain a vulnerability caused by lack of proper input validation on the command-line interface (CLI). This could potentially allow an attacker to execute unexpected, dangerous commands directly on the operating system.

Resolution:

The following Dell OS10 versions have been updated to address this vulnerability:

  • Dell OS10 versions 10.4.0-R3S,
  • Dell OS10 versions 10.4.1.4,
  • Dell OS10 versions 10.4.2.1 and later

    Dell recommends all customers apply available patches at the earliest opportunity.

    Link to remedies:

    Customers can download software from https://www.dell.com/support/software/

    Credit:

    Dell would like to thank Thorsten Tüllmann from the Karlsruhe Institute of Technology for reporting this vulnerability.


    Dell recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. Dell disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall Dell or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Dell or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.





  • Quick Tips content is self-published by the Dell Support Professionals who resolve issues daily. In order to achieve a speedy publication, Quick Tips may represent only partial solutions or work-arounds that are still in development or pending further proof of successfully resolving an issue. As such Quick Tips have not been reviewed, validated or approved by Dell and should be used with appropriate caution. Dell shall not be liable for any loss, including but not limited to loss of data, loss of profit or loss of revenue, which customers may incur by following any procedure or advice set out in the Quick Tips.

    Article ID: SLN316095

    Last Date Modified: 09/14/2019 11:27 AM


    Rate this article

    Accurate
    Useful
    Easy to understand
    Was this article helpful?
    Yes No
    Send us feedback
    Comments cannot contain these special characters: <>()\
    Sorry, our feedback system is currently down. Please try again later.

    Thank you for your feedback.