Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products

DSA-2024-148: Security Update for Dell Networking Z9432F-ON and S5448F-ON for multiple vulnerabilities

Summary: Dell Networking Z9432F-ON and S5448F-ON remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected systems.

This article applies to   This article does not apply to 

Impact

Critical

Details

Proprietary Code CVEs Description CVSS Vector String
CVE-2023-34329 AMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header. A successful exploit of this vulnerability may lead to loss of confidentiality, integrity, and availability.

See NVD link below for individual scores for each CVE. 

https://nvd.nist.gov/

CVE-2023-34472 AMI SPx contains a vulnerability in the BMC where an Attacker may cause an improper neutralization of CRLF sequences in HTTP Headers. A successful exploit of this vulnerability may lead to a loss of integrity.

See NVD link below for individual scores for each CVE. 

https://nvd.nist.gov/

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

CVEs Addressed Product Software/Firmware
 
Affected Versions Remediated Versions Link
CVE-2023-34329 Z9432F-ON Firmware Versions prior to v3.51.5.1-18 Version v3.51.5.1-18 or later https://www.dell.com/support/home/en-us/product-support/product/networking-z9432f-on/drivers
 
CVE-2023-34472 Z9432F-ON Firmware Versions prior to v3.51.5.1-18 Version v3.51.5.1-18 or later https://www.dell.com/support/home/en-us/product-support/product/networking-z9432f-on/drivers
 
CVE-2023-34329 S5448F-ON Firmware Versions prior to v3.52.5.1-10 Version v3.52.5.1-10 or later https://www.dell.com/support/home/en-us/product-support/product/networking-s5448f-on/drivers
 
CVE-2023-34472 S5448-ON Firmware Versions prior to v3.52.5.1-10 Version v3.52.5.1-10 or later https://www.dell.com/support/home/en-us/product-support/product/networking-s5448f-on/drivers
 
CVEs Addressed Product Software/Firmware
 
Affected Versions Remediated Versions Link
CVE-2023-34329 Z9432F-ON Firmware Versions prior to v3.51.5.1-18 Version v3.51.5.1-18 or later https://www.dell.com/support/home/en-us/product-support/product/networking-z9432f-on/drivers
 
CVE-2023-34472 Z9432F-ON Firmware Versions prior to v3.51.5.1-18 Version v3.51.5.1-18 or later https://www.dell.com/support/home/en-us/product-support/product/networking-z9432f-on/drivers
 
CVE-2023-34329 S5448F-ON Firmware Versions prior to v3.52.5.1-10 Version v3.52.5.1-10 or later https://www.dell.com/support/home/en-us/product-support/product/networking-s5448f-on/drivers
 
CVE-2023-34472 S5448-ON Firmware Versions prior to v3.52.5.1-10 Version v3.52.5.1-10 or later https://www.dell.com/support/home/en-us/product-support/product/networking-s5448f-on/drivers
 

Workarounds & Mitigations

none

Revision History

RevisionDateDescription
1.02024-03-21Initial Release
2.02024-03-22removed unneeded CVSS score column

Related Information

Affected Products

PowerSwitch S5448F-ON, PowerSwitch Z9432F-ON