DSA-2023-278: Dell Networking OS10 Security Updates for Uncontrolled resource Consumption.
Summary: Dell Networking OS10 remediation is available for a security vulnerability that could be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
High
Details
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-39248 | Dell OS10 Networking Switches running 10.5.2.x and above contain an Uncontrolled Resource Consumption (Denial of Service) vulnerability, when switches are configured with VLT and VRRP. A remote unauthenticated user can cause the network to be flooded leading to Denial of Service for actual network users. This is a high severity vulnerability as it allows an attacker to cause an outage of network. Dell recommends customers to upgrade at the earliest opportunity. |
7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-39248 | Dell OS10 Networking Switches running 10.5.2.x and above contain an Uncontrolled Resource Consumption (Denial of Service) vulnerability, when switches are configured with VLT and VRRP. A remote unauthenticated user can cause the network to be flooded leading to Denial of Service for actual network users. This is a high severity vulnerability as it allows an attacker to cause an outage of network. Dell recommends customers to upgrade at the earliest opportunity. |
7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Affected Products & Remediation
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|
| CVE-2023-39248 | Dell Networking OS10 | 10.5.5.5 | 10.5.5.6 | SmartFabric OS10 downloads page. |
| CVE-2023-39248 | Dell Networking OS10 | 10.5.5.4(MX) | 10.5.5.7(MX) | SmartFabric OS10 downloads page |
| CVE-2023-39248 | Dell Networking OS10 | 10.5.4.9 | 10.5.4.10 | SmartFabric OS10 downloads page |
| CVE-2023-39248 | Dell Networking OS10 | 10.5.3.8 | 10.5.3.9 | SmartFabric OS10 downloads page |
| CVE-2023-39248 | Dell Networking OS10 | 10.5.4.9(MX) | 10.5.4.10 | SmartFabric OS10 downloads page |
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|
| CVE-2023-39248 | Dell Networking OS10 | 10.5.5.5 | 10.5.5.6 | SmartFabric OS10 downloads page. |
| CVE-2023-39248 | Dell Networking OS10 | 10.5.5.4(MX) | 10.5.5.7(MX) | SmartFabric OS10 downloads page |
| CVE-2023-39248 | Dell Networking OS10 | 10.5.4.9 | 10.5.4.10 | SmartFabric OS10 downloads page |
| CVE-2023-39248 | Dell Networking OS10 | 10.5.3.8 | 10.5.3.9 | SmartFabric OS10 downloads page |
| CVE-2023-39248 | Dell Networking OS10 | 10.5.4.9(MX) | 10.5.4.10 | SmartFabric OS10 downloads page |
DSA-2023-382: Security Update for Dell Networking MX Series Switches Vulnerability
Workarounds & Mitigations
| CVE ID | Workaround and Mitigation |
|---|---|
| CVE-2023-39248 | N/a |
Revision History
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2023-12-04 | Initial Release |
| 2.0 | 2023-12-05 | formatting edit with no change to content |
| 3.0 | 2023-12-05 | removed unneeded wording in the Workaround & Mitigations table |
| 4.0 | 2023-12-13 | added missing remediated versions and updated the Workaround and Mitigation table |
| 5.0 | 2023-12-13 | added acknowledgements and reference to DSA-2023-382 |
Acknowledgements
Dell Technologies would like to thank IT CREATION B.V. for reporting this issue.
Related Information
Legal Disclaimer
Affected Products
SmartFabric OS10 SoftwareArticle Properties
Article Number: 000220138
Article Type: Dell Security Advisory
Last Modified: 13 Dec 2023
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.