Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

Article Number: 000220138


DSA-2023-278: Dell Networking OS10 Security Updates for Uncontrolled resource Consumption.

Summary: Dell Networking OS10 remediation is available for a security vulnerability that could be exploited by malicious users to compromise the affected system.

Article Content


Impact

High

Details

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2023-39248 Dell OS10 Networking Switches running 10.5.2.x and above contain an Uncontrolled Resource Consumption (Denial of Service) vulnerability, when switches are configured with VLT and VRRP. A remote unauthenticated
user can cause the network to be flooded leading to Denial of Service for actual network users. This is a high severity vulnerability as it allows an attacker to cause an outage of network. Dell recommends customers to upgrade at the earliest opportunity.
7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2023-39248 Dell OS10 Networking Switches running 10.5.2.x and above contain an Uncontrolled Resource Consumption (Denial of Service) vulnerability, when switches are configured with VLT and VRRP. A remote unauthenticated
user can cause the network to be flooded leading to Denial of Service for actual network users. This is a high severity vulnerability as it allows an attacker to cause an outage of network. Dell recommends customers to upgrade at the earliest opportunity.
7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HThis hyperlink is taking you to a website outside of Dell Technologies.
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

CVEs Addressed  Product  Affected Versions  Remediated Versions  Link 
CVE-2023-39248 Dell Networking OS10 10.5.5.5 10.5.5.6  SmartFabric OS10 downloads page.
CVE-2023-39248 Dell Networking OS10 10.5.5.4(MX) 10.5.5.7(MX)  SmartFabric OS10 downloads page
CVE-2023-39248 Dell Networking OS10 10.5.4.9 10.5.4.10  SmartFabric OS10 downloads page
CVE-2023-39248 Dell Networking OS10 10.5.3.8 10.5.3.9  SmartFabric OS10 downloads page
CVE-2023-39248 Dell Networking OS10 10.5.4.9(MX) 10.5.4.10  SmartFabric OS10 downloads page
CVEs Addressed  Product  Affected Versions  Remediated Versions  Link 
CVE-2023-39248 Dell Networking OS10 10.5.5.5 10.5.5.6  SmartFabric OS10 downloads page.
CVE-2023-39248 Dell Networking OS10 10.5.5.4(MX) 10.5.5.7(MX)  SmartFabric OS10 downloads page
CVE-2023-39248 Dell Networking OS10 10.5.4.9 10.5.4.10  SmartFabric OS10 downloads page
CVE-2023-39248 Dell Networking OS10 10.5.3.8 10.5.3.9  SmartFabric OS10 downloads page
CVE-2023-39248 Dell Networking OS10 10.5.4.9(MX) 10.5.4.10  SmartFabric OS10 downloads page
DSA-2023-382: Security Update for Dell Networking MX Series Switches Vulnerability

Workarounds and Mitigations

CVE ID Workaround and Mitigation
CVE-2023-39248 N/a
 

Acknowledgements

Dell Technologies would like to thank IT CREATION B.V. for reporting this issue.

Revision History

Revision DateDescription
1.02023-12-04Initial Release
2.02023-12-05formatting edit with no change to content
3.02023-12-05removed unneeded wording in the Workaround & Mitigations table
4.02023-12-13added missing remediated versions and updated the Workaround and Mitigation table
5.0 2023-12-13added acknowledgements and reference to DSA-2023-382

Related Information


Article Properties


Affected Product

SmartFabric OS10 Software

Last Published Date

13 Dec 2023

Version

5

Article Type

Dell Security Advisory