DSA-2024-148: Security Update for Dell Networking Z9432F-ON and S5448F-ON for multiple vulnerabilities
Summary: Dell Networking Z9432F-ON and S5448F-ON remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected systems.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
Critical
Details
| Proprietary Code CVEs | Description | CVSS Vector String |
|---|---|---|
| CVE-2023-34329 | AMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header. A successful exploit of this vulnerability may lead to loss of confidentiality, integrity, and availability. | See NVD link below for individual scores for each CVE. |
| CVE-2023-34472 | AMI SPx contains a vulnerability in the BMC where an Attacker may cause an improper neutralization of CRLF sequences in HTTP Headers. A successful exploit of this vulnerability may lead to a loss of integrity. | See NVD link below for individual scores for each CVE. |
Affected Products & Remediation
| CVEs Addressed | Product | Software/Firmware |
Affected Versions | Remediated Versions | Link |
| CVE-2023-34329 | Z9432F-ON | Firmware | Versions prior to v3.51.5.1-18 | Version v3.51.5.1-18 or later | https://www.dell.com/support/home/en-us/product-support/product/networking-z9432f-on/drivers |
| CVE-2023-34472 | Z9432F-ON | Firmware | Versions prior to v3.51.5.1-18 | Version v3.51.5.1-18 or later | https://www.dell.com/support/home/en-us/product-support/product/networking-z9432f-on/drivers |
| CVE-2023-34329 | S5448F-ON | Firmware | Versions prior to v3.52.5.1-10 | Version v3.52.5.1-10 or later | https://www.dell.com/support/home/en-us/product-support/product/networking-s5448f-on/drivers |
| CVE-2023-34472 | S5448-ON | Firmware | Versions prior to v3.52.5.1-10 | Version v3.52.5.1-10 or later | https://www.dell.com/support/home/en-us/product-support/product/networking-s5448f-on/drivers |
| CVEs Addressed | Product | Software/Firmware |
Affected Versions | Remediated Versions | Link |
| CVE-2023-34329 | Z9432F-ON | Firmware | Versions prior to v3.51.5.1-18 | Version v3.51.5.1-18 or later | https://www.dell.com/support/home/en-us/product-support/product/networking-z9432f-on/drivers |
| CVE-2023-34472 | Z9432F-ON | Firmware | Versions prior to v3.51.5.1-18 | Version v3.51.5.1-18 or later | https://www.dell.com/support/home/en-us/product-support/product/networking-z9432f-on/drivers |
| CVE-2023-34329 | S5448F-ON | Firmware | Versions prior to v3.52.5.1-10 | Version v3.52.5.1-10 or later | https://www.dell.com/support/home/en-us/product-support/product/networking-s5448f-on/drivers |
| CVE-2023-34472 | S5448-ON | Firmware | Versions prior to v3.52.5.1-10 | Version v3.52.5.1-10 or later | https://www.dell.com/support/home/en-us/product-support/product/networking-s5448f-on/drivers |
Workarounds & Mitigations
none
Revision History
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2024-03-21 | Initial Release |
| 2.0 | 2024-03-22 | removed unneeded CVSS score column |
Related Information
Legal Disclaimer
Affected Products
PowerSwitch S5448F-ON, PowerSwitch Z9432F-ONArticle Properties
Article Number: 000223381
Article Type: Dell Security Advisory
Last Modified: 22 Mar 2024
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.