DSA-2024-148: Security Update for Dell Networking Z9432F-ON and S5448F-ON for multiple vulnerabilities
Resumen: Dell Networking Z9432F-ON and S5448F-ON remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected systems.
Este artículo se aplica a:
Este artículo no se aplica a:
Este artículo no está vinculado a ningún producto específico.
En este artículo no se identifican todas las versiones de los productos.
Impacto
Critical
Detalles
| Proprietary Code CVEs | Description | CVSS Vector String |
|---|---|---|
| CVE-2023-34329 | AMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header. A successful exploit of this vulnerability may lead to loss of confidentiality, integrity, and availability. | See NVD link below for individual scores for each CVE. |
| CVE-2023-34472 | AMI SPx contains a vulnerability in the BMC where an Attacker may cause an improper neutralization of CRLF sequences in HTTP Headers. A successful exploit of this vulnerability may lead to a loss of integrity. | See NVD link below for individual scores for each CVE. |
Productos afectados y corrección
| CVEs Addressed | Product | Software/Firmware |
Affected Versions | Remediated Versions | Link |
| CVE-2023-34329 | Z9432F-ON | Firmware | Versions prior to v3.51.5.1-18 | Version v3.51.5.1-18 or later | https://www.dell.com/support/home/en-us/product-support/product/networking-z9432f-on/drivers |
| CVE-2023-34472 | Z9432F-ON | Firmware | Versions prior to v3.51.5.1-18 | Version v3.51.5.1-18 or later | https://www.dell.com/support/home/en-us/product-support/product/networking-z9432f-on/drivers |
| CVE-2023-34329 | S5448F-ON | Firmware | Versions prior to v3.52.5.1-10 | Version v3.52.5.1-10 or later | https://www.dell.com/support/home/en-us/product-support/product/networking-s5448f-on/drivers |
| CVE-2023-34472 | S5448-ON | Firmware | Versions prior to v3.52.5.1-10 | Version v3.52.5.1-10 or later | https://www.dell.com/support/home/en-us/product-support/product/networking-s5448f-on/drivers |
| CVEs Addressed | Product | Software/Firmware |
Affected Versions | Remediated Versions | Link |
| CVE-2023-34329 | Z9432F-ON | Firmware | Versions prior to v3.51.5.1-18 | Version v3.51.5.1-18 or later | https://www.dell.com/support/home/en-us/product-support/product/networking-z9432f-on/drivers |
| CVE-2023-34472 | Z9432F-ON | Firmware | Versions prior to v3.51.5.1-18 | Version v3.51.5.1-18 or later | https://www.dell.com/support/home/en-us/product-support/product/networking-z9432f-on/drivers |
| CVE-2023-34329 | S5448F-ON | Firmware | Versions prior to v3.52.5.1-10 | Version v3.52.5.1-10 or later | https://www.dell.com/support/home/en-us/product-support/product/networking-s5448f-on/drivers |
| CVE-2023-34472 | S5448-ON | Firmware | Versions prior to v3.52.5.1-10 | Version v3.52.5.1-10 or later | https://www.dell.com/support/home/en-us/product-support/product/networking-s5448f-on/drivers |
Soluciones alternativas y mitigaciones
none
Historial de revisiones
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2024-03-21 | Initial Release |
| 2.0 | 2024-03-22 | removed unneeded CVSS score column |
Información relacionada
Aviso legal
Productos afectados
PowerSwitch S5448F-ON, PowerSwitch Z9432F-ONPropiedades del artículo
Número de artículo: 000223381
Tipo de artículo: Dell Security Advisory
Última modificación: 22 mar 2024
Encuentra las respuestas que necesitas con la ayuda de otros usuarios de Dell
Servicios de asistencia
Comprueba si tu dispositivo está cubierto por los servicios de asistencia.