DSA-2024-274: Security Update for Dell Networking OS10 Vulnerabilities
Riepilogo: Dell Networking OS10 remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Questo articolo si applica a
Questo articolo non si applica a
Questo articolo non è legato a un prodotto specifico.
Non tutte le versioni del prodotto sono identificate in questo articolo.
Impatto
High
Dettagli
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-37125 | Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x,10.5.3.x, contains an Uncontrolled Resource Consumption vulnerability. A remote unauthenticated host could potentially exploit this vulnerability leading to a denial of service. | 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| CVE-2024-39577 | Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability leading to code execution. |
7.1 | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-37125 | Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x,10.5.3.x, contains an Uncontrolled Resource Consumption vulnerability. A remote unauthenticated host could potentially exploit this vulnerability leading to a denial of service. | 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| CVE-2024-39577 | Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability leading to code execution. |
7.1 | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
Prodotti interessati e correzione
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| Dell Networking OS10 | 10.5.6.x | 10.5.6.4 | SmartFabric OS10 downloads page |
| Dell Networking OS10 | 10.5.5.x | 10.5.5.11 | SmartFabric OS10 downloads page |
| Dell Networking OS10 | 10.5.4.x | 10.5.4.12 | SmartFabric OS10 downloads page |
| Dell Networking OS10 | 10.5.3.x | 10.5.3.11 | SmartFabric OS10 downloads page |
| Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|
| Dell Networking OS10 | 10.5.6.x | 10.5.6.4 | SmartFabric OS10 downloads page |
| Dell Networking OS10 | 10.5.5.x | 10.5.5.11 | SmartFabric OS10 downloads page |
| Dell Networking OS10 | 10.5.4.x | 10.5.4.12 | SmartFabric OS10 downloads page |
| Dell Networking OS10 | 10.5.3.x | 10.5.3.11 | SmartFabric OS10 downloads page |
- SmartFabric OS10 downloads are also available from your Dell Digital Locker.
- The Affected Products and Remediation table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
Soluzioni alternative e mitigazioni
| CVE ID | Workaround and Mitigation |
|---|---|
| CVE-2024-37125 | Shut the port through which the crafted packets are ingress into switch. |
Cronologia delle revisioni
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2024-09-26 | Initial Release |
Ringraziamenti
- CVE-2024-39577: Dell would like to thank n3k From TIANGONG Team of Legendsec at QI-ANXIN Group for reporting this issue.
Informazioni correlate
Dichiarazione di non responsabilità
Prodotti interessati
SmartFabric OS10 SoftwareProprietà dell'articolo
Numero articolo: 000228976
Tipo di articolo: Dell Security Advisory
Ultima modifica: 26 set 2024
Trova risposta alle tue domande dagli altri utenti Dell
Support Services
Verifica che il dispositivo sia coperto dai Servizi di supporto.