CVE-2023-32462

Dell OS10 Networking Switches running 10.5.2.x and above contain an OS command injection vulnerability when using remote user authentication. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands and possible system takeover. This is a critical vulnerability as it allows an attacker to cause severe damage. Dell recommends customers to upgrade at the earliest opportunity.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000216584/dsa-2023-124-security-update-for-dell-smartfabric-os10-multiple-vulnerabilities
https://www.dell.com/support/kbdoc/en-us/000216584/dsa-2023-124-security-update-for-dell-smartfabric-os10-multiple-vulnerabilities

Configurations

No configuration.

History

21 Nov 2024, 08:03

Type	Values Removed	Values Added
References	~~() https://www.dell.com/support/kbdoc/en-us/000216584/dsa-2023-124-security-update-for-dell-smartfabric-os10-multiple-vulnerabilities -~~	() https://www.dell.com/support/kbdoc/en-us/000216584/dsa-2023-124-security-update-for-dell-smartfabric-os10-multiple-vulnerabilities -

15 Feb 2024, 14:28

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-15 13:15

Updated : 2024-11-21 08:03

NVD link : CVE-2023-32462

Mitre link : CVE-2023-32462

CVE.ORG link : CVE-2023-32462

JSON object : View

Products Affected

No product.

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2023-32462", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-02-15T13:15:45.280", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000216584/dsa-2023-124-security-update-for-dell-smartfabric-os10-multiple-vulnerabilities", "source": "security_alert@emc.com"}, {"url": "https://www.dell.com/support/kbdoc/en-us/000216584/dsa-2023-124-security-update-for-dell-smartfabric-os10-multiple-vulnerabilities", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "\nDell OS10 Networking Switches running 10.5.2.x and above contain an OS command injection vulnerability when using remote user authentication. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands and possible system takeover. This is a critical vulnerability as it allows an attacker to cause severe damage. Dell recommends customers to upgrade at the earliest opportunity.\n\n"}, {"lang": "es", "value": "Los conmutadores de red Dell OS10 que ejecutan 10.5.2.x y versiones posteriores contienen una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo cuando se utiliza la autenticaci\u00f3n de usuario remota. Un atacante remoto no autenticado podr\u00eda explotar esta vulnerabilidad, lo que llevar\u00eda a la ejecuci\u00f3n de comandos arbitrarios del sistema operativo y una posible toma de control del sistema. Esta es una vulnerabilidad cr\u00edtica ya que permite que un atacante cause da\u00f1os graves. Dell recomienda a los clientes actualizar lo antes posible."}], "lastModified": "2024-11-21T08:03:24.153", "sourceIdentifier": "security_alert@emc.com"}