CVE-2024-39585

Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x, contain(s) an Use of Hard-coded Password vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Client-side request forgery and Information disclosure.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:dell:smartfabric_os10:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:smartfabric_os10:*:*:*:*:*:*:*:*

History

17 Sep 2024, 02:15

Type Values Removed Values Added
References
  • {'url': 'https://www.dell.com/support/kbdoc/en-us/000228357/dsa-2024-377-security-update-for-dell-networking-os10-vulnerability', 'tags': ['Vendor Advisory'], 'source': 'security_alert@emc.com'}
  • () https://www.dell.com/support/kbdoc/en-us/000228355/dsa-2024-376-security-update-for-dell-networking-os10-vulnerability -

13 Sep 2024, 20:24

Type Values Removed Values Added
First Time Dell smartfabric Os10
Dell
CWE CWE-798
References () https://www.dell.com/support/kbdoc/en-us/000228357/dsa-2024-377-security-update-for-dell-networking-os10-vulnerability - () https://www.dell.com/support/kbdoc/en-us/000228357/dsa-2024-377-security-update-for-dell-networking-os10-vulnerability - Vendor Advisory
CVSS v2 : unknown
v3 : 7.9
v2 : unknown
v3 : 8.1
CPE cpe:2.3:o:dell:smartfabric_os10:*:*:*:*:*:*:*:*

06 Sep 2024, 12:08

Type Values Removed Values Added
Summary
  • (es) El software Dell SmartFabric OS10, versiones 10.5.5.4 a 10.5.5.10 y 10.5.6.x, contiene una vulnerabilidad de uso de contraseñas codificadas. Un atacante con pocos privilegios y acceso remoto podría aprovechar esta vulnerabilidad, lo que provocaría la falsificación de solicitudes del lado del cliente y la divulgación de información.

06 Sep 2024, 05:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-06 05:15

Updated : 2024-09-17 02:15


NVD link : CVE-2024-39585

Mitre link : CVE-2024-39585

CVE.ORG link : CVE-2024-39585


JSON object : View

Products Affected

dell

  • smartfabric_os10
CWE
CWE-798

Use of Hard-coded Credentials

CWE-259

Use of Hard-coded Password