CVE-2023-32462

Dell OS10 Networking Switches running 10.5.2.x and above contain an OS command injection vulnerability when using remote user authentication. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands and possible system takeover. This is a critical vulnerability as it allows an attacker to cause severe damage. Dell recommends customers to upgrade at the earliest opportunity.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000216584/dsa-2023-124-security-update-for-dell-smartfabric-os10-multiple-vulnerabilities	Vendor Advisory
https://www.dell.com/support/kbdoc/en-us/000216584/dsa-2023-124-security-update-for-dell-smartfabric-os10-multiple-vulnerabilities	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:dell:smartfabric_os10::::::::
	cpe:2.3:o:dell:smartfabric_os10::::::::
	cpe:2.3:o:dell:smartfabric_os10::::::::
	cpe:2.3:o:dell:smartfabric_os10:10.5.5.0:::::::*
	cpe:2.3:o:dell:smartfabric_os10:10.5.5.1:::::::*
	cpe:2.3:o:dell:smartfabric_os10:10.5.5.2:::::::*
	cpe:2.3:o:dell:smartfabric_os10:10.5.5.3:::::::*

History

No history.

Information

Published : 2024-02-15 13:15

Updated : 2025-01-23 17:02

NVD link : CVE-2023-32462

Mitre link : CVE-2023-32462

CVE.ORG link : CVE-2023-32462

JSON object : View

Products Affected

dell

smartfabric_os10

CWE

CWE-20

Improper Input Validation

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2023-32462", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-02-15T13:15:45.280", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000216584/dsa-2023-124-security-update-for-dell-smartfabric-os10-multiple-vulnerabilities", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://www.dell.com/support/kbdoc/en-us/000216584/dsa-2023-124-security-update-for-dell-smartfabric-os10-multiple-vulnerabilities", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "\nDell OS10 Networking Switches running 10.5.2.x and above contain an OS command injection vulnerability when using remote user authentication. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands and possible system takeover. This is a critical vulnerability as it allows an attacker to cause severe damage. Dell recommends customers to upgrade at the earliest opportunity.\n\n"}, {"lang": "es", "value": "Los conmutadores de red Dell OS10 que ejecutan 10.5.2.x y versiones posteriores contienen una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo cuando se utiliza la autenticaci\u00f3n de usuario remota. Un atacante remoto no autenticado podr\u00eda explotar esta vulnerabilidad, lo que llevar\u00eda a la ejecuci\u00f3n de comandos arbitrarios del sistema operativo y una posible toma de control del sistema. Esta es una vulnerabilidad cr\u00edtica ya que permite que un atacante cause da\u00f1os graves. Dell recomienda a los clientes actualizar lo antes posible."}], "lastModified": "2025-01-23T17:02:15.480", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:smartfabric_os10:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1740757D-7955-4DAF-9823-78D2E8121FD6", "versionEndExcluding": "10.5.2.12", "versionStartIncluding": "10.5.2.0"}, {"criteria": "cpe:2.3:o:dell:smartfabric_os10:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A714316-8AC3-4150-B31F-4AC3132B4A45", "versionEndExcluding": "10.5.3.8", "versionStartIncluding": "10.5.3.0"}, {"criteria": "cpe:2.3:o:dell:smartfabric_os10:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DDA673E9-390C-45C8-94A8-D2B82B22E699", "versionEndExcluding": "10.5.4.8", "versionStartIncluding": "10.5.4.0"}, {"criteria": "cpe:2.3:o:dell:smartfabric_os10:10.5.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF0C9317-1643-40E0-B5E2-D8EA13709FB3"}, {"criteria": "cpe:2.3:o:dell:smartfabric_os10:10.5.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1EB5550-61C9-438E-8387-2787907807B7"}, {"criteria": "cpe:2.3:o:dell:smartfabric_os10:10.5.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5800770C-78AD-4754-ACD4-3E9A4FAD28ED"}, {"criteria": "cpe:2.3:o:dell:smartfabric_os10:10.5.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ADE2AF35-19FA-4759-B1FE-604A681A5329"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}