CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2023-28078

CVSS 9.1v3.1pub. 2024-02-15upd. 2025-01-23

Dell OS10 Networking Switches running 10.5.2.x and above contain a vulnerability with zeroMQ when VLT is configured. A remote unauthenticated attacker could potentially exploit this vulnerability leading to information disclosure and a possible Denial of Service when a huge number of requests are sent to the switch. This is a high severity vulnerability as it allows an attacker to view sensitive data. Dell recommends customers to upgrade at the earliest opportunity.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
  • Dell Smartfabric Os10

    OS
    Dell
    10.5.5.010.5.5.110.5.5.210.5.5.310.5.3.0 – 10.5.3.8 (bez)10.5.4.0 – 10.5.4.8 (bez)10.5.2.0 – 10.5.2.12 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Auth BypassDoS
CWE
References

Related vulnerabilities

CVE-2023-32462CRITICAL9.8PL ✓ten sam produkt

Dell SmartFabric OS10 — command injection przy zdalnym uwierzytelnianiu

CVE-2025-46427HIGH8.8ten sam produkt

Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Neutralization of Special Elem...

CVE-2025-46428HIGH8.8ten sam produkt

Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Neutralization of Special Ele...

CVE-2024-48831HIGH8.4ten sam produkt

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) a Use of Hard-coded Password vulnerability. An...

CVE-2024-48013HIGH8.8ten sam produkt

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Execution wit...