CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2023-32462

CVSS 9.8v3.1pub. 2024-02-15upd. 2025-01-23

Dell OS10 Networking Switches running 10.5.2.x and above contain an OS command injection vulnerability when using remote user authentication. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands and possible system takeover. This is a critical vulnerability as it allows an attacker to cause severe damage. Dell recommends customers to upgrade at the earliest opportunity.

🤖 AI Analysis
How it works

The vulnerability results from improper validation of input data (CWE-20) passed during the remote user authentication process. Insufficient filtering enables injection of malicious system commands (CWE-78), which are then executed by the switch's operating system. The attack requires no prior authentication or user interaction, and the network vector makes it possible to be carried out entirely remotely.

Impact

An attacker can execute arbitrary commands at the operating system level of the device, effectively leading to complete takeover of the network switch. The consequence may be a breach of confidentiality, integrity, and availability of the entire network infrastructure based on vulnerable devices.

Mitigation & patch

Dell recommends updating software as soon as possible. Detailed information about available patches is available in Dell security bulletin DSA-2023-124 at: https://www.dell.com/support/kbdoc/en-us/000216584/dsa-2023-124-security-update-for-dell-smartfabric-os10-multiple-vulnerabilities

Who is affected

Dell SmartFabric OS10 Networking Switches in versions 10.5.2.x and later

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Dell Smartfabric Os10

    OS
    Dell
    10.5.5.010.5.5.110.5.5.210.5.5.310.5.3.0 – 10.5.3.8 (bez)10.5.4.0 – 10.5.4.8 (bez)10.5.2.0 – 10.5.2.12 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Auth BypassCommand Injection
CWE
References

Related vulnerabilities

CVE-2023-28078CRITICAL9.1PL ✓ten sam produkt

Podatność zeroMQ w Dell OS10 — ujawnienie danych i DoS przy konfiguracji VLT

CVE-2025-46427HIGH8.8ten sam produkt

Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Neutralization of Special Elem...

CVE-2025-46428HIGH8.8ten sam produkt

Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Neutralization of Special Ele...

CVE-2024-48831HIGH8.4ten sam produkt

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) a Use of Hard-coded Password vulnerability. An...

CVE-2024-48013HIGH8.8ten sam produkt

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Execution wit...