CVSS: 7.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39585
https://notcve.org/view.php?id=CVE-2024-39585
Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x, contain(s) an Use of Hard-coded Password vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Client-side request forgery and Information disclosure. • https://www.dell.com/support/kbdoc/en-us/000228357/dsa-2024-377-security-update-for-dell-networking-os10-vulnerability https://www.dell.com/support/kbdoc/en-us/000228355/dsa-2024-376-security-update-for-dell-networking-os10-vulnerability • CWE-259: Use of Hard-coded Password •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38486
https://notcve.org/view.php?id=CVE-2024-38486
Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x , contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. • https://www.dell.com/support/kbdoc/en-us/000228355/dsa-2024-376-security-update-for-dell-networking-os10-vulnerability • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-25949
https://notcve.org/view.php?id=CVE-2024-25949
Dell OS10 Networking Switches, versions10.5.6.x, 10.5.5.x, 10.5.4.x and 10.5.3.x ,contain an improper authorization vulnerability. A remote authenticated attacker could potentially exploit this vulnerability leading to escalation of privileges. Dell OS10 Networking Switches, versiones 10.5.6.x, 10.5.5.x, 10.5.4.x y 10.5.3.x, contienen una vulnerabilidad de autorización incorrecta. Un atacante autenticado remotamente podría explotar esta vulnerabilidad y provocar una escalada de privilegios. • https://www.dell.com/support/kbdoc/en-us/000225922/dsa-2024-087-security-update-for-dell-networking-os10-vulnerability • CWE-285: Improper Authorization •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-32462
https://notcve.org/view.php?id=CVE-2023-32462
Dell OS10 Networking Switches running 10.5.2.x and above contain an OS command injection vulnerability when using remote user authentication. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands and possible system takeover. This is a critical vulnerability as it allows an attacker to cause severe damage. Dell recommends customers to upgrade at the earliest opportunity. Los conmutadores de red Dell OS10 que ejecutan 10.5.2.x y versiones posteriores contienen una vulnerabilidad de inyección de comandos del sistema operativo cuando se utiliza la autenticación de usuario remota. • https://www.dell.com/support/kbdoc/en-us/000216584/dsa-2023-124-security-update-for-dell-smartfabric-os10-multiple-vulnerabilities • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 0CVE-2023-28078
https://notcve.org/view.php?id=CVE-2023-28078
Dell OS10 Networking Switches running 10.5.2.x and above contain a vulnerability with zeroMQ when VLT is configured. A remote unauthenticated attacker could potentially exploit this vulnerability leading to information disclosure and a possible Denial of Service when a huge number of requests are sent to the switch. This is a high severity vulnerability as it allows an attacker to view sensitive data. Dell recommends customers to upgrade at the earliest opportunity. Los conmutadores de red Dell OS10 que ejecutan 10.5.2.x y versiones posteriores contienen una vulnerabilidad con zeroMQ cuando se configura VLT. • https://www.dell.com/support/kbdoc/en-us/000216584/dsa-2023-124-security-update-for-dell-smartfabric-os10-multiple-vulnerabilities • CWE-923: Improper Restriction of Communication Channel to Intended Endpoints •