CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-34424
https://notcve.org/view.php?id=CVE-2022-34424
Networking OS10, versions 10.5.1.x, 10.5.2.x, and 10.5.3.x contain a vulnerability that could allow an attacker to cause a system crash by running particular security scans. Networking OS10, versiones 10.5.1.x, 10.5.2.x y 10.5.3.x contienen una vulnerabilidad que podría permitir a un atacante causar un fallo del sistema al ejecutar determinados escaneos de seguridad • https://www.dell.com/support/kbdoc/en-us/000202971/dsa-2022-135-dell-emc-smartfabric-os10-security-update-for-multiple-security-vulnerabilities • CWE-787: Out-of-bounds Write •
CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34394
https://notcve.org/view.php?id=CVE-2022-34394
Dell OS10, version 10.5.3.4, contains an Improper Certificate Validation vulnerability in Support Assist. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to limited switch configuration data. The vulnerability could be leveraged by attackers to conduct man-in-the-middle attacks to gain access to the Support Assist information. Dell OS10, versión 10.5.3.4, contiene una vulnerabilidad de comprobación inapropiada de certificados en Support Assist. Un atacante remoto no autenticado podría explotar esta vulnerabilidad, lo que conllevaría un acceso no autorizado a datos limitados de configuración del conmutador. • https://www.dell.com/support/kbdoc/en-us/000202974/dsa-2022-293-dell-networking-os10-security-update-for-a-support-assist-vulnerability • CWE-295: Improper Certificate Validation •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2022-29089
https://notcve.org/view.php?id=CVE-2022-29089
Dell Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an information disclosure vulnerability. A remote, unauthenticated attacker could potentially exploit this vulnerability by reverse engineering to retrieve sensitive information and access the REST API with admin privileges. Dell Networking OS10, versiones anteriores a octubre 2021 con Smart Fabric Services habilitado, contiene una vulnerabilidad de divulgación de información. Un atacante remoto no autenticado podría explotar esta vulnerabilidad mediante ingeniería inversa para recuperar información confidencial y acceder a la API REST con privilegios de administrador • https://www.dell.com/support/kbdoc/en-us/000202971/dsa-2022-135-dell-emc-smartfabric-os10-security-update-for-multiple-security-vulnerabilities • CWE-522: Insufficiently Protected Credentials •