CVE-2023-32462 - Vulnerability Details - OpenCVE

Dell OS10 Networking Switches running 10.5.2.x and above contain an OS command injection vulnerability when using remote user authentication. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands and possible system takeover. This is a critical vulnerability as it allows an attacker to cause severe damage. Dell recommends customers to upgrade at the earliest opportunity.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dell	Smartfabric Os10

Configuration 1 [-]

OR	cpe:2.3:o:dell:smartfabric_os10::::::::
	cpe:2.3:o:dell:smartfabric_os10::::::::
	cpe:2.3:o:dell:smartfabric_os10::::::::
	cpe:2.3:o:dell:smartfabric_os10:10.5.5.0:::::::*
	cpe:2.3:o:dell:smartfabric_os10:10.5.5.1:::::::*
	cpe:2.3:o:dell:smartfabric_os10:10.5.5.2:::::::*
	cpe:2.3:o:dell:smartfabric_os10:10.5.5.3:::::::*

No data.

References

Link	Providers
https://www.dell.com/support/kbdoc/en-us/000216584/dsa-2023-124-security-update-for-dell-smartfabric-os10-multiple-vulnerabilities

History

Thu, 23 Jan 2025 17:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Dell Dell smartfabric Os10
Weaknesses		CWE-78
CPEs		cpe:2.3:o:dell:smartfabric_os10:::::::: cpe:2.3:o:dell:smartfabric_os10:10.5.5.0:::::::* cpe:2.3:o:dell:smartfabric_os10:10.5.5.1:::::::* cpe:2.3:o:dell:smartfabric_os10:10.5.5.2:::::::* cpe:2.3:o:dell:smartfabric_os10:10.5.5.3:::::::*
Vendors & Products		Dell Dell smartfabric Os10

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2024-02-15T12:42:26.610Z

Updated: 2024-08-02T15:18:37.390Z

Reserved: 2023-05-09T06:05:24.994Z

Link: CVE-2023-32462

Vulnrichment

Updated: 2024-08-02T15:18:37.390Z

NVD

Status : Analyzed

Published: 2024-02-15T13:15:45.280

Modified: 2025-01-23T17:02:15.480

Link: CVE-2023-32462

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-32462", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2023-05-09T06:05:24.994Z", "datePublished": "2024-02-15T12:42:26.610Z", "dateUpdated": "2024-08-02T15:18:37.390Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Dell SmartFabric OS10", "vendor": "Dell", "versions": [{"status": "affected", "version": "10.5.5.0"}, {"status": "affected", "version": "10.5.5.3"}, {"status": "affected", "version": "10.5.5.1 (MX)"}, {"status": "affected", "version": "10.5.5.2 (MX)"}, {"status": "affected", "version": "10.5.4.x"}, {"status": "affected", "version": "10.5.4.6 (MX)"}, {"status": "affected", "version": "10.5.3.x"}, {"status": "affected", "version": "10.5.2.x"}]}], "datePublic": "2023-08-08T06:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Dell OS10 Networking Switches running 10.5.2.x and above contain an OS command injection vulnerability when using remote user authentication. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands and possible system takeover. This is a critical vulnerability as it allows an attacker to cause severe damage. Dell recommends customers to upgrade at the earliest opportunity.</span>\n\n"}], "value": "\nDell OS10 Networking Switches running 10.5.2.x and above contain an OS command injection vulnerability when using remote user authentication. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands and possible system takeover. This is a critical vulnerability as it allows an attacker to cause severe damage. Dell recommends customers to upgrade at the earliest opportunity.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20: Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2024-02-15T12:42:26.610Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000216584/dsa-2023-124-security-update-for-dell-smartfabric-os10-multiple-vulnerabilities"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-32462", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-15T16:56:58.249857Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:26:28.817Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:18:37.390Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.dell.com/support/kbdoc/en-us/000216584/dsa-2023-124-security-update-for-dell-smartfabric-os10-multiple-vulnerabilities"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000216584/dsa-2023-124-security-update-for-dell-smartfabric-os10-multiple-vulnerabilities", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:18:37.390Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-32462", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-15T16:56:58.249857Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:10.449Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dell", "product": "Dell SmartFabric OS10", "versions": [{"status": "affected", "version": "10.5.5.0"}, {"status": "affected", "version": "10.5.5.3"}, {"status": "affected", "version": "10.5.5.1 (MX)"}, {"status": "affected", "version": "10.5.5.2 (MX)"}, {"status": "affected", "version": "10.5.4.x"}, {"status": "affected", "version": "10.5.4.6 (MX)"}, {"status": "affected", "version": "10.5.3.x"}, {"status": "affected", "version": "10.5.2.x"}], "defaultStatus": "unaffected"}], "datePublic": "2023-08-08T06:30:00.000Z", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000216584/dsa-2023-124-security-update-for-dell-smartfabric-os10-multiple-vulnerabilities", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "\nDell OS10 Networking Switches running 10.5.2.x and above contain an OS command injection vulnerability when using remote user authentication. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands and possible system takeover. This is a critical vulnerability as it allows an attacker to cause severe damage. Dell recommends customers to upgrade at the earliest opportunity.\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Dell OS10 Networking Switches running 10.5.2.x and above contain an OS command injection vulnerability when using remote user authentication. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands and possible system takeover. This is a critical vulnerability as it allows an attacker to cause severe damage. Dell recommends customers to upgrade at the earliest opportunity.</span>\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20: Improper Input Validation"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2024-02-15T12:42:26.610Z"}}}, "cveMetadata": {"cveId": "CVE-2023-32462", "state": "PUBLISHED", "dateUpdated": "2024-08-02T15:18:37.390Z", "dateReserved": "2023-05-09T06:05:24.994Z", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "datePublished": "2024-02-15T12:42:26.610Z", "assignerShortName": "dell"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:smartfabric_os10:*:*:*:*:*:*:*:*", "matchCriteriaId": "1740757D-7955-4DAF-9823-78D2E8121FD6", "versionEndExcluding": "10.5.2.12", "versionStartIncluding": "10.5.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:dell:smartfabric_os10:*:*:*:*:*:*:*:*", "matchCriteriaId": "5A714316-8AC3-4150-B31F-4AC3132B4A45", "versionEndExcluding": "10.5.3.8", "versionStartIncluding": "10.5.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:dell:smartfabric_os10:*:*:*:*:*:*:*:*", "matchCriteriaId": "DDA673E9-390C-45C8-94A8-D2B82B22E699", "versionEndExcluding": "10.5.4.8", "versionStartIncluding": "10.5.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:dell:smartfabric_os10:10.5.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "DF0C9317-1643-40E0-B5E2-D8EA13709FB3", "vulnerable": true}, {"criteria": "cpe:2.3:o:dell:smartfabric_os10:10.5.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "C1EB5550-61C9-438E-8387-2787907807B7", "vulnerable": true}, {"criteria": "cpe:2.3:o:dell:smartfabric_os10:10.5.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "5800770C-78AD-4754-ACD4-3E9A4FAD28ED", "vulnerable": true}, {"criteria": "cpe:2.3:o:dell:smartfabric_os10:10.5.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "ADE2AF35-19FA-4759-B1FE-604A681A5329", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\nDell OS10 Networking Switches running 10.5.2.x and above contain an OS command injection vulnerability when using remote user authentication. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands and possible system takeover. This is a critical vulnerability as it allows an attacker to cause severe damage. Dell recommends customers to upgrade at the earliest opportunity.\n\n"}, {"lang": "es", "value": "Los conmutadores de red Dell OS10 que ejecutan 10.5.2.x y versiones posteriores contienen una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo cuando se utiliza la autenticaci\u00f3n de usuario remota. Un atacante remoto no autenticado podr\u00eda explotar esta vulnerabilidad, lo que llevar\u00eda a la ejecuci\u00f3n de comandos arbitrarios del sistema operativo y una posible toma de control del sistema. Esta es una vulnerabilidad cr\u00edtica ya que permite que un atacante cause da\u00f1os graves. Dell recomienda a los clientes actualizar lo antes posible."}], "id": "CVE-2023-32462", "lastModified": "2025-01-23T17:02:15.480", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security_alert@emc.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-15T13:15:45.280", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000216584/dsa-2023-124-security-update-for-dell-smartfabric-os10-multiple-vulnerabilities"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000216584/dsa-2023-124-security-update-for-dell-smartfabric-os10-multiple-vulnerabilities"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "security_alert@emc.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}