Dell Networking Os10

Dell OS10 Switches - Improper Auth (Priv Esc) v10.5.3-10.5.6
CVE-2024-25949 8.8 - High - June 12, 2024

Dell OS10 Networking Switches, versions10.5.6.x, 10.5.5.x, 10.5.4.x and 10.5.3.x ,contain an improper authorization vulnerability. A remote authenticated attacker could potentially exploit this vulnerability leading to escalation of privileges.

AuthZ

Dell OS10 10.5.2.x+ Uncontrolled Resource Consumption DoS via VLT/VRRP
CVE-2023-39248 7.5 - High - December 05, 2023

Dell OS10 Networking Switches running 10.5.2.x and above contain an Uncontrolled Resource Consumption (Denial of Service) vulnerability, when switches are configured with VLT and VRRP. A remote unauthenticated user can cause the network to be flooded leading to Denial of Service for actual network users. This is a high severity vulnerability as it allows an attacker to cause an outage of network. Dell recommends customers to upgrade at the earliest opportunity.

Dell Networking OS10 versions 10.4.3.x, 10.5.0.x and 10.5.1.x contain an information exposure vulnerability
CVE-2021-36319 3.3 - Low - November 20, 2021

Dell Networking OS10 versions 10.4.3.x, 10.5.0.x and 10.5.1.x contain an information exposure vulnerability. A low privileged authenticated malicious user can gain access to SNMP authentication failure messages.

Exposure of Resource to Wrong Sphere

Dell Networking OS10
CVE-2021-36310 4.9 - Medium - November 20, 2021

Dell Networking OS10, versions 10.4.3.x, 10.5.0.x, 10.5.1.x & 10.5.2.x, contain an uncontrolled resource consumption flaw in its API service. A high-privileged API user may potentially exploit this vulnerability, leading to a denial of service.

Resource Exhaustion

Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an authentication bypass vulnerability
CVE-2021-36308 9.8 - Critical - November 20, 2021

Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to gain access and perform actions on the affected system.

authentification

Networking OS10, versions prior to October 2021 with RESTCONF API enabled, contains a privilege escalation vulnerability
CVE-2021-36307 8.8 - High - November 20, 2021

Networking OS10, versions prior to October 2021 with RESTCONF API enabled, contains a privilege escalation vulnerability. A malicious low privileged user with specific access to the API could potentially exploit this vulnerability to gain admin privileges on the affected system.

Improper Privilege Management

Networking OS10, versions prior to October 2021 with RESTCONF API enabled, contains an authentication bypass vulnerability
CVE-2021-36306 9.8 - Critical - November 20, 2021

Networking OS10, versions prior to October 2021 with RESTCONF API enabled, contains an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to gain access and perform actions on the affected system.

authentification

Dell OS10 versions prior to 10.4.2.1 contain a vulnerability caused by lack of proper input validation on the command-line interface (CLI).
CVE-2018-15778 7.8 - High - February 04, 2019

Dell OS10 versions prior to 10.4.2.1 contain a vulnerability caused by lack of proper input validation on the command-line interface (CLI).

Improper Input Validation

Dell Networking OS10 versions prior to 10.4.3.0 contain a vulnerability in the Phone Home feature
CVE-2018-15784 7.4 - High - January 18, 2019

Dell Networking OS10 versions prior to 10.4.3.0 contain a vulnerability in the Phone Home feature which does not properly validate the server's certificate authority during TLS handshake. Use of an invalid or malicious certificate could potentially allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack.

Improper Certificate Validation