Dell OS10 - Remote Info Disclosure via REST API in Smart Fabric Services
CVE-2022-29089 Published on September 28, 2022

Dell Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an information disclosure vulnerability. A remote, unauthenticated attacker could potentially exploit this vulnerability by reverse engineering to retrieve sensitive information and access the REST API with admin privileges.

NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

HIGH

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

LOW

Integrity Impact:

LOW

Availability Impact:

HIGH

Weakness Type

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Products Associated with CVE-2022-29089

Want to know whenever a new CVE is published for Dell Smartfabric Os10? stack.watch will email you.

Dell Smartfabric Os10

Affected Versions

Dell Networking OS10:

Version unspecified and below 10.5.3.5 is affected.

Exploit Probability

EPSS

0.19%

Percentile

40.75%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.