OS10 Switch 10.5.2.x+ Cmd Injection via Remote Auth
CVE-2023-32462 Published on February 15, 2024
Dell OS10 Networking Switches running 10.5.2.x and above contain an OS command injection vulnerability when using remote user authentication. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands and possible system takeover. This is a critical vulnerability as it allows an attacker to cause severe damage. Dell recommends customers to upgrade at the earliest opportunity.
Vulnerability Analysis
CVE-2023-32462 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Weakness Type
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Products Associated with CVE-2023-32462
Want to know whenever a new CVE is published for Dell Smartfabric Os10? stack.watch will email you.
Affected Versions
Dell SmartFabric OS10:- Version 10.5.5.0 is affected.
- Version 10.5.5.3 is affected.
- Version 10.5.5.1 (MX) is affected.
- Version 10.5.5.2 (MX) is affected.
- Version 10.5.4.x is affected.
- Version 10.5.4.6 (MX) is affected.
- Version 10.5.3.x is affected.
- Version 10.5.2.x is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.