N3K

Name of the Vulnerable Software and Affected Versions: Dell Enterprise SONiC OS versions 4.1.x through 4.2.x Description: The issue is related to an Improper Neutralization of Special Elements used in an OS Command, also known as 'OS Command Injection'. This allows a high privileged attacker with remote access to potentially execute commands. The severity of this issue is critical, as it enables the execution of high privilege OS commands with a less privileged role. Recommendations: For Dell Enterprise SONiC OS versions 4.1.x through 4.2.x, upgrade at the earliest opportunity to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the system to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Dell SmartFabric OS10 Software versions 10.5.3.x through 10.5.6.x Description: The issue is related to an Improper Neutralization of Special Elements used in a Command, also known as a Command Injection vulnerability. This could allow a low-privileged attacker with local access to potentially exploit the vulnerability, leading to code execution. The vulnerability is associated with a failure to properly sanitize input data at the management level. Recommendations: For versions 10.5.3.x through 10.5.6.x, consider restricting access to the management interface to minimize the risk of exploitation until a patch is available. As a temporary workaround, limiting local access to the system can also help reduce the risk of this vulnerability being exploited. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VMware NSX (affected versions not specified) **Description** A command injection issue exists, allowing a malicious actor with access to the NSX Edge CLI terminal to craft malicious payloads and execute arbitrary commands on the operating system as root. This could potentially lead to privilege escalation. The estimated number of potentially affected devices worldwide is not specified. Details about real-world incidents where this issue was exploited are not provided. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Dell SmartFabric OS10 Software versions 10.5.3.x through 10.5.6.x Description: The issue is related to files or directories being accessible to external parties. A low-privileged attacker with local access could potentially exploit this, leading to filesystem access for the attacker. This could allow an unauthorized party to gain access to protected information. Recommendations: For versions 10.5.3.x through 10.5.6.x, consider restricting access to sensitive files and directories to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Dell SmartFabric OS10 Software versions 10.5.3.x through 10.5.6.x Description: The issue is related to insufficient access control in the network operating system, which could allow a low-privileged attacker with local access to potentially exploit the vulnerability, leading to command execution. Recommendations: For versions 10.5.3.x through 10.5.6.x, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dell SmartFabric OS10 Software versions 10.5.3.x through 10.5.6.x **Description** The issue is related to an Improper Neutralization of Special Elements used in a Command, also known as a Command Injection vulnerability. This could allow a low-privileged attacker with remote access to potentially exploit the vulnerability, leading to code execution. **Recommendations** For Dell SmartFabric OS10 Software versions 10.5.3.x through 10.5.6.x, consider disabling remote access until a patch is available to prevent potential exploitation. Restricting privileges for low-privileged attackers can also help minimize the risk of code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Dell Enterprise SONiC OS versions 4.1.x through 4.2.x Description: The issue is related to an improper neutralization of special elements used in an OS command, which can be exploited by a high-privileged attacker with remote access to execute arbitrary commands. This is a critical severity issue that could lead to command execution and potentially allow a remote attacker to gain unauthorized access due to a weakness in the authentication process. Recommendations: For Dell Enterprise SONiC OS versions 4.1.x through 4.2.x, upgrade to a newer version at the earliest opportunity to prevent remote attacks. As a temporary workaround, consider restricting access to vulnerable components until a patch is available. Avoid using vulnerable functions or parameters in affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Dell SmartFabric OS10 Software versions 10.5.5.4 through 10.5.5.10 and 10.5.6.x **Description** The issue involves the use of a hard-coded password in Dell SmartFabric OS10 Software. A low-privileged attacker with remote access could potentially exploit this, leading to client-side request forgery and information disclosure. **Recommendations** For versions 10.5.5.4 through 10.5.5.10, consider disabling any features that rely on the hard-coded password until a patch is available. For version 10.5.6.x, restrict access to any modules or functions that utilize the hard-coded password to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dell SmartFabric OS10 Software versions 10.5.5.4 through 10.5.5.10 and 10.5.6.x **Description** The issue is related to an Improper Neutralization of Special Elements used in a Command, also known as a 'Command Injection' vulnerability. This could allow a low-privileged attacker with remote access to potentially exploit the vulnerability, leading to command execution. **Recommendations** For versions 10.5.5.4 through 10.5.5.10, consider applying a patch or update to resolve the issue. For version 10.5.6.x, consider applying a patch or update to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.