PT-2024-12326 · Dell · Dell Os10 Networking Switches

Published

2024-02-15

Updated

2024-02-19

CVE-2023-32462

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Dell OS10 Networking Switches versions 10.5.2.x and above

Description A remote unauthenticated attacker could potentially exploit an OS command injection vulnerability when using remote user authentication, leading to the execution of arbitrary OS commands and possible system takeover. This is a critical issue as it allows an attacker to cause severe damage.

Recommendations For Dell OS10 Networking Switches versions 10.5.2.x and above, upgrade to a newer version at the earliest opportunity to resolve the issue. As a temporary workaround, consider restricting access to remote user authentication to minimize the risk of exploitation.

Fix

OS Command Injection

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-20

Related Identifiers

CVE-2023-32462

Affected Products

Dell Os10 Networking Switches

PT-2024-12326 · Dell · Dell Os10 Networking Switches

CVE-2023-32462

Weakness Enumeration

Related Identifiers

Affected Products

References · 15