CVE-2024-49557

Name of the Vulnerable Software and Affected Versions: Dell SmartFabric OS10 Software versions 10.5.3.x through 10.5.6.x

Description: The issue is related to an Improper Neutralization of Special Elements used in a Command, also known as a Command Injection vulnerability. This could allow a low-privileged attacker with local access to potentially exploit the vulnerability, leading to code execution. The vulnerability is associated with a failure to properly sanitize input data at the management level.

Recommendations: For versions 10.5.3.x through 10.5.6.x, consider restricting access to the management interface to minimize the risk of exploitation until a patch is available. As a temporary workaround, limiting local access to the system can also help reduce the risk of this vulnerability being exploited. At the moment, there is no information about a newer version that contains a fix for this vulnerability.