Vulnerabilities > CVE-2023-28078 - Unspecified vulnerability in Dell Smartfabric Os10

CVSS 9.1 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

dell

critical

NVD

Published: 2024-02-15

Updated: 2025-01-23

Summary

Dell OS10 Networking Switches running 10.5.2.x and above contain a vulnerability with zeroMQ when VLT is configured. A remote unauthenticated attacker could potentially exploit this vulnerability leading to information disclosure and a possible Denial of Service when a huge number of requests are sent to the switch. This is a high severity vulnerability as it allows an attacker to view sensitive data. Dell recommends customers to upgrade at the earliest opportunity.

Vulnerable Configurations

Part	Description	Count
OS	Dell Dell Smartfabric Os10 10.5.5.1 Dell Smartfabric Os10 10.5.5.2 Dell Smartfabric Os10 10.5.2.0 Dell Smartfabric Os10 10.5.2.11 Dell Smartfabric Os10 10.5.3.0 Dell Smartfabric Os10 10.5.3.4 Dell Smartfabric Os10 10.5.3.5 Dell Smartfabric Os10 10.5.4.0 Dell Smartfabric Os10 10.5.4.2 Dell Smartfabric Os10 10.5.4.3 Dell Smartfabric Os10 10.5.4.5 Dell Smartfabric Os10 10.5.4.6 Dell Smartfabric Os10 10.5.4.7 Dell Smartfabric Os10 10.5.5.0 Dell Smartfabric Os10 10.5.5.3	15

Summary

Vulnerable Configurations

References