Article Number: 000220138
High
Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
---|---|---|---|
CVE-2023-39248 | Dell OS10 Networking Switches running 10.5.2.x and above contain an Uncontrolled Resource Consumption (Denial of Service) vulnerability, when switches are configured with VLT and VRRP. A remote unauthenticated user can cause the network to be flooded leading to Denial of Service for actual network users. This is a high severity vulnerability as it allows an attacker to cause an outage of network. Dell recommends customers to upgrade at the earliest opportunity. |
7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
---|---|---|---|
CVE-2023-39248 | Dell OS10 Networking Switches running 10.5.2.x and above contain an Uncontrolled Resource Consumption (Denial of Service) vulnerability, when switches are configured with VLT and VRRP. A remote unauthenticated user can cause the network to be flooded leading to Denial of Service for actual network users. This is a high severity vulnerability as it allows an attacker to cause an outage of network. Dell recommends customers to upgrade at the earliest opportunity. |
7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
---|---|---|---|---|
CVE-2023-39248 | Dell Networking OS10 | 10.5.5.5 | 10.5.5.6 | SmartFabric OS10 downloads page. |
CVE-2023-39248 | Dell Networking OS10 | 10.5.5.4(MX) | 10.5.5.7(MX) | SmartFabric OS10 downloads page |
CVE-2023-39248 | Dell Networking OS10 | 10.5.4.9 | 10.5.4.10 | SmartFabric OS10 downloads page |
CVE-2023-39248 | Dell Networking OS10 | 10.5.3.8 | 10.5.3.9 | SmartFabric OS10 downloads page |
CVE-2023-39248 | Dell Networking OS10 | 10.5.4.9(MX) | 10.5.4.10 | SmartFabric OS10 downloads page |
CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
---|---|---|---|---|
CVE-2023-39248 | Dell Networking OS10 | 10.5.5.5 | 10.5.5.6 | SmartFabric OS10 downloads page. |
CVE-2023-39248 | Dell Networking OS10 | 10.5.5.4(MX) | 10.5.5.7(MX) | SmartFabric OS10 downloads page |
CVE-2023-39248 | Dell Networking OS10 | 10.5.4.9 | 10.5.4.10 | SmartFabric OS10 downloads page |
CVE-2023-39248 | Dell Networking OS10 | 10.5.3.8 | 10.5.3.9 | SmartFabric OS10 downloads page |
CVE-2023-39248 | Dell Networking OS10 | 10.5.4.9(MX) | 10.5.4.10 | SmartFabric OS10 downloads page |
CVE ID | Workaround and Mitigation |
---|---|
CVE-2023-39248 | N/a |
Dell Technologies would like to thank IT CREATION B.V. for reporting this issue.
Revision | Date | Description |
---|---|---|
1.0 | 2023-12-04 | Initial Release |
2.0 | 2023-12-05 | formatting edit with no change to content |
3.0 | 2023-12-05 | removed unneeded wording in the Workaround & Mitigations table |
4.0 | 2023-12-13 | added missing remediated versions and updated the Workaround and Mitigation table |
5.0 | 2023-12-13 | added acknowledgements and reference to DSA-2023-382 |
SmartFabric OS10 Software
13 Dec 2023
Dell Security Advisory