Article Number: 000220138
DSA-2023-278: Dell Networking OS10 Security Updates for Uncontrolled resource Consumption.
Summary: Dell Networking OS10 remediation is available for a security vulnerability that could be exploited by malicious users to compromise the affected system.
Article Content
Impact
High
Details
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-39248 | Dell OS10 Networking Switches running 10.5.2.x and above contain an Uncontrolled Resource Consumption (Denial of Service) vulnerability, when switches are configured with VLT and VRRP. A remote unauthenticated user can cause the network to be flooded leading to Denial of Service for actual network users. This is a high severity vulnerability as it allows an attacker to cause an outage of network. Dell recommends customers to upgrade at the earliest opportunity. |
7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2023-39248 | Dell OS10 Networking Switches running 10.5.2.x and above contain an Uncontrolled Resource Consumption (Denial of Service) vulnerability, when switches are configured with VLT and VRRP. A remote unauthenticated user can cause the network to be flooded leading to Denial of Service for actual network users. This is a high severity vulnerability as it allows an attacker to cause an outage of network. Dell recommends customers to upgrade at the earliest opportunity. |
7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Affected Products and Remediation
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|
| CVE-2023-39248 | Dell Networking OS10 | 10.5.5.5 | 10.5.5.6 | SmartFabric OS10 downloads page. |
| CVE-2023-39248 | Dell Networking OS10 | 10.5.5.4(MX) | 10.5.5.7(MX) | SmartFabric OS10 downloads page |
| CVE-2023-39248 | Dell Networking OS10 | 10.5.4.9 | 10.5.4.10 | SmartFabric OS10 downloads page |
| CVE-2023-39248 | Dell Networking OS10 | 10.5.3.8 | 10.5.3.9 | SmartFabric OS10 downloads page |
| CVE-2023-39248 | Dell Networking OS10 | 10.5.4.9(MX) | 10.5.4.10 | SmartFabric OS10 downloads page |
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
|---|---|---|---|---|
| CVE-2023-39248 | Dell Networking OS10 | 10.5.5.5 | 10.5.5.6 | SmartFabric OS10 downloads page. |
| CVE-2023-39248 | Dell Networking OS10 | 10.5.5.4(MX) | 10.5.5.7(MX) | SmartFabric OS10 downloads page |
| CVE-2023-39248 | Dell Networking OS10 | 10.5.4.9 | 10.5.4.10 | SmartFabric OS10 downloads page |
| CVE-2023-39248 | Dell Networking OS10 | 10.5.3.8 | 10.5.3.9 | SmartFabric OS10 downloads page |
| CVE-2023-39248 | Dell Networking OS10 | 10.5.4.9(MX) | 10.5.4.10 | SmartFabric OS10 downloads page |
DSA-2023-382: Security Update for Dell Networking MX Series Switches Vulnerability
Workarounds and Mitigations
| CVE ID | Workaround and Mitigation |
|---|---|
| CVE-2023-39248 | N/a |
Acknowledgements
Dell Technologies would like to thank IT CREATION B.V. for reporting this issue.
Revision History
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2023-12-04 | Initial Release |
| 2.0 | 2023-12-05 | formatting edit with no change to content |
| 3.0 | 2023-12-05 | removed unneeded wording in the Workaround & Mitigations table |
| 4.0 | 2023-12-13 | added missing remediated versions and updated the Workaround and Mitigation table |
| 5.0 | 2023-12-13 | added acknowledgements and reference to DSA-2023-382 |
Related Information
Legal Information
Article Properties
Affected Product
SmartFabric OS10 Software
Last Published Date
13 Dec 2023
Article Type
Dell Security Advisory