Ir al contenido principal
Cerrar sesión

Le damos la bienvenida a Dell

Mi cuenta
  • Realice pedidos rápida y fácilmente.
  • Vea los pedidos y haga el seguimiento del estado del envío.
  • Cree una lista de sus productos y acceda a ella
  • Gestione sus sitios, productos y contactos a nivel de producto de Dell EMC con la administración de empresa.
Iniciar sesión Crear una cuenta Inicio de sesión en Premier Iniciar sesión en el programa para socios
Contáctenos

Sus carritos de Dell.com

Número de artículo: 000223381

DSA-2024-148: Security Update for Dell Networking Z9432F-ON and S5448F-ON for multiple vulnerabilities

Resumen: Dell Networking Z9432F-ON and S5448F-ON remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected systems.

Contenido del artículo

Impacto

Critical

Detalles

Proprietary Code CVEs Description CVSS Vector String
CVE-2023-34329 AMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header. A successful exploit of this vulnerability may lead to loss of confidentiality, integrity, and availability.

See NVD link below for individual scores for each CVE. 

https://nvd.nist.gov/
CVE-2023-34472 AMI SPx contains a vulnerability in the BMC where an Attacker may cause an improper neutralization of CRLF sequences in HTTP Headers. A successful exploit of this vulnerability may lead to a loss of integrity.

See NVD link below for individual scores for each CVE. 

https://nvd.nist.gov/

Dell Technologies recomienda que todos los clientes tengan en cuenta la puntuación base CVSS y las puntuaciones temporales o de entorno relevantes que puedan afectar a la posible gravedad asociada a una determinada vulnerabilidad de seguridad.

Productos afectados y corrección

CVEs Addressed Product Software/Firmware
 		 Affected Versions Remediated Versions Link
CVE-2023-34329 Z9432F-ON Firmware Versions prior to v3.51.5.1-18 Version v3.51.5.1-18 or later https://www.dell.com/support/home/en-us/product-support/product/networking-z9432f-on/drivers
 
CVE-2023-34472 Z9432F-ON Firmware Versions prior to v3.51.5.1-18 Version v3.51.5.1-18 or later https://www.dell.com/support/home/en-us/product-support/product/networking-z9432f-on/drivers
 
CVE-2023-34329 S5448F-ON Firmware Versions prior to v3.52.5.1-10 Version v3.52.5.1-10 or later https://www.dell.com/support/home/en-us/product-support/product/networking-s5448f-on/drivers
 
CVE-2023-34472 S5448-ON Firmware Versions prior to v3.52.5.1-10 Version v3.52.5.1-10 or later https://www.dell.com/support/home/en-us/product-support/product/networking-s5448f-on/drivers
 
CVEs Addressed Product Software/Firmware
 		 Affected Versions Remediated Versions Link
CVE-2023-34329 Z9432F-ON Firmware Versions prior to v3.51.5.1-18 Version v3.51.5.1-18 or later https://www.dell.com/support/home/en-us/product-support/product/networking-z9432f-on/drivers
 
CVE-2023-34472 Z9432F-ON Firmware Versions prior to v3.51.5.1-18 Version v3.51.5.1-18 or later https://www.dell.com/support/home/en-us/product-support/product/networking-z9432f-on/drivers
 
CVE-2023-34329 S5448F-ON Firmware Versions prior to v3.52.5.1-10 Version v3.52.5.1-10 or later https://www.dell.com/support/home/en-us/product-support/product/networking-s5448f-on/drivers
 
CVE-2023-34472 S5448-ON Firmware Versions prior to v3.52.5.1-10 Version v3.52.5.1-10 or later https://www.dell.com/support/home/en-us/product-support/product/networking-s5448f-on/drivers
 

Soluciones alternativas y mitigaciones

none

Historial de revisiones

RevisionDateDescription
1.02024-03-21Initial Release
2.02024-03-22removed unneeded CVSS score column

Información relacionada

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Información legal

Propiedades del artículo

Producto afectado

PowerSwitch S5448F-ON, PowerSwitch Z9432F-ON

Fecha de la última publicación

22 mar 2024

Tipo de artículo

Dell Security Advisory

Volver al principio