Details of VAR-202312-1216

ID

VAR-202312-1216

CVE

CVE-2023-39248

TITLE

Dell's Dell Networking OS10 Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-018959

DESCRIPTION

Dell OS10 Networking Switches running 10.5.2.x and above contain an Uncontrolled Resource Consumption (Denial of Service) vulnerability, when switches are configured with VLT and VRRP. A remote unauthenticated user can cause the network to be flooded leading to Denial of Service for actual network users. This is a high severity vulnerability as it allows an attacker to cause an outage of network. Dell recommends customers to upgrade at the earliest opportunity. Dell's Dell Networking OS10 Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Dell Networking OS10 is a switch made by the American company Dell

Trust: 2.16

sources: NVD: CVE-2023-39248 // JVNDB: JVNDB-2023-018959 // CNVD: CNVD-2024-00192

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-00192

AFFECTED PRODUCTS

vendor:	dell	model:	networking os10	scope:	eq	version:	10.5.5.5	Trust: 1.6
vendor:	デル	model:	dell networking os10	scope:	eq	version:	-	Trust: 0.8
vendor:	デル	model:	dell networking os10	scope:	eq	version:	10.5.5.5	Trust: 0.8
vendor:	デル	model:	dell networking os10	scope:	-	version:	-	Trust: 0.8
vendor:	dell	model:	networking os10 10.5.5.4	scope:	-	version:	-	Trust: 0.6
vendor:	dell	model:	networking os10	scope:	eq	version:	10.5.4.9	Trust: 0.6
vendor:	dell	model:	networking os10	scope:	eq	version:	10.5.3.8	Trust: 0.6
vendor:	dell	model:	networking os10 10.5.4.9	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2024-00192 // JVNDB: JVNDB-2023-018959 // NVD: CVE-2023-39248

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-39248
value:	HIGH
Trust: 1.0
security_alert@emc.com:	CVE-2023-39248
value:	HIGH
Trust: 1.0
NVD:	CVE-2023-39248
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2024-00192
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2024-00192
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2023-39248
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2023-39248
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2024-00192 // JVNDB: JVNDB-2023-018959 // NVD: CVE-2023-39248 // NVD: CVE-2023-39248

PROBLEMTYPE DATA

problemtype:	CWE-400	Trust: 1.0
problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-018959 // NVD: CVE-2023-39248

PATCH

title:

Patch for Dell Networking OS10 Denial of Service Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/512966

Trust: 0.6

sources: CNVD: CNVD-2024-00192

EXTERNAL IDS

db:	NVD	id:	CVE-2023-39248	Trust: 3.2
db:	JVNDB	id:	JVNDB-2023-018959	Trust: 0.8
db:	CNVD	id:	CNVD-2024-00192	Trust: 0.6

sources: CNVD: CNVD-2024-00192 // JVNDB: JVNDB-2023-018959 // NVD: CVE-2023-39248

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000220138/dsa-2023-278-dell-networking-os10-security-updates-for-uncontrolled-resource-consumption	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2023-39248	Trust: 0.8

sources: CNVD: CNVD-2024-00192 // JVNDB: JVNDB-2023-018959 // NVD: CVE-2023-39248

SOURCES

db:	CNVD	id:	CNVD-2024-00192
db:	JVNDB	id:	JVNDB-2023-018959
db:	NVD	id:	CVE-2023-39248

LAST UPDATE DATE

2024-08-14T14:23:42.507000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-00192	date:	2024-01-03T00:00:00
db:	JVNDB	id:	JVNDB-2023-018959	date:	2024-01-12T02:17:00
db:	NVD	id:	CVE-2023-39248	date:	2023-12-11T15:33:45.650

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-00192	date:	2024-01-03T00:00:00
db:	JVNDB	id:	JVNDB-2023-018959	date:	2024-01-12T00:00:00
db:	NVD	id:	CVE-2023-39248	date:	2023-12-05T06:15:48.667