Sign-up

ID

VAR-202402-1750


CVE

CVE-2023-28078


TITLE

Dell's  smartfabric os10  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-027950

DESCRIPTION

Dell OS10 Networking Switches running 10.5.2.x and above contain a vulnerability with zeroMQ when VLT is configured. A remote unauthenticated attacker could potentially exploit this vulnerability leading to information disclosure and a possible Denial of Service when a huge number of requests are sent to the switch. This is a high severity vulnerability as it allows an attacker to view sensitive data. Dell recommends customers to upgrade at the earliest opportunity. Dell's smartfabric os10 Exists in unspecified vulnerabilities.Information is obtained and service operation is interrupted (DoS) It may be in a state

Trust: 2.25

sources: NVD: CVE-2023-28078 // JVNDB: JVNDB-2023-027950 // CNVD: CNVD-2024-11520 // VULMON: CVE-2023-28078

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-11520

AFFECTED PRODUCTS

vendor:dellmodel:smartfabric os10scope:eqversion:10.5.5.1

Trust: 1.0

vendor:dellmodel:smartfabric os10scope:ltversion:10.5.2.12

Trust: 1.0

vendor:dellmodel:smartfabric os10scope:gteversion:10.5.4.0

Trust: 1.0

vendor:dellmodel:smartfabric os10scope:eqversion:10.5.5.2

Trust: 1.0

vendor:dellmodel:smartfabric os10scope:eqversion:10.5.5.3

Trust: 1.0

vendor:dellmodel:smartfabric os10scope:gteversion:10.5.3.0

Trust: 1.0

vendor:dellmodel:smartfabric os10scope:ltversion:10.5.4.8

Trust: 1.0

vendor:dellmodel:smartfabric os10scope:eqversion:10.5.5.0

Trust: 1.0

vendor:dellmodel:smartfabric os10scope:ltversion:10.5.3.8

Trust: 1.0

vendor:dellmodel:smartfabric os10scope:gteversion:10.5.2.0

Trust: 1.0

vendor:デルmodel:smartfabric os10scope:eqversion:10.5.5.3

Trust: 0.8

vendor:デルmodel:smartfabric os10scope:eqversion:10.5.5.2

Trust: 0.8

vendor:デルmodel:smartfabric os10scope:eqversion:10.5.3.0 that's all 10.5.3.8

Trust: 0.8

vendor:デルmodel:smartfabric os10scope: - version: -

Trust: 0.8

vendor:デルmodel:smartfabric os10scope:eqversion:10.5.5.0

Trust: 0.8

vendor:デルmodel:smartfabric os10scope:eqversion:10.5.5.1

Trust: 0.8

vendor:デルmodel:smartfabric os10scope:eqversion:10.5.2.0 that's all 10.5.2.12

Trust: 0.8

vendor:デルmodel:smartfabric os10scope:eqversion:10.5.4.0 that's all 10.5.4.8

Trust: 0.8

vendor:デルmodel:smartfabric os10scope:eqversion: -

Trust: 0.8

vendor:dellmodel:os10 networking switchesscope:gteversion:10.5.2.*

Trust: 0.6

sources: CNVD: CNVD-2024-11520 // JVNDB: JVNDB-2023-027950 // NVD: CVE-2023-28078

CVSS

SEVERITY

CVSSV2

CVSSV3

security_alert@emc.com: CVE-2023-28078
value: CRITICAL

Trust: 1.0

nvd@nist.gov: CVE-2023-28078
value: CRITICAL

Trust: 1.0

NVD: CVE-2023-28078
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2024-11520
value: HIGH

Trust: 0.6

CNVD: CNVD-2024-11520
severity: HIGH
baseScore: 9.4
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

security_alert@emc.com: CVE-2023-28078
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 2.0

NVD: CVE-2023-28078
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2024-11520 // JVNDB: JVNDB-2023-027950 // NVD: CVE-2023-28078 // NVD: CVE-2023-28078

PROBLEMTYPE DATA

problemtype:CWE-923

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Improper restriction of communication channels with intended endpoints (CWE-923) [ others ]

Trust: 0.8

problemtype: Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-027950 // NVD: CVE-2023-28078

PATCH

title:Patch for Dell OS10 Networking Switches information leakage vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/530051

Trust: 0.6

sources: CNVD: CNVD-2024-11520

EXTERNAL IDS

db:NVDid:CVE-2023-28078

Trust: 3.3

db:JVNDBid:JVNDB-2023-027950

Trust: 0.8

db:CNVDid:CNVD-2024-11520

Trust: 0.6

db:VULMONid:CVE-2023-28078

Trust: 0.1

sources: CNVD: CNVD-2024-11520 // VULMON: CVE-2023-28078 // JVNDB: JVNDB-2023-027950 // NVD: CVE-2023-28078

REFERENCES

url:https://www.dell.com/support/kbdoc/en-us/000216584/dsa-2023-124-security-update-for-dell-smartfabric-os10-multiple-vulnerabilities

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2023-28078

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2023-28078/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/923.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2024-11520 // VULMON: CVE-2023-28078 // JVNDB: JVNDB-2023-027950 // NVD: CVE-2023-28078

SOURCES

db:CNVDid:CNVD-2024-11520
db:VULMONid:CVE-2023-28078
db:JVNDBid:JVNDB-2023-027950
db:NVDid:CVE-2023-28078

LAST UPDATE DATE

2025-01-25T22:51:41.774000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-11520date:2024-03-04T00:00:00
db:VULMONid:CVE-2023-28078date:2024-02-15T00:00:00
db:JVNDBid:JVNDB-2023-027950date:2025-01-24T01:44:00
db:NVDid:CVE-2023-28078date:2025-01-23T17:03:49.193

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-11520date:2024-03-04T00:00:00
db:VULMONid:CVE-2023-28078date:2024-02-15T00:00:00
db:JVNDBid:JVNDB-2023-027950date:2025-01-24T00:00:00
db:NVDid:CVE-2023-28078date:2024-02-15T13:15:44.607