Sign-up

ID

VAR-202402-1924


CVE

CVE-2023-32462


TITLE

Dell's  smartfabric os10  In  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2023-027961

DESCRIPTION

Dell OS10 Networking Switches running 10.5.2.x and above contain an OS command injection vulnerability when using remote user authentication. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands and possible system takeover. This is a critical vulnerability as it allows an attacker to cause severe damage. Dell recommends customers to upgrade at the earliest opportunity. (DoS) It may be in a state. Dell OS10 Networking Switches is a switch made by the American company Dell

Trust: 2.25

sources: NVD: CVE-2023-32462 // JVNDB: JVNDB-2023-027961 // CNVD: CNVD-2024-11519 // VULMON: CVE-2023-32462

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-11519

AFFECTED PRODUCTS

vendor:dellmodel:smartfabric os10scope:eqversion:10.5.5.1

Trust: 1.0

vendor:dellmodel:smartfabric os10scope:ltversion:10.5.2.12

Trust: 1.0

vendor:dellmodel:smartfabric os10scope:gteversion:10.5.4.0

Trust: 1.0

vendor:dellmodel:smartfabric os10scope:eqversion:10.5.5.2

Trust: 1.0

vendor:dellmodel:smartfabric os10scope:eqversion:10.5.5.3

Trust: 1.0

vendor:dellmodel:smartfabric os10scope:gteversion:10.5.3.0

Trust: 1.0

vendor:dellmodel:smartfabric os10scope:ltversion:10.5.4.8

Trust: 1.0

vendor:dellmodel:smartfabric os10scope:eqversion:10.5.5.0

Trust: 1.0

vendor:dellmodel:smartfabric os10scope:ltversion:10.5.3.8

Trust: 1.0

vendor:dellmodel:smartfabric os10scope:gteversion:10.5.2.0

Trust: 1.0

vendor:デルmodel:smartfabric os10scope:eqversion:10.5.5.3

Trust: 0.8

vendor:デルmodel:smartfabric os10scope:eqversion:10.5.5.2

Trust: 0.8

vendor:デルmodel:smartfabric os10scope:eqversion:10.5.3.0 that's all 10.5.3.8

Trust: 0.8

vendor:デルmodel:smartfabric os10scope: - version: -

Trust: 0.8

vendor:デルmodel:smartfabric os10scope:eqversion:10.5.5.0

Trust: 0.8

vendor:デルmodel:smartfabric os10scope:eqversion:10.5.5.1

Trust: 0.8

vendor:デルmodel:smartfabric os10scope:eqversion:10.5.2.0 that's all 10.5.2.12

Trust: 0.8

vendor:デルmodel:smartfabric os10scope:eqversion:10.5.4.0 that's all 10.5.4.8

Trust: 0.8

vendor:デルmodel:smartfabric os10scope:eqversion: -

Trust: 0.8

vendor:dellmodel:os10 networking switchesscope:gteversion:10.5.2.*

Trust: 0.6

sources: CNVD: CNVD-2024-11519 // JVNDB: JVNDB-2023-027961 // NVD: CVE-2023-32462

CVSS

SEVERITY

CVSSV2

CVSSV3

security_alert@emc.com: CVE-2023-32462
value: CRITICAL

Trust: 1.0

nvd@nist.gov: CVE-2023-32462
value: CRITICAL

Trust: 1.0

NVD: CVE-2023-32462
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2024-11519
value: HIGH

Trust: 0.6

CNVD: CNVD-2024-11519
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

security_alert@emc.com: CVE-2023-32462
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2023-32462
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2024-11519 // JVNDB: JVNDB-2023-027961 // NVD: CVE-2023-32462 // NVD: CVE-2023-32462

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

problemtype:CWE-78

Trust: 1.0

problemtype:Inappropriate input confirmation (CWE-20) [ others ]

Trust: 0.8

problemtype:OS Command injection (CWE-78) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-027961 // NVD: CVE-2023-32462

PATCH

title:Patch for Dell OS10 Networking Switches command execution vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/530056

Trust: 0.6

sources: CNVD: CNVD-2024-11519

EXTERNAL IDS

db:NVDid:CVE-2023-32462

Trust: 3.3

db:JVNDBid:JVNDB-2023-027961

Trust: 0.8

db:CNVDid:CNVD-2024-11519

Trust: 0.6

db:VULMONid:CVE-2023-32462

Trust: 0.1

sources: CNVD: CNVD-2024-11519 // VULMON: CVE-2023-32462 // JVNDB: JVNDB-2023-027961 // NVD: CVE-2023-32462

REFERENCES

url:https://www.dell.com/support/kbdoc/en-us/000216584/dsa-2023-124-security-update-for-dell-smartfabric-os10-multiple-vulnerabilities

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2023-32462

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2023-32462/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2024-11519 // VULMON: CVE-2023-32462 // JVNDB: JVNDB-2023-027961 // NVD: CVE-2023-32462

SOURCES

db:CNVDid:CNVD-2024-11519
db:VULMONid:CVE-2023-32462
db:JVNDBid:JVNDB-2023-027961
db:NVDid:CVE-2023-32462

LAST UPDATE DATE

2025-01-25T23:00:26.379000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-11519date:2024-03-04T00:00:00
db:VULMONid:CVE-2023-32462date:2024-02-15T00:00:00
db:JVNDBid:JVNDB-2023-027961date:2025-01-24T05:04:00
db:NVDid:CVE-2023-32462date:2025-01-23T17:02:15.480

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-11519date:2024-03-04T00:00:00
db:VULMONid:CVE-2023-32462date:2024-02-15T00:00:00
db:JVNDBid:JVNDB-2023-027961date:2025-01-24T00:00:00
db:NVDid:CVE-2023-32462date:2024-02-15T13:15:45.280