CVE-2023-28078

CRITICAL

Dell SmartFabric OS10 10.5.2.0-10.5.2.11 - Unauthenticated Information Disclosure and Denial of Service via zeroMQ

Title source: llm

Description

Dell OS10 Networking Switches running 10.5.2.x and above contain a vulnerability with zeroMQ when VLT is configured. A remote unauthenticated attacker could potentially exploit this vulnerability leading to information disclosure and a possible Denial of Service when a huge number of requests are sent to the switch. This is a high severity vulnerability as it allows an attacker to view sensitive data. Dell recommends customers to upgrade at the earliest opportunity.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://www.dell.com/support/kbdoc/en-us/000216584/dsa-2023-124-security-update-for-dell-smartfabric-os10-multiple-vulnerabilities

Scores

CVSS v3 9.1

EPSS 0.0028

EPSS Percentile 51.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-923

Status published

Products (5)

dell/smartfabric_os10 10.5.5.0

dell/smartfabric_os10 10.5.5.1

dell/smartfabric_os10 10.5.5.2

dell/smartfabric_os10 10.5.5.3

dell/smartfabric_os10 10.5.2.0 - 10.5.2.12

Published Feb 15, 2024

Tracked Since Feb 18, 2026