CVE-2023-32462

CRITICAL

Dell SmartFabric OS10 10.5.2.0-10.5.2.11 - Unauthenticated OS Command Injection

Title source: llm

Description

Dell OS10 Networking Switches running 10.5.2.x and above contain an OS command injection vulnerability when using remote user authentication. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands and possible system takeover. This is a critical vulnerability as it allows an attacker to cause severe damage. Dell recommends customers to upgrade at the earliest opportunity.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://www.dell.com/support/kbdoc/en-us/000216584/dsa-2023-124-security-update-for-dell-smartfabric-os10-multiple-vulnerabilities

Scores

CVSS v3 9.8

EPSS 0.0088

EPSS Percentile 75.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-78 CWE-20

Status published

Products (5)

dell/smartfabric_os10 10.5.5.0

dell/smartfabric_os10 10.5.5.1

dell/smartfabric_os10 10.5.5.2

dell/smartfabric_os10 10.5.5.3

dell/smartfabric_os10 10.5.2.0 - 10.5.2.12

Published Feb 15, 2024

Tracked Since Feb 18, 2026