Multiple vulnerabilities in Dell Networking MX Series Switches



Published: 2023-08-16
Risk High
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2023-28078
CVE-2023-32462
CWE-ID CWE-923
CWE-77
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		Networking MX SmartFabric OS10
Other software / Other software solutions

Vendor Dell

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Improper restriction of communication channel to intended endpoints

EUVDB-ID: #VU79582

Risk: High

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-28078

CWE-ID: CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information and perform a denial of service attack.

The vulnerability occurs when Dell OS10 Networking Switches configured with VLT or Smart Fabric mode. A remote unauthenticated attacker can exploit this vulnerability leading to information disclosure and possible denial of service.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Networking MX SmartFabric OS10: before 10.5.5.4

External links

http://www.dell.com/support/kbdoc/nl-nl/000216530/dsa-2023-293-security-update-for-dell-networking-mx-series-switches-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Command Injection

EUVDB-ID: #VU79584

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-32462

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary OS commands.

The vulnerability occurs when using remote user authentication. A remote unauthenticated attacker can exploit this vulnerability, leading to the execution of arbitrary OS commands and possible system takeover.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Networking MX SmartFabric OS10: before 10.5.5.4

External links

http://www.dell.com/support/kbdoc/nl-nl/000216530/dsa-2023-293-security-update-for-dell-networking-mx-series-switches-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###