Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-39248: DSA-2023-278: Dell Networking OS10 Security Updates for Uncontrolled resource Consumption.

Dell OS10 Networking Switches running 10.5.2.x and above contain an Uncontrolled Resource Consumption (Denial of Service) vulnerability, when switches are configured with VLT and VRRP. A remote unauthenticated user can cause the network to be flooded leading to Denial of Service for actual network users. This is a high severity vulnerability as it allows an attacker to cause an outage of network. Dell recommends customers to upgrade at the earliest opportunity.

CVE
Open in Source
#vulnerability#web#dos#auth#dell

Impact

High

Details

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2023-39248

Dell OS10 Networking Switches running 10.5.2.x and above contain an Uncontrolled Resource Consumption (Denial of Service) vulnerability, when switches are configured with VLT and VRRP. A remote unauthenticated
user can cause the network to be flooded leading to Denial of Service for actual network users. This is a high severity vulnerability as it allows an attacker to cause an outage of network. Dell recommends customers to upgrade at the earliest opportunity.

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2023-39248

Dell OS10 Networking Switches running 10.5.2.x and above contain an Uncontrolled Resource Consumption (Denial of Service) vulnerability, when switches are configured with VLT and VRRP. A remote unauthenticated
user can cause the network to be flooded leading to Denial of Service for actual network users. This is a high severity vulnerability as it allows an attacker to cause an outage of network. Dell recommends customers to upgrade at the earliest opportunity.

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

CVEs Addressed

Product

Software/Firmware

Affected Versions

Remediated Versions

Link

CVE-2023-39248

Dell Networking OS10

10.5.5.5

10.5.5.6

Dell SmartFabric OS10, 10.5.5.6, GNS3 Bundle

CVEs Addressed

Product

Software/Firmware

Affected Versions

Remediated Versions

Link

CVE-2023-39248

Dell Networking OS10

10.5.5.5

10.5.5.6

Dell SmartFabric OS10, 10.5.5.6, GNS3 Bundle

Workarounds and Mitigations

CVE ID

Workaround and Mitigation

CVE-2023-39248

Workaround: Not enabling VRRP when VLT is enabled prevents the vulnerability from being exploitable.
Mitigation: Example : Enable flooding prevention. CLI/WebUI

For both Workaround or Mitigation; this must be something our Customers should be able to act within the administrative consoles of the product (CLi/WebUi)

If none of either then simply write : None

Revision History

Revision

Date

Description

1.0

2023-12-04

Initial Release

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE