9.1
CVE-2023-28078
- EPSS 0.37%
- Published 15.02.2024 13:15:44
- Last modified 23.01.2025 17:03:49
- Source security_alert@emc.com
- Teams watchlist Login
- Open Login
Dell OS10 Networking Switches running 10.5.2.x and above contain a vulnerability with zeroMQ when VLT is configured. A remote unauthenticated attacker could potentially exploit this vulnerability leading to information disclosure and a possible Denial of Service when a huge number of requests are sent to the switch. This is a high severity vulnerability as it allows an attacker to view sensitive data. Dell recommends customers to upgrade at the earliest opportunity.
Data is provided by the National Vulnerability Database (NVD)
Dell ≫ Smartfabric Os10 Version >= 10.5.2.0 < 10.5.2.12
Dell ≫ Smartfabric Os10 Version >= 10.5.3.0 < 10.5.3.8
Dell ≫ Smartfabric Os10 Version >= 10.5.4.0 < 10.5.4.8
Dell ≫ Smartfabric Os10 Version10.5.5.0
Dell ≫ Smartfabric Os10 Version10.5.5.1
Dell ≫ Smartfabric Os10 Version10.5.5.2
Dell ≫ Smartfabric Os10 Version10.5.5.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.37% | 0.58 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
|
| security_alert@emc.com | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
|
CWE-923 Improper Restriction of Communication Channel to Intended Endpoints
The product establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.