9.1
CVE-2023-28078
- EPSS 0.37%
- Veröffentlicht 15.02.2024 13:15:44
- Zuletzt bearbeitet 23.01.2025 17:03:49
- Quelle security_alert@emc.com
- CVE-Watchlists
- Unerledigt
LoginDell OS10 Networking Switches running 10.5.2.x and above contain a vulnerability with zeroMQ when VLT is configured. A remote unauthenticated attacker could potentially exploit this vulnerability leading to information disclosure and a possible Denial of Service when a huge number of requests are sent to the switch. This is a high severity vulnerability as it allows an attacker to view sensitive data. Dell recommends customers to upgrade at the earliest opportunity.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dell ≫ Smartfabric Os10 Version >= 10.5.2.0 < 10.5.2.12
Dell ≫ Smartfabric Os10 Version >= 10.5.3.0 < 10.5.3.8
Dell ≫ Smartfabric Os10 Version >= 10.5.4.0 < 10.5.4.8
Dell ≫ Smartfabric Os10 Version10.5.5.0
Dell ≫ Smartfabric Os10 Version10.5.5.1
Dell ≫ Smartfabric Os10 Version10.5.5.2
Dell ≫ Smartfabric Os10 Version10.5.5.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.37% | 0.581 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
|
| security_alert@emc.com | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
|
CWE-923 Improper Restriction of Communication Channel to Intended Endpoints
The product establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.