We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Assigner | dell |
Reserved | 2024-06-18 |
Published | 2024-09-06 |
Updated | 2024-09-06 |
Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x , contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
Dell would like to thank n3k From TIANGONG Team of Legendsec at QI-ANXIN Group for reporting this issue.
https://www.dell.com/support/kbdoc/en-us/000228355/dsa-2024-376-security-update-for-dell-networking-os10-vulnerability