Headline
CVE-2022-34424: DSA-2022-135: Dell SmartFabric OS10 Security Update for Multiple Security Vulnerabilities
Networking OS10, versions 10.5.1.x, 10.5.2.x, and 10.5.3.x contain a vulnerability that could allow an attacker to cause a system crash by running particular security scans.
Vaikutus
High
Tiedot
Proprietary Code CVEs
Description
CVSS Base Score
CVSS Vector String
CVE-2022-29089
Networking OS10, versions before October 2021 with SmartFabric Services enabled, contains an information disclosure vulnerability. A remote, unauthenticated attacker may potentially exploit this vulnerability by reverse engineering to retrieve sensitive information and access the REST API with admin privileges.
6.4
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
CVE-2022-34424
Networking OS10, versions 10.5.1.x, 10.5.2.x, and 10.5.3.x contain a vulnerability that may potentially allow an attacker to cause a system crash by running particular security scans.
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Proprietary Code CVEs
Description
CVSS Base Score
CVSS Vector String
CVE-2022-29089
Networking OS10, versions before October 2021 with SmartFabric Services enabled, contains an information disclosure vulnerability. A remote, unauthenticated attacker may potentially exploit this vulnerability by reverse engineering to retrieve sensitive information and access the REST API with admin privileges.
6.4
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
CVE-2022-34424
Networking OS10, versions 10.5.1.x, 10.5.2.x, and 10.5.3.x contain a vulnerability that may potentially allow an attacker to cause a system crash by running particular security scans.
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.
Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen
Product
Affected Versions
Updated Versions
Link to Update
SmartFabric OS10
Versions before 10.5.1.11
10.5.1.11
Link to update
Versions before 10.5.2.11
10.5.2.11
Link to update
Versions before 10.5.3.5
10.5.3.5
Link to update
Versions before 10.5.4.0
10.5.4.0
Link to update
Note: The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
Product
Affected Versions
Updated Versions
Link to Update
SmartFabric OS10
Versions before 10.5.1.11
10.5.1.11
Link to update
Versions before 10.5.2.11
10.5.2.11
Link to update
Versions before 10.5.3.5
10.5.3.5
Link to update
Versions before 10.5.4.0
10.5.4.0
Link to update
Note: The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
Versiohistoria
Revision
Date
Description
1.0
2022-09-01
Initial Release
Asiaan liittyvät tiedot
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide
01 syysk. 2022