CVE-2024-39585

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-39585
Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x, contain(s) an Use of Hard-coded Password vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Client-side request forgery and Information disclosure.

8.1 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.dell.com/support/kbdoc/en-us/000228355/dsa-2024-376-security-update-for-dell-networking-os10-vulnerability
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:dell:smartfabric_os10:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:smartfabric_os10:*:*:*:*:*:*:*:*
History

17 Sep 2024, 02:15

Type Values Removed Values Added
References
  • {'url': 'https://www.dell.com/support/kbdoc/en-us/000228357/dsa-2024-377-security-update-for-dell-networking-os10-vulnerability', 'tags': ['Vendor Advisory'], 'source': 'security_alert@emc.com'}
  • () https://www.dell.com/support/kbdoc/en-us/000228355/dsa-2024-376-security-update-for-dell-networking-os10-vulnerability -

13 Sep 2024, 20:24

Type Values Removed Values Added
CWE CWE-798
References () https://www.dell.com/support/kbdoc/en-us/000228357/dsa-2024-377-security-update-for-dell-networking-os10-vulnerability - () https://www.dell.com/support/kbdoc/en-us/000228357/dsa-2024-377-security-update-for-dell-networking-os10-vulnerability - Vendor Advisory
CPE cpe:2.3:o:dell:smartfabric_os10:*:*:*:*:*:*:*:*
First Time Dell
Dell smartfabric Os10
CVSS v2 : unknown
v3 : 7.9 		v2 : unknown
v3 : 8.1

06 Sep 2024, 12:08

Type Values Removed Values Added
Summary
  • (es) El software Dell SmartFabric OS10, versiones 10.5.5.4 a 10.5.5.10 y 10.5.6.x, contiene una vulnerabilidad de uso de contraseñas codificadas. Un atacante con pocos privilegios y acceso remoto podría aprovechar esta vulnerabilidad, lo que provocaría la falsificación de solicitudes del lado del cliente y la divulgación de información.

06 Sep 2024, 05:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-09-06 05:15

Updated : 2024-09-17 02:15

NVD link : CVE-2024-39585

Mitre link : CVE-2024-39585

CVE.ORG link : CVE-2024-39585

JSON object : View

Products Affected

dell

  • smartfabric_os10
CWE
CWE-798

Use of Hard-coded Credentials

CWE-259

Use of Hard-coded Password