CVE-2023-28078 CRITICAL

CVE-2023-28078

Vendor Dell
Product Dell SmartFabric OS10
Weakness CWE-923
Published February 15, 2024
Last update August 15, 2024

CVSS base score

9.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

What the vulnerability does

01Description

Dell OS10 Networking Switches running 10.5.2.x and above contain a vulnerability with zeroMQ when VLT is configured. A remote unauthenticated attacker could potentially exploit this vulnerability leading to information disclosure and a possible Denial of Service when a huge number of requests are sent to the switch. This is a high severity vulnerability as it allows an attacker to view sensitive data. Dell recommends customers to upgrade at the earliest opportunity.

Key dates

02Disclosure timeline

February 15, 2024 CVE published
August 15, 2024 Record updated