Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x , contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 06 Sep 2024 13:30:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell smartfabric Os10
CPEs cpe:2.3:o:dell:smartfabric_os10:*:*:*:*:*:*:*:*
Vendors & Products Dell
Dell smartfabric Os10
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 06 Sep 2024 04:30:00 +0000

Type Values Removed Values Added
Description Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x , contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.
Weaknesses CWE-77
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2024-09-06T13:05:46.448Z

Reserved: 2024-06-18T01:53:34.136Z

Link: CVE-2024-38486

cve-icon Vulnrichment

Updated: 2024-09-06T13:04:43.379Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-06T05:15:13.370

Modified: 2024-09-13T20:36:08.597

Link: CVE-2024-38486

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.