Dell Networking Os10 vulnerabilities
8 known vulnerabilities affecting dell/dell_networking_os10.
Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH4MEDIUM2LOW2
Vulnerabilities
Page 1 of 1
CVE-2023-39248P3HIGHCVSS 7.5v10.5.5.52023-12-05
CVE-2023-39248 [HIGH] CWE-400 CVE-2023-39248: Dell OS10 Networking Switches running 10.5.2.x and above contain an Uncontrolled Resource Consumpti
Dell OS10 Networking Switches running 10.5.2.x and above contain an Uncontrolled Resource Consumption (Denial of Service) vulnerability, when switches are configured with VLT and VRRP. A remote unauthenticated user can cause the network to be flooded leading to Denial of Service for actual network users. This is a high severity vulnerability as it allo
nvd
CVE-2022-34424P3HIGHCVSS 7.5≥ unspecified, < 10.5.3.112022-09-28
CVE-2022-34424 [HIGH] CWE-787 CVE-2022-34424: Networking OS10, versions 10.5.1.x, 10.5.2.x, and 10.5.3.x contain a vulnerability that could allow
Networking OS10, versions 10.5.1.x, 10.5.2.x, and 10.5.3.x contain a vulnerability that could allow an attacker to cause a system crash by running particular security scans.
nvd
CVE-2018-15784P3HIGHCVSS 7.4≥ unspecified, < 10.4.3.02019-01-18
CVE-2018-15784 [HIGH] CWE-295 CVE-2018-15784: Dell Networking OS10 versions prior to 10.4.3.0 contain a vulnerability in the Phone Home feature wh
Dell Networking OS10 versions prior to 10.4.3.0 contain a vulnerability in the Phone Home feature which does not properly validate the server's certificate authority during TLS handshake. Use of an invalid or malicious certificate could potentially allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack.
nvd
CVE-2018-15778P3HIGHCVSS 7.8v10.4.2.12019-02-04
CVE-2018-15778 [HIGH] CWE-20 CVE-2018-15778: Dell OS10 versions prior to 10.4.2.1 contain a vulnerability caused by lack of proper input validati
Dell OS10 versions prior to 10.4.2.1 contain a vulnerability caused by lack of proper input validation on the command-line interface (CLI).
nvd
CVE-2022-29089P4MEDIUMCVSS 4.9≥ unspecified, < 10.5.3.52022-09-28
CVE-2022-29089 [MEDIUM] CWE-522 CVE-2022-29089: Dell Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an
Dell Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an information disclosure vulnerability. A remote, unauthenticated attacker could potentially exploit this vulnerability by reverse engineering to retrieve sensitive information and access the REST API with admin privileges.
nvd
CVE-2021-36310P4MEDIUMCVSS 4.9≥ unspecified, < 10.5.3.42021-11-20
CVE-2021-36310 [MEDIUM] CWE-693 CVE-2021-36310: Dell Networking OS10, versions 10.4.3.x, 10.5.0.x, 10.5.1.x & 10.5.2.x, contain an uncontrolled reso
Dell Networking OS10, versions 10.4.3.x, 10.5.0.x, 10.5.1.x & 10.5.2.x, contain an uncontrolled resource consumption flaw in its API service. A high-privileged API user may potentially exploit this vulnerability, leading to a denial of service.
nvd
CVE-2022-34394P4LOWCVSS 3.7≥ unspecified, < 10.5.4.02022-09-28
CVE-2022-34394 [LOW] CWE-295 CVE-2022-34394: Dell OS10, version 10.5.3.4, contains an Improper Certificate Validation vulnerability in Support As
Dell OS10, version 10.5.3.4, contains an Improper Certificate Validation vulnerability in Support Assist. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to limited switch configuration data. The vulnerability could be leveraged by attackers to conduct man-in-the-middle attacks to gain acce
nvd
CVE-2021-36319P4LOWCVSS 3.3≥ unspecified, < 10.5.1.x2021-11-20
CVE-2021-36319 [LOW] CWE-665 CVE-2021-36319: Dell Networking OS10 versions 10.4.3.x, 10.5.0.x and 10.5.1.x contain an information exposure vulner
Dell Networking OS10 versions 10.4.3.x, 10.5.0.x and 10.5.1.x contain an information exposure vulnerability. A low privileged authenticated malicious user can gain access to SNMP authentication failure messages.
nvd