Dell SmartFabric OS10 Receives Important Security Updates
Dell Networking has released security updates for its SmartFabric OS10 operating system to address multiple vulnerabilities that could be exploited by malicious actors. The vulnerabilities affect several versions of OS10 and range from code execution and privilege escalation to unauthorized file access.
Vulnerabilities and Remediation
The most severe vulnerability, CVE-2024-48837, allows a low-privileged attacker with local access to execute arbitrary code. This vulnerability has a CVSS base score of 7.8, indicating a high severity level. Other vulnerabilities include CVE-2024-48838, which allows unauthorized file access, and CVE-2024-49557 and CVE-2024-49560, which can lead to command injection. A significant flaw (CVE-2024-49558) that could enable attackers to escalate privileges, leading to command execution and unauthorized access. This vulnerability is rated 7.8.
Dell has released patches for all reported vulnerabilities for the following OS10 versions: 10.5.6.x, 10.5.5.x, 10.5.4.x, and 10.5.3.x. Users are strongly encouraged to update their systems to the latest remediated versions as soon as possible.
Impact and Remediation
These vulnerabilities could potentially allow attackers to gain control of affected systems, steal sensitive data, or disrupt network operations. Organizations using Dell SmartFabric OS10 are urged to apply the available patches immediately to mitigate these risks.
Here’s a summary of the affected products and remediated versions: