Dell SmartFabric OS10 Receives Important Security Updates

Dell Networking has released security updates for its SmartFabric OS10 operating system to address multiple vulnerabilities that could be exploited by malicious actors. The vulnerabilities affect several versions of OS10 and range from code execution and privilege escalation to unauthorized file access.

Vulnerabilities and Remediation

The most severe vulnerability, CVE-2024-48837, allows a low-privileged attacker with local access to execute arbitrary code. This vulnerability has a CVSS base score of 7.8, indicating a high severity level. Other vulnerabilities include CVE-2024-48838, which allows unauthorized file access, and CVE-2024-49557 and CVE-2024-49560, which can lead to command injection. A significant flaw (CVE-2024-49558) that could enable attackers to escalate privileges, leading to command execution and unauthorized access. This vulnerability is rated 7.8.

Dell has released patches for all reported vulnerabilities for the following OS10 versions: 10.5.6.x, 10.5.5.x, 10.5.4.x, and 10.5.3.x. Users are strongly encouraged to update their systems to the latest remediated versions as soon as possible.

Impact and Remediation

These vulnerabilities could potentially allow attackers to gain control of affected systems, steal sensitive data, or disrupt network operations. Organizations using Dell SmartFabric OS10 are urged to apply the available patches immediately to mitigate these risks.

Here’s a summary of the affected products and remediated versions:

Related Posts:

• CVE-2024-39584: Dell BIOS Flaw Exposes Systems to Secure Boot Bypass and Arbitrary Code Execution
• CVE-2023-32462 (CVSS 9.8): Patch Dell Switches to Block Takeover
• Multiple security vulnerabilities affect millions of Dell devices
• System frequent reboot/crash, Dell emergency stop BIOS update