CVE-2023-39248 — HIGH (7.5)

Vulnerability Description

Dell OS10 Networking Switches running 10.5.2.x and above contain an Uncontrolled Resource Consumption (Denial of Service) vulnerability, when switches are configured with VLT and VRRP. A remote unauthenticated user can cause the network to be flooded leading to Denial of Service for actual network users. This is a high severity vulnerability as it allows an attacker to cause an outage of network. Dell recommends customers to upgrade at the earliest opportunity.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Dell	Networking Os10	10.5.5.5

Related Weaknesses (CWE)

CWE-400

References

https://www.dell.com/support/kbdoc/en-us/000220138/dsa-2023-278-dell-networking-Vendor Advisory
https://www.dell.com/support/kbdoc/en-us/000220138/dsa-2023-278-dell-networking-Vendor Advisory

FAQ

What is CVE-2023-39248?

CVE-2023-39248 is a vulnerability with a CVSS score of 7.5 (HIGH). Dell OS10 Networking Switches running 10.5.2.x and above contain an Uncontrolled Resource Consumption (Denial of Service) vulnerability, when switches are configured with VLT and VRRP. A remote unaut...

How severe is CVE-2023-39248?

CVE-2023-39248 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-39248?

Check the references section above for vendor advisories and patch information. Affected products include: Dell Networking Os10.