CVE-2024-48830
Severity CVSS v4.0:
Pending analysis
Type:
CWE-77
Command Injection
Publication date:
17/03/2025
Last modified:
14/07/2025
Description
Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:dell:smartfabric_os10:*:*:*:*:*:*:*:* | 10.5.4.0 (including) | 10.5.4.14 (excluding) |
| cpe:2.3:o:dell:smartfabric_os10:*:*:*:*:*:*:*:* | 10.5.5.0 (including) | 10.5.5.13 (excluding) |
| cpe:2.3:o:dell:smartfabric_os10:*:*:*:*:*:*:*:* | 10.5.6.0 (including) | 10.5.6.8 (excluding) |
| cpe:2.3:o:dell:smartfabric_os10:*:*:*:*:*:*:*:* | 10.6.0.0 (including) | 10.6.0.2 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://www.dell.com/support/kbdoc/en-us/000289970/dsa-2025-070-security-update-for-dell-networking-os10-vulnerabilities
- https://www.dell.com/support/kbdoc/en-us/000293638/dsa-2025-069-security-update-for-dell-networking-os10-vulnerabilities
- https://www.dell.com/support/kbdoc/en-us/000294091/dsa-2025-079-security-update-for-dell-networking-os10-vulnerabilities
- https://www.dell.com/support/kbdoc/en-us/000295014/dsa-2025-068-security-update-for-dell-networking-os10-vulnerabilities