Dell OS10 Networking Switches running 10.5.2.x and above contain a vulnerability with zeroMQ when VLT is configured. A remote unauthenticated attacker could potentially exploit this vulnerability leading to information disclosure and a possible Denial of Service when a huge number of requests are sent to the switch. This is a high severity vulnerability as it allows an attacker to view sensitive data. Dell recommends customers to upgrade at the earliest opportunity.
The product establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Smartfabric_os10 | Dell | 10.5.2.0 (including) | 10.5.2.12 (excluding) |
| Smartfabric_os10 | Dell | 10.5.3.0 (including) | 10.5.3.8 (excluding) |
| Smartfabric_os10 | Dell | 10.5.4.0 (including) | 10.5.4.8 (excluding) |
| Smartfabric_os10 | Dell | 10.5.5.0 (including) | 10.5.5.0 (including) |
| Smartfabric_os10 | Dell | 10.5.5.1 (including) | 10.5.5.1 (including) |
| Smartfabric_os10 | Dell | 10.5.5.2 (including) | 10.5.5.2 (including) |
| Smartfabric_os10 | Dell | 10.5.5.3 (including) | 10.5.5.3 (including) |
Attackers might be able to spoof the intended endpoint from a different system or process, thus gaining the same level of access as the intended endpoint. While this issue frequently involves authentication between network-based clients and servers, other types of communication channels and endpoints can have this weakness.