cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-25949,https://securityvulnerability.io/vulnerability/CVE-2024-25949,Improper Authorization in Dell OS10 Networking Switches,"Dell OS10 Networking Switches are affected by an improper authorization vulnerability, which allows a remote authenticated attacker to exploit the system. This flaw can potentially lead to privilege escalation, granting the attacker unauthorized access and control over the affected networking devices. The vulnerability is present in several versions of the OS10 Networking Switches, underscoring the importance of timely updates and patches to mitigate risk.",Dell,Networking Os10,8.8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-06-12T13:15:00.000Z,0
CVE-2023-39248,https://securityvulnerability.io/vulnerability/CVE-2023-39248,Uncontrolled Resource Consumption Vulnerability in Dell OS10 Networking Switches,"Dell OS10 Networking Switches, specifically versions 10.5.2.x and above, are vulnerable to an Uncontrolled Resource Consumption flaw that can lead to Denial of Service when utilizing Virtual Link Trunking (VLT) and Virtual Router Redundancy Protocol (VRRP). This vulnerability enables a remote unauthenticated user to flood the network, effectively disrupting service for legitimate users. It is crucial for organizations using these switches to implement recommended security updates promptly to mitigate potential outages.",Dell,Dell Networking OS10,7.5,HIGH,0.0007800000021234155,false,,false,false,false,,,false,false,,2023-12-05T06:15:00.000Z,0
CVE-2022-34394,https://securityvulnerability.io/vulnerability/CVE-2022-34394,Improper Certificate Validation in Dell Networking OS10 Support Assist,"Dell Networking OS10, specifically version 10.5.3.4, is susceptible to an improper certificate validation issue within its Support Assist feature. This vulnerability presents an opportunity for remote unauthenticated attackers to exploit, possibly compromising limited switch configuration data. Attackers may leverage this flaw to execute man-in-the-middle attacks, thereby gaining unauthorized access to sensitive Support Assist information. It’s vital for users of affected versions to implement mitigations and stay updated with security patches.",Dell,Dell Networking Os10,3.7,LOW,0.001500000013038516,false,,false,false,false,,,false,false,,2022-09-28T21:15:00.000Z,0
CVE-2022-34424,https://securityvulnerability.io/vulnerability/CVE-2022-34424,Networking Operating System Vulnerability in Dell EMC SmartFabric,"Dell EMC SmartFabric OS10, specifically versions 10.5.1.x, 10.5.2.x, and 10.5.3.x, contains a vulnerability that can be exploited by an attacker to initiate a system crash through targeted security scans. This exposure necessitates immediate attention to ensure the stability and security of the network environment. Proper updates and security measures should be implemented to mitigate potential risks associated with this vulnerability.",Dell,Dell Networking Os10,7.5,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2022-09-28T21:15:00.000Z,0
CVE-2022-29089,https://securityvulnerability.io/vulnerability/CVE-2022-29089,Information Disclosure in Dell Networking OS10 with Smart Fabric Services,"Dell Networking OS10 versions released prior to October 2021, specifically those with Smart Fabric Services enabled, are exposed to an information disclosure risk. An attacker, without authentication, could leverage this vulnerability to reverse engineer and extract sensitive information, gaining unauthorized access to the REST API with administrative privileges. This poses significant risks to the confidentiality and integrity of network configurations and operations.",Dell,Dell Networking Os10,6.4,MEDIUM,0.0012600000482052565,false,,false,false,false,,,false,false,,2022-09-28T21:15:00.000Z,0
CVE-2021-36319,https://securityvulnerability.io/vulnerability/CVE-2021-36319,Information Exposure in Dell Networking OS10 Affecting Authentication Messages,"Dell Networking OS10 includes a vulnerability that allows low-privileged authenticated users to exploit access to SNMP authentication failure messages. This information exposure can lead to unauthorized insights about network configurations and security measures, potentially positioning attackers to enhance their malicious strategies.",Dell,Dell Networking Os10,3.3,LOW,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-11-20T02:15:00.000Z,0
CVE-2021-36310,https://securityvulnerability.io/vulnerability/CVE-2021-36310,Uncontrolled Resource Consumption Vulnerability in Dell Networking OS10,"Dell Networking OS10, in its versions 10.4.3.x, 10.5.0.x, 10.5.1.x, and 10.5.2.x, has a flaw in the API service that may allow a high-privileged API user to exploit it. This can lead to significant resource exhaustion, causing a denial of service and interrupting network operations. It is crucial for users of these affected versions to assess their risk and apply mitigations as necessary.",Dell,Dell Networking Os10,4.9,MEDIUM,0.0008099999977275729,false,,false,false,false,,,false,false,,2021-11-20T02:15:00.000Z,0
CVE-2019-3710,https://securityvulnerability.io/vulnerability/CVE-2019-3710,DSA-2019-034: Dell EMC Networking OS10 Undocumented Default Cryptographic Key Vulnerability,"Dell EMC Networking OS10 versions prior to 10.4.3 contain a cryptographic key vulnerability due to an underlying application using undocumented, pre-installed X.509v3 key/certificate pairs. An unauthenticated remote attacker with the knowledge of the default keys may potentially be able to intercept communications or operate the system with elevated privileges.",Dell,Dell Emc Networking Os10,8.3,HIGH,0.002529999939724803,false,,false,false,false,,,false,false,,2019-03-28T17:58:38.000Z,0
CVE-2018-15778,https://securityvulnerability.io/vulnerability/CVE-2018-15778,DSA-2019-019: Dell Networking OS10 OS Command Injection Vulnerability,Dell OS10 versions prior to 10.4.2.1 contain a vulnerability caused by lack of proper input validation on the command-line interface (CLI).,Dell,Dell Networking Os10,8.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2019-02-04T22:29:00.000Z,0
CVE-2018-15784,https://securityvulnerability.io/vulnerability/CVE-2018-15784,DSA-2019-001: Dell Networking OS10 Improper Certificate Validation Vulnerability,Dell Networking OS10 versions prior to 10.4.3.0 contain a vulnerability in the Phone Home feature which does not properly validate the server's certificate authority during TLS handshake. Use of an invalid or malicious certificate could potentially allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack.,Dell,Dell Networking Os10,7.4,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2019-01-18T22:29:00.000Z,0