VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 20, 2014· Updated Apr 29, 2026

CVE-2013-3595

CVE-2013-3595

Description

Authenticated remote users can crash and reset Dell PowerConnect switches by requesting an undocumented OSPF URL in the OpenManage web application.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Authenticated remote users can crash and reset Dell PowerConnect switches by requesting an undocumented OSPF URL in the OpenManage web application.

Vulnerability

The Dell OpenManage web application version 2.5 Build 1.19 contains an improper input validation vulnerability (CWE-20) that causes a denial of service when an undocumented URL for OSPF functionality is requested. This URL is not accessible from the web application's normal links but exists in the firmware. The vulnerability affects Dell PowerConnect switches running firmware versions 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 [1].

Exploitation

An attacker must have valid credentials to authenticate to the web management interface. Once authenticated, the attacker can directly request the undocumented OSPF URL via a crafted HTTP GET request. The request triggers a crash in the OpenManage web application, causing the entire switch to reset [1].

Impact

Successful exploitation results in a denial of service: the switch resets, temporarily losing network connectivity and management access. No code execution or data compromise is associated with this specific vulnerability [1].

Mitigation

No firmware update or patch has been disclosed in the available references. As a workaround, restrict access to the web management interface to trusted users only, and consider using network segmentation to limit exposure [1].

References
  1. CERT/CC Vulnerability Note VU#122582

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

6
  • Dell/Powerconnect 33482 versions
    cpe:2.3:h:dell:powerconnect_3348:1.2.1.3:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:h:dell:powerconnect_3348:1.2.1.3:*:*:*:*:*:*:*
    • (no CPE)range: 1.2.1.3
  • Dell/Powerconnect 3524p2 versions
    cpe:2.3:h:dell:powerconnect_3524p:2.0.0.48:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:h:dell:powerconnect_3524p:2.0.0.48:*:*:*:*:*:*:*
    • (no CPE)range: 2.0.0.48
  • Dell/Powerconnect 53242 versions
    cpe:2.3:h:dell:powerconnect_5324:2.0.1.4:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:h:dell:powerconnect_5324:2.0.1.4:*:*:*:*:*:*:*
    • (no CPE)range: 2.0.1.4

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.