CVE-2020-5349

Vulnerability

A hardcoded credential vulnerability exists in Dell EMC Networking S4100 and S5200 Series Switches manufactured prior to February 2020. The vulnerability is present in the switch firmware, allowing an attacker to authenticate using a pre-set, unchangeable credential. Affected models include all S4100 and S5200 series switches produced before the specified date [1].

Exploitation

An attacker with network access to the affected switch can exploit the hardcoded credential without any authentication or user interaction. By using the known credential, the attacker can authenticate to the switch management interface and gain administrative-level access [1].

Impact

Successful exploitation grants the attacker full administrative privileges over the switch. This leads to complete compromise of confidentiality, integrity, and availability, as the attacker can read, modify, or disrupt network traffic and device configuration. The CVSS v3.1 base score is 9.8 (Critical) [1].

Mitigation

Dell Technologies recommends that customers with affected switches install a new operating system at the earliest opportunity. No specific fixed version is provided; the mitigation applies to devices manufactured before February 2020. As of the advisory date, no workaround is available other than updating the firmware [1].