CVE-2022-34424

Vulnerability

Dell Networking OS10, versions 10.5.1.x, 10.5.2.x, and 10.5.3.x, contains a vulnerability that can be triggered when particular security scans are run. The exact code path or component is not disclosed in the available references, but the condition is reachable without any special configuration beyond the targeted version [1].

Exploitation

An attacker can exploit this vulnerability remotely over the network without requiring authentication or user interaction. By running specific (unspecified) security scans against the affected device, the attacker can trigger the vulnerability. The CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) indicates low attack complexity and no required privileges [1].

Impact

Successful exploitation causes a system crash, leading to a denial of service (availability impact). The vulnerability does not expose any confidential data nor allow modification of system state (C:N/I:N) [1].

Mitigation

Dell has released a security update as part of DSA-2022-135. The fixed versions for SmartFabric OS10 are not explicitly listed in the provided reference; however, customers should upgrade to the latest versions available via the Dell support portal. No workaround has been published. It is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog as of the update date [1].