CVE-2023-32462

Vulnerability

An OS command injection vulnerability exists in the remote user authentication mechanism of Dell SmartFabric OS10 Networking Switches running version 10.5.2.x and later. The flaw allows an unauthenticated remote attacker to inject arbitrary OS commands via crafted authentication requests [1]. Affected versions include: 10.5.5.0 and 10.5.5.3 (remediated in 10.5.5.5); 10.5.5.1 (MX) and 10.5.5.2 (MX) (remediated in 10.5.5.4 MX); 10.5.4.x (remediated in 10.5.4.8); 10.5.4.6 (MX) (remediated in 10.5.4.9 MX); 10.5.3.x (remediated in 10.5.3.8); and 10.5.2.x (remediated in 10.5.2.12) [1].

Exploitation

A remote unauthenticated attacker can exploit this vulnerability by sending specially crafted authentication packets to the switch's remote authentication service. No prior access or authentication is required; the attacker only needs network connectivity to the management interface [1]. The injection occurs during the processing of authentication data, and successful exploitation does not require additional privileges or user interaction [1].

Impact

Successful exploitation allows the attacker to execute arbitrary operating system commands at the highest privilege level, leading to full compromise of the affected switch. This includes the ability to read, modify, or delete sensitive data; disrupt operations; and potentially pivot to other systems on the network. The vulnerability is rated critical due to the ease of remote exploitation and the high-impact outcome [1].

Mitigation

Dell has released fixed versions for each affected OS10 branch: upgrade to 10.5.5.5 (or 10.5.5.4 MX for MX variants), 10.5.4.8 (or 10.5.4.9 MX), 10.5.3.8, or 10.5.2.12 depending on the running version [1]. Customers should apply the updates as soon as possible; no workaround has been provided for unpatched systems. The vulnerability is not currently listed in CISA's Known Exploited Vulnerabilities catalog.