CVE-2022-29089 Dell Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled contains an information disclosure vulnerability.

Depending on the specific version, you could either update to the latest release or disable Smart Fabric Services. For more information, see the Confirmed Affected Products section. Dell Networking Operating System (Dell Networking OS) 10 is vulnerable to several information disclosure vulnerabilities. Dell Networking OS10 versions prior to October 2021 with Smart Fabric Services enabled, contains an information disclosure vulnerability. A remote, unauthenticated attacker could potentially exploit this vulnerability by reverse engineering to retrieve sensitive information and access the REST API with admin privileges. Dell Networking OS10 versions prior to October 2021 with Smart Fabric Services disabled, contains an information disclosure vulnerability. A remote, unauthenticated attacker could potentially exploit this vulnerability by reverse engineering to retrieve sensitive information and access the REST API with admin privileges. Dell Networking OS10 versions prior to October 2021 with Smart Fabric Services enabled, contains an information disclosure vulnerability. A remote, unauthenticated attacker could potentially exploit this vulnerability by reverse engineering to retrieve sensitive information and access the REST API with admin privileges. Dell Networking OS10 versions prior to October 2021 with Smart Fabric Services disabled, contains an information disclosure vulnerability

Alerts and Downtime

Dell recommends updating to the latest release.

Dell Networking OS11 and later releases are not vulnerable to any of these vulnerabilities.

*This is a Third-Party Security Notification and cannot be edited or deleted*

CVSS Score: 3.4

Patch this vulnerability by updating your system to the latest release or disabling Smart Fabric Services.
Dell Networking Operating System (Dell Networking OS) 10 is vulnerable to several information disclosure vulnerabilities. Dell Networking OS10 versions prior to October 2021 with Smart Fabric Services enabled, contains an information disclosure vulnerability. A remote, unauthenticated attacker could potentially exploit this vulnerability by reverse engineering to retrieve sensitive information and access the REST API with admin privileges. Dell Networking OS10 versions prior to October 2021 with Smart Fabric Services disabled, contains an information disclosure vulnerability. A remote, unauthenticated attacker could potentially exploit this vulnerability by reverse engineering to retrieve sensitive information and access the REST API with admin privileges. Dell Networking OS10 versions prior to October 2021 with Smart Fabric Services enabled, contains an information disclosure vulnerability. A remote, unauthenticated attacker could potentially exploit this vulnerability by reverse engineering to retrieve sensitive information and access the REST API with admin privileges. Dell Networking OS10 versions prior to October 2021 with Smart Fabric Services disabled, contains an information disclosure vulnerability

Summary of the Vulnerabilities

The following table summarizes the potential scenarios of these vulnerabilities.

Smart Fabric Services Vulnerability Details

Dell Networking OS10 versions prior to October 2021 with Smart Fabric Services enabled, contains an information disclosure vulnerability. A remote, unauthenticated attacker could potentially exploit this vulnerability by reverse engineering to retrieve sensitive information and access the REST API with admin privileges.
Dell Networking OS10 versions prior to October 2021 with Smart Fabric Services disabled, contains an information disclosure vulnerability. A remote, unauthenticated attacker could potentially exploit this vulnerability by reverse engineering to retrieve sensitive information and access the REST API with admin privileges.
Dell Networking OS10 versions prior to October 2021 with Smart Fabric Services enabled, contains an information disclosure vulnerability. A remote, unauthenticated attacker could potentially exploit this vulnerability by reverse engineering to retrieve sensitive information and access the REST API with admin privileges.
Dell Networking OS10 versions prior to October 2021 with Smart Fabric Services disabled, contains an information disclosure vulnerability. A remote, unauthenticated attacker could potentially exploit this vulnerability by reverse engineering to retrieve sensitive information and access the REST API with admin privileges.

Timeline

Published on: 09/28/2022 21:15:00 UTC
Last modified on: 09/30/2022 17:16:00 UTC