Summary: Dell has released a critical security update for its SmartFabric OS10 Software (version 10.5.6.x) to address multiple vulnerabilities that could enable attackers to perform privilege escalation, unauthorized access, code execution, and server-side request forgery. Users are encouraged to upgrade to version 10.5.6.8 to mitigate these risks. The vulnerabilities could potentially affect system security significantly if left unaddressed.
Affected: Dell SmartFabric OS10 Software, version 10.5.6.x
Keypoints :
- Privilege Escalation vulnerabilities (CVE-2024-49561, CVE-2024-48013) allow low-privileged attackers to gain elevated privileges.
- Unauthorized Access issues (CVE-2024-49559, CVE-2024-48828, CVE-2024-48831) exploit default and hard-coded passwords, granting attackers unauthorized access.
- Command injection vulnerabilities (CVE-2024-48017, CVE-2024-48015, CVE-2025-22474, CVE-2024-48830, CVE-2025-22473, CVE-2025-22472) enable execution of malicious code.
- Server-Side Request Forgery vulnerability (CVE-2025-22474) could allow high-privileged attackers to exploit server requests.
- Users are advised to update their software to version 10.5.6.8, which addresses these vulnerabilities.
Source: https://securityonline.info/multiple-vulnerabilities-patched-in-dell-smartfabric-os10-software/