CVE-2024-48013
Published: 17 March 2025
Description
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Security Summary
CVE-2024-48013 is an Execution with Unnecessary Privileges vulnerability (CWE-250) affecting Dell SmartFabric OS10 Software in versions 10.5.4.x, 10.5.5.x, 10.5.6.x, and 10.6.0.x. It has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant confidentiality, integrity, and availability impacts.
A low-privileged attacker with remote access can exploit this vulnerability to achieve elevation of privileges. The attack requires low privileges and network access with low complexity and no user interaction, allowing exploitation over the network without changing scope.
Dell has issued multiple security advisories addressing this and related vulnerabilities in OS10, including DSA-2025-070, DSA-2025-069, DSA-2025-079, and DSA-2025-068, with patches available via the provided KB documents at https://www.dell.com/support/kbdoc/en-us/000289970, https://www.dell.com/support/kbdoc/en-us/000293638, https://www.dell.com/support/kbdoc/en-us/000294091, and https://www.dell.com/support/kbdoc/en-us/000295014.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Vulnerability is explicitly an Execution with Unnecessary Privileges issue (CWE-250) allowing low-privileged remote attacker to escalate privileges, directly mapping to Exploitation for Privilege Escalation.