CVE-2024-48830
Published: 17 March 2025
Description
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Security Summary
CVE-2024-48830 is a command injection vulnerability (CWE-77: Improper Neutralization of Special Elements used in a Command) in Dell SmartFabric OS10 Software. The issue affects versions 10.5.4.x, 10.5.5.x, 10.5.6.x, and 10.6.0.x. It has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts from a local attack.
A low-privileged attacker with local access to the system can exploit this vulnerability to achieve arbitrary command execution. The low attack complexity and lack of user interaction requirements make it feasible for compromised low-privilege accounts to escalate control over the affected OS10 device.
Dell has published multiple security advisories addressing this and related OS10 vulnerabilities, including DSA-2025-070, DSA-2025-069, DSA-2025-079, and DSA-2025-068. These documents, available via Dell support KB articles, provide details on security updates and patches to mitigate the command injection risk. Security practitioners should review the advisories for version-specific remediation instructions.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Command injection vulnerability enables arbitrary command execution on a network device OS (T1059.008) and allows low-privileged local attackers to escalate privileges (T1068).