CVE-2024-48831
Published: 17 March 2025
Description
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
Security Summary
CVE-2024-48831 is a Use of Hard-coded Password vulnerability (CWE-259) affecting Dell SmartFabric OS10 Software in versions 10.5.6.x. This flaw allows unauthorized access due to a hardcoded password within the software, earning a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts from a low-complexity local attack requiring no privileges.
An unauthenticated attacker with local access to the affected system could exploit this vulnerability to gain unauthorized access, potentially compromising the full system with high-impact privileges. The local attack vector (AV:L) means physical or adjacent network proximity is necessary, but no authentication (PR:N) or user interaction (UI:N) is required, making it feasible for attackers who achieve initial local positioning.
Dell’s security advisory DSA-2025-068, detailed at https://www.dell.com/support/kbdoc/en-us/000295014/dsa-2025-068-security-update-for-dell-networking-os10-vulnerabilities, provides guidance on the security update addressing this and related OS10 vulnerabilities, recommending affected users apply the patch to mitigate the risk.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The CVE describes a hardcoded password vulnerability (CWE-259) that directly provides an unsecured credential within the software, enabling attackers with local access to locate and abuse it for unauthorized system access and full compromise.