CVE-2024-49559
Published: 17 March 2025
Description
Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
Security Summary
CVE-2024-49559 is a Use of Default Password vulnerability (CWE-1393) affecting Dell SmartFabric OS10 Software in versions 10.5.4.x, 10.5.5.x, 10.5.6.x, and 10.6.0.x. This flaw allows unauthorized access due to the reliance on default credentials, earning a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity with network accessibility, low attack complexity, and significant impacts on confidentiality, integrity, and availability.
A low-privileged attacker with remote access can exploit this vulnerability to gain unauthorized access to the affected system. The CVSS vector highlights that exploitation requires only low privileges and no user interaction, enabling the attacker to potentially compromise the full triad of CIA impacts at a high level.
Dell has published multiple security advisories addressing this and related OS10 vulnerabilities, including DSA-2025-070, DSA-2025-069, DSA-2025-079, and DSA-2025-068, available at the referenced KB articles. These updates detail patches and mitigation steps for affected versions.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability is explicitly a Use of Default Password (CWE-1393) allowing remote unauthorized access with default credentials, which directly maps to the Default Accounts sub-technique under Valid Accounts for initial access.