CVE-2024-49561
Published: 17 March 2025
Description
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Security Summary
CVE-2024-49561 is an Incorrect Privilege Assignment vulnerability (CWE-266) in Dell SmartFabric OS10 Software, affecting versions 10.5.4.x, 10.5.5.x, 10.5.6.x, and 10.6.0.x. Published on 2025-03-17, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts from a local attack requiring low privileges and no user interaction.
A low-privileged attacker with local access could exploit this vulnerability to achieve elevation of privileges on the affected system.
Dell has issued multiple security advisories addressing this and related OS10 vulnerabilities, including DSA-2025-070 (https://www.dell.com/support/kbdoc/en-us/000289970/dsa-2025-070-security-update-for-dell-networking-os10-vulnerabilities), DSA-2025-069 (https://www.dell.com/support/kbdoc/en-us/000293638/dsa-2025-069-security-update-for-dell-networking-os10-vulnerabilities), DSA-2025-079 (https://www.dell.com/support/kbdoc/en-us/000294091/dsa-2025-079-security-update-for-dell-networking-os10-vulnerabilities), and DSA-2025-068 (https://www.dell.com/support/kbdoc/en-us/000295014/dsa-2025-068-security-update-for-dell-networking-os10-vulnerabilities). These provide security updates for mitigation.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The CVE describes a local privilege escalation vulnerability (CWE-266) allowing a low-privileged attacker to elevate privileges on the system, directly enabling T1068 Exploitation for Privilege Escalation.