Rewterz

Kimsuky Uses New Malware FPSpy and KLogEXE in Focused Attacks – Active IOCs

September 27, 2024
Rewterz

Attackers May Use Only License Plates to Remotely Control Kia Vehicles

September 27, 2024

Multiple Dell SmartFabric OS10 Software Vulnerabilities

Severity

High

Analysis Summary

CVE-2024-39577 CVSS:7.1

Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability leading to code execution.

CVE-2024-37125 CVSS:7.5

Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x,10.5.3.x, contains an Uncontrolled Resource Consumption vulnerability. A remote unauthenticated host could potentially exploit this vulnerability leading to a denial of service.

Impact

  • Denial of Service
  • Code Execution

Indicators of Compromise

CVE

  • CVE-2024-39577
  • CVE-2024-37125

Affected Vendors

Dell

Affected Products

  • Dell SmartFabric OS10 Software - 10.5.6.x - 10.5.5.x - 10.5.4.x - 10.5.3.x

Remediation

Refer to Dell Security Advisory for patch, upgrade, or suggested workaround information.

Dell Security Advisory

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.