CVE-2023-28078
📋 TL;DR
Dell OS10 Networking Switches running 10.5.2.x and above contain a zeroMQ vulnerability when VLT (Virtual Link Trunking) is configured. Remote unauthenticated attackers can exploit this to disclose sensitive information and potentially cause denial of service through request flooding. This affects organizations using Dell OS10 switches with VLT enabled.
💻 Affected Systems
- Dell SmartFabric OS10 Networking Switches
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of sensitive network configuration data, credential exposure, and sustained denial of service affecting network availability.
Likely Case
Information disclosure of sensitive switch configuration data and temporary service disruption through DoS attacks.
If Mitigated
Limited impact if switches are isolated from untrusted networks and VLT is disabled where not required.
🎯 Exploit Status
Remote unauthenticated access with no prerequisites makes exploitation straightforward once VLT is enabled.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Upgrade to latest OS10 version as specified in Dell advisory
Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000216584/dsa-2023-124-security-update-for-dell-smartfabric-os10-multiple-vulnerabilities
Restart Required: Yes
Instructions:
1. Review Dell advisory DSA-2023-124. 2. Download appropriate OS10 update from Dell support. 3. Apply update following Dell's upgrade procedures. 4. Reboot switches as required.
🔧 Temporary Workarounds
Disable VLT if not required
allRemove VLT configuration from switches where this feature is not essential for operations
configure terminal
no vlt domain <domain-id>
end
write memory
Network segmentation and access control
allRestrict network access to switch management interfaces using ACLs and firewall rules
🧯 If You Can't Patch
- Disable VLT configuration immediately on all affected switches
- Implement strict network segmentation and firewall rules to isolate switch management interfaces from untrusted networks
🔍 How to Verify
Check if Vulnerable:
Check OS10 version with 'show version' and verify VLT configuration with 'show vlt' commandsCheck Version:
show version | include VersionVerify Fix Applied:
Verify OS10 version is updated beyond vulnerable versions and confirm VLT is either disabled or properly secured📡 Detection & Monitoring
Log Indicators:
- Unusual zeroMQ connection attempts
- Excessive requests to switch management interfaces
- VLT configuration changes
Network Indicators:
- Unusual traffic patterns to switch management ports
- Multiple connection attempts from single sources
SIEM Query:
source="dell_os10_switch" AND (event="zeroMQ_error" OR event="connection_flood")