CVE-2024-48013
Published: 17 March 2025
Summary
CVE-2024-48013 is a high-severity Execution with Unnecessary Privileges (CWE-250) vulnerability in Dell Smartfabric Os10. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 49.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces the principle of least privilege, directly preventing execution with unnecessary privileges that enables low-privileged attackers to escalate access.
Requires timely remediation of identified flaws like this privilege escalation vulnerability through patching as provided by Dell advisories.
Mandates enforcement of approved access authorizations, blocking unauthorized privilege escalation attempts by low-privileged remote attackers.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability is explicitly an Execution with Unnecessary Privileges issue (CWE-250) allowing low-privileged remote attacker to escalate privileges, directly mapping to Exploitation for Privilege Escalation.
NVD Description
Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.
Deeper analysisAI
CVE-2024-48013 is an Execution with Unnecessary Privileges vulnerability (CWE-250) affecting Dell SmartFabric OS10 Software in versions 10.5.4.x, 10.5.5.x, 10.5.6.x, and 10.6.0.x. It has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant confidentiality, integrity, and availability impacts.
A low-privileged attacker with remote access can exploit this vulnerability to achieve elevation of privileges. The attack requires low privileges and network access with low complexity and no user interaction, allowing exploitation over the network without changing scope.
Dell has issued multiple security advisories addressing this and related vulnerabilities in OS10, including DSA-2025-070, DSA-2025-069, DSA-2025-079, and DSA-2025-068, with patches available via the provided KB documents at https://www.dell.com/support/kbdoc/en-us/000289970, https://www.dell.com/support/kbdoc/en-us/000293638, https://www.dell.com/support/kbdoc/en-us/000294091, and https://www.dell.com/support/kbdoc/en-us/000295014.
Details
- CWE(s)