CVE-2024-48830

High

Published: 17 March 2025

Published

17 March 2025

Modified

14 July 2025

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0023 45.2th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-48830 is a high-severity Command Injection (CWE-77) vulnerability in Dell Smartfabric Os10. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Network Device CLI (T1059.008); ranked at the 45.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Network Device CLI (T1059.008) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the command injection vulnerability by requiring timely identification, reporting, and application of vendor patches from Dell advisories.

SI-10 Information Input Validation good match

prevent

Prevents command injection exploitation by enforcing validation and sanitization of inputs to neutralize special elements used in commands.

AC-6 Least Privilege partial match

prevent

Limits the impact of arbitrary command execution by low-privileged local attackers through enforcement of least privilege principles.

MITRE ATT&CK Enterprise TechniquesAI

T1059.008 Network Device CLI Execution

Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Command injection vulnerability enables arbitrary command execution on a network device OS (T1059.008) and allows low-privileged local attackers to escalate privileges (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.

Deeper analysisAI

CVE-2024-48830 is a command injection vulnerability (CWE-77: Improper Neutralization of Special Elements used in a Command) in Dell SmartFabric OS10 Software. The issue affects versions 10.5.4.x, 10.5.5.x, 10.5.6.x, and 10.6.0.x. It has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts from a local attack.

A low-privileged attacker with local access to the system can exploit this vulnerability to achieve arbitrary command execution. The low attack complexity and lack of user interaction requirements make it feasible for compromised low-privilege accounts to escalate control over the affected OS10 device.

Dell has published multiple security advisories addressing this and related OS10 vulnerabilities, including DSA-2025-070, DSA-2025-069, DSA-2025-079, and DSA-2025-068. These documents, available via Dell support KB articles, provide details on security updates and patches to mitigate the command injection risk. Security practitioners should review the advisories for version-specific remediation instructions.

Details

CWE(s): CWE-77

Affected Products

dell

smartfabric os10

10.5.4.0 — 10.5.4.14 · 10.5.5.0 — 10.5.5.13 · 10.5.6.0 — 10.5.6.8

CVEs Like This One

CVE-2025-46428Same product: Dell Smartfabric Os10

CVE-2025-46427Same product: Dell Smartfabric Os10

CVE-2025-22472Same product: Dell Smartfabric Os10

CVE-2025-22473Same product: Dell Smartfabric Os10

CVE-2026-22284Same product: Dell Smartfabric Os10

CVE-2024-49561Same product: Dell Smartfabric Os10

CVE-2024-48013Same product: Dell Smartfabric Os10

CVE-2024-48831Same product: Dell Smartfabric Os10

CVE-2024-49559Same product: Dell Smartfabric Os10

CVE-2026-23778Same vendor: Dell

References

https://www.dell.com/support/kbdoc/en-us/000289970/dsa-2025-070-security-update-for-dell-networking-os10-vulnerabilities
Vendor Advisory · security_alert@emc.com
https://www.dell.com/support/kbdoc/en-us/000293638/dsa-2025-069-security-update-for-dell-networking-os10-vulnerabilities
Vendor Advisory · security_alert@emc.com
https://www.dell.com/support/kbdoc/en-us/000294091/dsa-2025-079-security-update-for-dell-networking-os10-vulnerabilities
Vendor Advisory · security_alert@emc.com
https://www.dell.com/support/kbdoc/en-us/000295014/dsa-2025-068-security-update-for-dell-networking-os10-vulnerabilities
Vendor Advisory · security_alert@emc.com