ID
VAR-201401-0097
CVE
CVE-2013-3595
TITLE
Dell PowerConnect 3348, 3524p, and 5324 switches are vulnerable to denial-of-service attacks
Trust: 0.8
DESCRIPTION
The OpenManage web application 2.5 build 1.19 on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote authenticated users to cause a denial of service (device reset) via a direct request to an unspecified OSPF URL. Dell PowerConnect 3348 version 1.2.1.3, PowerConnect 3524p version 2.0.0.48, PowerConnect 5324 version 2.0.1.4, and possibly earlier versions contain a denial-of-service (CWE-20) vulnerability.Dell OpenManage web application version 2.5 Build No. 1.19 and possibly earlier versions contain a denial-of-service (CWE-20) vulnerability.Dell GoAhead web server login page also contains a denial-of-service (CWE-20) vulnerability. Dell OpenManage allows administrators to manage, monitor, and manipulate Dell PowerEdge servers from a central location or remotely. This page cannot be accessed from the web application link but can be found in the firmware. Successful exploits will cause the crash and reset the switch, resulting in a denial-of-service condition. Dell PowerConnect 3348, 3524p and 5324 are all series switch products of Dell (Dell). The following series of switches and versions are affected: Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, 5324 2.0.1.4
Trust: 3.24
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | dell | model: | powerconnect 3524p | scope: | eq | version: | 2.0.0.48 | Trust: 2.5 |
| vendor: | dell | model: | powerconnect 5324 | scope: | eq | version: | 2.0.1.4 | Trust: 1.6 |
| vendor: | dell | model: | powerconnect 3348 | scope: | eq | version: | 1.2.1.3 | Trust: 1.6 |
| vendor: | dell | model: | powerconnect | scope: | eq | version: | 33481.2.1.3 | Trust: 0.9 |
| vendor: | dell | model: | powerconnect | scope: | eq | version: | 53242.0.1.4 | Trust: 0.9 |
| vendor: | dell computer | model: | - | scope: | - | version: | - | Trust: 0.8 |
| vendor: | dell | model: | openmanage web application | scope: | lte | version: | 2.5 build no. 1.19 | Trust: 0.8 |
| vendor: | dell | model: | powerconnect 3348 | scope: | lte | version: | firmware 1.2.1.3 | Trust: 0.8 |
| vendor: | dell | model: | powerconnect 3524p | scope: | lte | version: | firmware 2.0.0.48 | Trust: 0.8 |
| vendor: | dell | model: | powerconnect 5324 | scope: | lte | version: | firmware 2.0.1.4 | Trust: 0.8 |
| vendor: | dell | model: | goahead web server | scope: | - | version: | - | Trust: 0.6 |
| vendor: | dell | model: | openmanage web application build no. | scope: | eq | version: | 2.51.19 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-20 | Trust: 2.7 |
THREAT TYPE
remote
Trust: 0.6
TYPE
input validation
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | PowerConnect 3524P | url: | http://www.dell.com/support/drivers/us/en/04/Product/powerconnect-3524p | Trust: 0.8 |
| title: | PowerConnect 5324 | url: | http://www.dell.com/support/drivers/us/en/04/Product/powerconnect-5324 | Trust: 0.8 |
| title: | PowerConnect 3348 | url: | http://www.dell.com/support/drivers/us/en/04/Product/powerconnect-3348 | Trust: 0.8 |
EXTERNAL IDS
| db: | CERT/CC | id: | VU#122582 | Trust: 4.2 |
| db: | NVD | id: | CVE-2013-3595 | Trust: 3.4 |
| db: | JVN | id: | JVNVU95569358 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2014-001215 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2014-00466 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-201401-382 | Trust: 0.6 |
| db: | BID | id: | 65081 | Trust: 0.4 |
| db: | VULHUB | id: | VHN-63597 | Trust: 0.1 |
REFERENCES
| url: | http://www.kb.cert.org/vuls/id/122582 | Trust: 3.4 |
| url: | https://exchange.xforce.ibmcloud.com/vulnerabilities/90597 | Trust: 1.1 |
| url: | http://cwe.mitre.org/data/definitions/20.html | Trust: 0.8 |
| url: | http://www.dell.com/support/drivers/us/en/04/product/powerconnect-3348 | Trust: 0.8 |
| url: | http://www.dell.com/support/drivers/us/en/04/product/powerconnect-3524p | Trust: 0.8 |
| url: | http://www.dell.com/support/drivers/us/en/04/product/powerconnect-5324 | Trust: 0.8 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3595 | Trust: 0.8 |
| url: | http://jvn.jp/vu/jvnvu95569358 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3595 | Trust: 0.8 |
| url: | http://dell.com | Trust: 0.3 |
CREDITS
Rijnard van Tonder
Trust: 0.3
SOURCES
| db: | CERT/CC | id: | VU#122582 |
| db: | CNVD | id: | CNVD-2014-00466 |
| db: | VULHUB | id: | VHN-63597 |
| db: | BID | id: | 65081 |
| db: | JVNDB | id: | JVNDB-2014-001215 |
| db: | CNNVD | id: | CNNVD-201401-382 |
| db: | NVD | id: | CVE-2013-3595 |
LAST UPDATE DATE
2025-04-11T22:48:24.518000+00:00
SOURCES UPDATE DATE
| db: | CERT/CC | id: | VU#122582 | date: | 2014-01-17T00:00:00 |
| db: | CNVD | id: | CNVD-2014-00466 | date: | 2014-01-21T00:00:00 |
| db: | VULHUB | id: | VHN-63597 | date: | 2017-08-29T00:00:00 |
| db: | BID | id: | 65081 | date: | 2014-01-17T00:00:00 |
| db: | JVNDB | id: | JVNDB-2014-001215 | date: | 2014-01-22T00:00:00 |
| db: | CNNVD | id: | CNNVD-201401-382 | date: | 2014-01-26T00:00:00 |
| db: | NVD | id: | CVE-2013-3595 | date: | 2025-04-11T00:51:21.963 |
SOURCES RELEASE DATE
| db: | CERT/CC | id: | VU#122582 | date: | 2014-01-17T00:00:00 |
| db: | CNVD | id: | CNVD-2014-00466 | date: | 2014-01-21T00:00:00 |
| db: | VULHUB | id: | VHN-63597 | date: | 2014-01-20T00:00:00 |
| db: | BID | id: | 65081 | date: | 2014-01-17T00:00:00 |
| db: | JVNDB | id: | JVNDB-2014-001215 | date: | 2014-01-22T00:00:00 |
| db: | CNNVD | id: | CNNVD-201401-382 | date: | 2014-01-26T00:00:00 |
| db: | NVD | id: | CVE-2013-3595 | date: | 2014-01-20T04:58:49.680 |