Dell Technologies has revealed critical vulnerabilities in its Enterprise SONiC OS (versions 4.1.x and 4.2.x), which could allow attackers to take control of affected systems. Users are urged to upgrade to the latest versions to address the issue.
All about the Vulnerability
CVE-2024-45763: OS Command Injection in Dell Enterprise SONiC OS
Dell Enterprise SONiC OS versions 4.1.x and 4.2.x have an OS command injection vulnerability (CVE-2024-45763) that allows remote attackers with high privileges to execute arbitrary commands on affected systems.
CVSS Score: 9.1 (Critical)
This flaw could lead to a full system takeover. Dell advises users to upgrade immediately to prevent exploitation.
CVE-2024-45764: Authentication Bypass in Dell Enterprise SONiC OS
Dell Enterprise SONiC OS versions 4.1.x and 4.2.x have a vulnerability (CVE-2024-45764) that allows unauthenticated attackers to bypass authentication, gaining unauthorized access to the system.
CVSS Score: 9.0 (Critical)
This flaw poses a high risk as it can lead to unauthorized access and further exploitation.
CVE-2024-45765: OS Command Injection Vulnerability
Like CVE-2024-45763, CVE-2024-45765 involves improper handling of elements in OS commands. However, this vulnerability allows users with lower privileges to execute high-privilege OS commands, increasing the risk of system compromise.
CVSS Score: 9.1 (Critical)
Dell advises upgrading to patched versions to prevent attackers from performing unauthorized actions on the system.
Customers are urged to upgrade to the fixed versions (4.1.6 or 4.2.2) as soon as possible to prevent potential exploits.
Dell recommends considering both the CVSS base score and other factors when evaluating the severity of these vulnerabilities.
Given their critical nature, prompt updates are essential to protect sensitive systems from exploitation.
Affected Products & Remediation
Product | Affected Versions | Remediated Versions |
Dell Enterprise SONiC Distribution | Versions before 4.2.2 | 4.1.6 |
Dell Enterprise SONiC Distribution | Versions prior to 4.2.2 | 4.2.2 |
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment