Critical Flaw Found in Dell SONiC

Critical Flaw Found in Dell SONiC

Dell Technologies has revealed critical vulnerabilities in its Enterprise SONiC OS (versions 4.1.x and 4.2.x), which could allow attackers to take control of affected systems. Users are urged to upgrade to the latest versions to address the issue.

All about the Vulnerability

CVE-2024-45763: OS Command Injection in Dell Enterprise SONiC OS

Dell Enterprise SONiC OS versions 4.1.x and 4.2.x have an OS command injection vulnerability (CVE-2024-45763) that allows remote attackers with high privileges to execute arbitrary commands on affected systems.

CVSS Score: 9.1 (Critical)

This flaw could lead to a full system takeover. Dell advises users to upgrade immediately to prevent exploitation.

CVE-2024-45764: Authentication Bypass in Dell Enterprise SONiC OS

Dell Enterprise SONiC OS versions 4.1.x and 4.2.x have a vulnerability (CVE-2024-45764) that allows unauthenticated attackers to bypass authentication, gaining unauthorized access to the system.

CVSS Score: 9.0 (Critical)

This flaw poses a high risk as it can lead to unauthorized access and further exploitation.

CVE-2024-45765: OS Command Injection Vulnerability

Like CVE-2024-45763, CVE-2024-45765 involves improper handling of elements in OS commands. However, this vulnerability allows users with lower privileges to execute high-privilege OS commands, increasing the risk of system compromise.

CVSS Score: 9.1 (Critical)

Dell advises upgrading to patched versions to prevent attackers from performing unauthorized actions on the system.

Customers are urged to upgrade to the fixed versions (4.1.6 or 4.2.2) as soon as possible to prevent potential exploits.

Dell recommends considering both the CVSS base score and other factors when evaluating the severity of these vulnerabilities.

Given their critical nature, prompt updates are essential to protect sensitive systems from exploitation.

Affected Products & Remediation

ProductAffected VersionsRemediated Versions
Dell Enterprise SONiC DistributionVersions before 4.2.24.1.6
Dell Enterprise SONiC DistributionVersions prior to 4.2.24.2.2

‍Follow Us on: Twitter, InstagramFacebook to get the latest security news!

By | 2024-11-20T23:42:29+05:30 November 13th, 2024|Internet Security, Security Advisory, Security Update, Tips, vulnerability|

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!