CVE-2024-45764

Published: Nov 8, 2024Modified: Nov 13, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) a Missing Critical Step in Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. This is a critical severity vulnerability so Dell recommends customers to upgrade at the earliest opportunity.

Affected (2)

Products: Dell: Enterprise Sonic Distribution

1 product

Enterprise Sonic Distribution

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Dell Enterprise Sonic Distribution	From 4.1.0 to 4.1.6
Dell Enterprise Sonic Distribution	From 4.2.0 to 4.2.2

Related CWEs

Missing Critical Step in Authentication

The product implements an authentication technique, but it skips a step that weakens the technique.

References (1)

https://www.dell.com/support/kbdoc/en-us/000245655/dsa-2024-449-security-update-for-dell-enterprise-sonic-distribution-vulnerabilities

Source: security_alert@emc.com

Vendor Advisory

Timeline

No history available yet.