CVE-2025-23374

Published: Jan 30, 2025Modified: Feb 7, 2025

4.9

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.2 / Impact: 3.6

Source: NVD

Description

Dell Networking Switches running Enterprise SONiC OS, version(s) prior to 4.4.1 and 4.2.3, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

Affected (2)

Products: Dell: Enterprise Sonic Distribution

1 product

Enterprise Sonic Distribution

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Dell Enterprise Sonic Distribution	Before 4.2.3
Dell Enterprise Sonic Distribution	Version 4.4.0

Related CWEs

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (1)

https://www.dell.com/support/kbdoc/en-us/000278568/dsa-2025-057-security-update-for-dell-enterprise-sonic-distribution-vulnerability

Source: security_alert@emc.com

Vendor Advisory

Timeline

No history available yet.