Lucene search

[email protected]CVE-2023-32484

HistoryFeb 15, 2024 - 1:15 p.m.

CVE-2023-32484

2024-02-1513:15:45

CWE-20

[email protected]

web.nvd.nist.gov

dell

networking switches

sonic

cve-2023-32484

privilege escalation

vulnerability

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Dell Networking Switches running Enterprise SONiC versions 4.1.0, 4.0.5, 3.5.4 and below contains an improper input validation vulnerability. A remote unauthenticated malicious user may exploit this vulnerability and escalate privileges up to the highest administrative level. This is a Critical vulnerability affecting certain protocols, Dell recommends customers to upgrade at the earliest opportunity.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Enterprise SONiC OS",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": " 3.5.x"
      },
      {
        "status": "affected",
        "version": "4.0.x"
      },
      {
        "status": "affected",
        "version": "4.1.0"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000216586/dsa-2023-284-security-update-for-dell-emc-enterprise-sonic-os-command-injection-vulnerability-when-using-remote-user-authentication

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for CVE-2023-32484

prion1 cvelist1 cnvd1 nvd1