Lucene search

DellCVELIST:CVE-2023-32484

HistoryFeb 15, 2024 - 12:49 p.m.

CVE-2023-32484

2024-02-1512:49:01

CWE-20

dell

www.cve.org

dell

networking

switches

input validation

vulnerability

remote

escalate privileges

critical

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Dell Networking Switches running Enterprise SONiC versions 4.1.0, 4.0.5, 3.5.4 and below contains an improper input validation vulnerability. A remote unauthenticated malicious user may exploit this vulnerability and escalate privileges up to the highest administrative level. This is a Critical vulnerability affecting certain protocols, Dell recommends customers to upgrade at the earliest opportunity.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Enterprise SONiC OS",
    "vendor": "Dell",
    "versions": [
      {
        "status": "affected",
        "version": " 3.5.x"
      },
      {
        "status": "affected",
        "version": "4.0.x"
      },
      {
        "status": "affected",
        "version": "4.1.0"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000216586/dsa-2023-284-security-update-for-dell-emc-enterprise-sonic-os-command-injection-vulnerability-when-using-remote-user-authentication

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2023-32484