Critical
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
CVE-2024-45763
|
Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. This is a critical severity vulnerability so Dell recommends customers to upgrade at the earliest opportunity. |
9.1 |
|
CVE-2024-45764 |
Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) a Missing Critical Step in Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. This is a critical severity vulnerability so Dell recommends customers to upgrade at the earliest opportunity. |
9.0 |
|
CVE-2024-45765 |
Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. This is a critical severity vulnerability as it allows high privilege OS commands to be executed with a less privileged role; so Dell recommends customers to upgrade at the earliest opportunity. |
9.1 |
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
CVE-2024-45763
|
Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. This is a critical severity vulnerability so Dell recommends customers to upgrade at the earliest opportunity. |
9.1 |
|
CVE-2024-45764 |
Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) a Missing Critical Step in Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. This is a critical severity vulnerability so Dell recommends customers to upgrade at the earliest opportunity. |
9.0 |
|
CVE-2024-45765 |
Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. This is a critical severity vulnerability as it allows high privilege OS commands to be executed with a less privileged role; so Dell recommends customers to upgrade at the earliest opportunity. |
9.1 |
Product |
Affected Versions |
Remediated Versions |
Link |
Dell Enterprise SONiC Distribution |
Versions prior to 4.1.6 |
4.1.6 |
|
Dell Enterprise SONiC Distribution |
Versions prior to 4.2.2 |
4.2.2 |
Product |
Affected Versions |
Remediated Versions |
Link |
Dell Enterprise SONiC Distribution |
Versions prior to 4.1.6 |
4.1.6 |
|
Dell Enterprise SONiC Distribution |
Versions prior to 4.2.2 |
4.2.2 |
Revision |
Date |
Description |
1.0 |
2024-11-07 |
Initial Release |