CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2023-32484

CVSS 9.8v3.1pub. 2024-02-15upd. 2025-01-23

Dell Networking Switches running Enterprise SONiC versions 4.1.0, 4.0.5, 3.5.4 and below contains an improper input validation vulnerability. A remote unauthenticated malicious user may exploit this vulnerability and escalate privileges up to the highest administrative level. This is a Critical vulnerability affecting certain protocols, Dell recommends customers to upgrade at the earliest opportunity.

🤖 AI Analysis
How it works

The vulnerability results from insufficient input validation in specific protocols supported by Enterprise SONiC. A remote attacker, without any authentication, can deliver properly crafted input data and exploit this gap to obtain top-level administrative privileges. The title of Dell's security bulletin indicates a connection to command injection vulnerability in the context of remote user authentication.

Impact

An attacker can obtain full administrative privileges on a vulnerable network switch without needing any credentials, which may result in complete device takeover, modification of network configuration, and breach of confidentiality, integrity and availability of infrastructure.

Mitigation & patch

Dell recommends urgent update of Enterprise SONiC software to versions newer than 4.1.0, 4.0.5 or 3.5.4. Detailed information about available patches is available in Dell security bulletin DSA-2023-284 at: https://www.dell.com/support/kbdoc/en-us/000216586/

Who is affected

Dell Networking Switches with Dell Enterprise SONiC software in versions 4.1.0, 4.0.5, 3.5.4 and lower.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Dell Enterprise Sonic Distribution

    OS
    Dell
    4.1.03.5.0 – 3.5.5 (bez)4.0.0 – 4.0.6 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
LPE
CWE
References

Related vulnerabilities

CVE-2024-45763CRITICAL9.1PL ✓ten sam produkt

OS Command Injection w Dell Enterprise SONiC OS 4.1.x i 4.2.x

CVE-2024-45764CRITICAL9.0PL ✓ten sam produkt

Dell Enterprise SONiC OS — pominięcie krytycznego kroku uwierzytelnienia

CVE-2024-45765CRITICAL9.1PL ✓ten sam produkt

OS Command Injection w Dell Enterprise SONiC OS (wersje 4.1.x, 4.2.x)

CVE-2025-23374HIGH8.0ten sam produkt

Dell Networking Switches running Enterprise SONiC OS, version(s) prior to 4.4.1 and 4.2.3, contain(s) an Inser...

CVE-2023-24574HIGH7.5ten sam produkt

Dell Enterprise SONiC OS, 3.5.3, 4.0.0, 4.0.1, 4.0.2, contains an "Uncontrolled Resource Consumption vulnerab...