CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2024-45765

CVSS 9.1v3.1pub. 2024-11-08upd. 2024-11-13

Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. This is a critical severity vulnerability as it allows high privilege OS commands to be executed with a less privileged role; so Dell recommends customers to upgrade at the earliest opportunity.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
  • Dell Enterprise Sonic Distribution

    OS
    Dell
    4.1.0 – 4.1.6 (bez)4.2.0 – 4.2.2 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2024-45763CRITICAL9.1PL ✓ten sam produkt

OS Command Injection w Dell Enterprise SONiC OS 4.1.x i 4.2.x

CVE-2024-45764CRITICAL9.0PL ✓ten sam produkt

Dell Enterprise SONiC OS — pominięcie krytycznego kroku uwierzytelnienia

CVE-2023-32484CRITICAL9.8PL ✓ten sam produkt

Podatność improper input validation w Dell Enterprise SONiC — eskalacja uprawnień

CVE-2025-23374HIGH8.0ten sam produkt

Dell Networking Switches running Enterprise SONiC OS, version(s) prior to 4.4.1 and 4.2.3, contain(s) an Inser...

CVE-2023-24574HIGH7.5ten sam produkt

Dell Enterprise SONiC OS, 3.5.3, 4.0.0, 4.0.1, 4.0.2, contains an "Uncontrolled Resource Consumption vulnerab...