CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45763
https://notcve.org/view.php?id=CVE-2024-45763
Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. This is a critical severity vulnerability so Dell recommends customers to upgrade at the earliest opportunity. • https://www.dell.com/support/kbdoc/en-us/000245655/dsa-2024-449-security-update-for-dell-enterprise-sonic-distribution-vulnerabilities • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45764
https://notcve.org/view.php?id=CVE-2024-45764
Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) a Missing Critical Step in Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. This is a critical severity vulnerability so Dell recommends customers to upgrade at the earliest opportunity. • https://www.dell.com/support/kbdoc/en-us/000245655/dsa-2024-449-security-update-for-dell-enterprise-sonic-distribution-vulnerabilities • CWE-304: Missing Critical Step in Authentication •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45765
https://notcve.org/view.php?id=CVE-2024-45765
Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. This is a critical severity vulnerability as it allows high privilege OS commands to be executed with a less privileged role; so Dell recommends customers to upgrade at the earliest opportunity. • https://www.dell.com/support/kbdoc/en-us/000245655/dsa-2024-449-security-update-for-dell-enterprise-sonic-distribution-vulnerabilities • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32484
https://notcve.org/view.php?id=CVE-2023-32484
Dell Networking Switches running Enterprise SONiC versions 4.1.0, 4.0.5, 3.5.4 and below contains an improper input validation vulnerability. A remote unauthenticated malicious user may exploit this vulnerability and escalate privileges up to the highest administrative level. This is a Critical vulnerability affecting certain protocols, Dell recommends customers to upgrade at the earliest opportunity. Los conmutadores de red Dell que ejecutan Enterprise SONiC versiones 4.1.0, 4.0.5, 3.5.4 y siguientes contienen una vulnerabilidad de validación de entrada incorrecta. Un usuario malicioso remoto no autenticado puede aprovechar esta vulnerabilidad y escalar privilegios hasta el nivel administrativo más alto. • https://www.dell.com/support/kbdoc/en-us/000216586/dsa-2023-284-security-update-for-dell-emc-enterprise-sonic-os-command-injection-vulnerability-when-using-remote-user-authentication • CWE-20: Improper Input Validation •