Multiple GitHub Enterprise Server Vulnerabilities
November 11, 2024Concatenation of ZIP files Utilized by Threat Actors to Avoid Detection
November 11, 2024Multiple GitHub Enterprise Server Vulnerabilities
November 11, 2024Concatenation of ZIP files Utilized by Threat Actors to Avoid Detection
November 11, 2024Severity
High
Analysis Summary
CVE-2024-45765 CVSS:9.1
Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. This is a critical severity vulnerability as it allows high privilege OS commands to be executed with a less privileged role; so Dell recommends customers to upgrade at the earliest opportunity.
CVE-2024-45764 CVSS:9
Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) a Missing Critical Step in Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. This is a critical severity vulnerability so Dell recommends customers to upgrade at the earliest opportunity.
CVE-2024-45763 CVSS:9.1
Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. This is a critical severity vulnerability so Dell recommends customers to upgrade at the earliest opportunity.
Impact
- Gain Access
- Security Bypass
Indicators of Compromise
CVE
- CVE-2024-45765
- CVE-2024-45764
- CVE-2024-45763
Affected Vendors
Affected Products
- Dell Enterprise SONiC OS
Remediation
Refer to Dell Security Advisory for patch, upgrade, or suggested workaround information.