Severity
High
Analysis Summary
CVE-2024-45765 CVSS:9.1
Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. This is a critical severity vulnerability as it allows high privilege OS commands to be executed with a less privileged role; so Dell recommends customers to upgrade at the earliest opportunity.
CVE-2024-45764 CVSS:9
Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) a Missing Critical Step in Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. This is a critical severity vulnerability so Dell recommends customers to upgrade at the earliest opportunity.
CVE-2024-45763 CVSS:9.1
Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. This is a critical severity vulnerability so Dell recommends customers to upgrade at the earliest opportunity.
Impact
- Gain Access
- Security Bypass
Indicators of Compromise
CVE
- CVE-2024-45765
- CVE-2024-45764
- CVE-2024-45763
Affected Vendors
Affected Products
- Dell Enterprise SONiC OS
Remediation
Refer to Dell Security Advisory for patch, upgrade, or suggested workaround information.