Dell Enterprise SONIC OS Patches Critical Security Vulnerabilities

Summary: Dell has issued security updates for its Enterprise SONIC operating system to fix multiple critical vulnerabilities that could allow attackers to compromise systems. The vulnerabilities, reported by the TIANGONG Team of Legendsec, affect versions 4.1.x and 4.2.x and require immediate attention from users.

Threat Actor: TIANGONG Team of Legendsec | TIANGONG Team of Legendsec
Victim: Dell | Dell

Key Point :

  • Three critical vulnerabilities identified as CVE-2024-45763, CVE-2024-45764, and CVE-2024-45765 have been reported.
  • CVE-2024-45763 and CVE-2024-45765 involve OS Command Injection vulnerabilities with a CVSS score of 9.1, allowing high-privilege command execution.
  • CVE-2024-45764 is a Missing Critical Step in Authentication flaw with a CVSS score of 9.0, enabling potential protection mechanism bypass.
  • Dell recommends users upgrade to patched versions 4.1.6 or 4.2.2 to mitigate these risks.

Dell has released security updates for its Enterprise SONIC operating system to address multiple vulnerabilities, including critical ones that could allow attackers to compromise affected systems.

The vulnerabilities, identified as CVE-2024-45763, CVE-2024-45764, and CVE-2024-45765, affect Dell Enterprise SONIC OS versions 4.1.x and 4.2.x. The vulnerabilities reported by the TIANGONG Team of Legendsec at QI-ANXIN

  • CVE-2024-45763: An OS Command Injection vulnerability in the affected SONiC versions could enable “a high privileged attacker with remote access [to] exploit this vulnerability, leading to Command execution.” Dell strongly advises upgrading to patched versions to mitigate this 9.1 CVSS-scored risk
  • CVE-2024-45764: A Missing Critical Step in Authentication flaw allows “an unauthenticated attacker with remote access [to] potentially exploit this vulnerability, leading to Protection mechanism bypass.” With a 9.0 CVSS score, this vulnerability also underscores the need for an immediate upgrade
  • CVE-2024-45765: Another OS Command Injection vulnerability with a CVSS score of 9.1 enables high-privilege commands to be executed under a less privileged role, which could lead to command execution.

This is a critical severity vulnerability so Dell recommends customers to upgrade at the earliest opportunity,” the advisory states.

Dell has released updated versions of its Enterprise SONIC OS to address these vulnerabilities. Users are urged to upgrade to versions 4.1.6 or 4.2.2 as soon as possible.

Related Posts:

Source: https://securityonline.info/dell-enterprise-sonic-os-patches-critical-security-vulnerabilities