CVE-2024-45764

Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) a Missing Critical Step in Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. This is a critical severity vulnerability so Dell recommends customers to upgrade at the earliest opportunity.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:dell:enterprise_sonic_distribution:*:*:*:*:*:*:*:*
cpe:2.3:o:dell:enterprise_sonic_distribution:*:*:*:*:*:*:*:*

History

13 Nov 2024, 19:08

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 9.0
v2 : unknown
v3 : 9.8
CWE NVD-CWE-Other
CPE cpe:2.3:o:dell:enterprise_sonic_distribution:*:*:*:*:*:*:*:*
References () https://www.dell.com/support/kbdoc/en-us/000245655/dsa-2024-449-security-update-for-dell-enterprise-sonic-distribution-vulnerabilities - () https://www.dell.com/support/kbdoc/en-us/000245655/dsa-2024-449-security-update-for-dell-enterprise-sonic-distribution-vulnerabilities - Vendor Advisory
Summary
  • (es) Dell Enterprise SONiC OS, versiones 4.1.x y 4.2.x, contiene una vulnerabilidad de falta de paso crítico en la autenticación. Un atacante no autenticado con acceso remoto podría aprovechar esta vulnerabilidad, lo que provocaría la omisión del mecanismo de protección. Se trata de una vulnerabilidad de gravedad crítica, por lo que Dell recomienda a los clientes que actualicen la versión lo antes posible.
First Time Dell
Dell enterprise Sonic Distribution

08 Nov 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-08 16:15

Updated : 2024-11-13 19:08


NVD link : CVE-2024-45764

Mitre link : CVE-2024-45764

CVE.ORG link : CVE-2024-45764


JSON object : View

Products Affected

dell

  • enterprise_sonic_distribution
CWE
NVD-CWE-Other CWE-304

Missing Critical Step in Authentication