Dell Technologies has disclosed multiple critical security vulnerabilities in its Enterprise SONiC OS, which could allow attackers to gain control of affected systems.
These vulnerabilities, identified through the Common Vulnerabilities and Exposures (CVE) system, are critical and affect Dell Enterprise SONiC OS versions 4.1.x and 4.2.x.
Dell urges users to upgrade their systems immediately to the remediated versions to mitigate potential risks.
Attend a Free Webinar on How to Maximize Cybersecurity Program ROI
Dell Enterprise SONiC OS, in versions 4.1.x and 4.2.x, contains an improper neutralization of special elements used in OS commands, also known as an OS Command Injection vulnerability, CVE-2024-45763.
A highly privileged attacker with remote access could exploit this flaw to execute arbitrary commands on the affected system.
This vulnerability allows a high-privilege attacker to execute system-level commands remotely, potentially leading to a complete system takeover. Dell recommends immediate upgrades to prevent exploitation.
CVE-2024-45764 vulnerability affects Dell Enterprise SONiC OS versions 4.1.x and 4.2.x. An unauthenticated attacker with remote access could exploit a missing critical step in the authentication process, bypassing protection mechanisms and gaining unauthorized access to the system.
This vulnerability poses a significant risk as it could allow attackers to bypass key authentication protocols, potentially leading to unauthorized access and further exploitation.
Like CVE-2024-45763, this vulnerability, CVE-2024-45765, involves improperly neutralizing particular elements in OS commands.
However, CVE-2024-45765 allows high-privilege OS commands to be executed by users with less privileged roles, increasing the risk of system compromise.
Dell recommends immediate upgrades to versions that address these vulnerabilities, as they could allow attackers to perform unauthorized actions on the system.
Affected Products & Remediation
| Product | Affected Versions | Remediated Versions |
| Dell Enterprise SONiC Distribution | Versions before 4.2.2 | 4.1.6 |
| Dell Enterprise SONiC Distribution | Versions prior to 4.2.2 | 4.2.2 |
Customers using the affected versions are strongly encouraged to upgrade to the remediated versions (4.1.6 or 4.2.2) as soon as possible to avoid potential exploits.
Dell Technologies advises customers to consider both the CVSS base score and relevant temporal and environmental factors when assessing the severity of these vulnerabilities.
Given the critical nature of these flaws, prompt updates are necessary to safeguard sensitive systems from exploitation.
Run private, Real-time Malware Analysis in both Windows & Linux VMs. Get a 14-day free trial with ANY.RUN!
The Lotus Blossom hacker group, also known as Spring Dragon, Billbug, or Thrip, has been…
A newly identified malware, dubbed "Squidoor," has emerged as a sophisticated threat targeting government, defense,…
Cyber adversaries have evolved into highly organized and professional entities, mirroring the operational efficiency of…
In Q3 2024, Cofense Intelligence uncovered a targeted spear-phishing campaign aimed at employees working in…
The DragonForce ransomware group has launched a significant cyberattack on critical infrastructure in Saudi Arabia,…
In a concerning development, cybersecurity researchers at Trellix have uncovered a sophisticated malware campaign that…