Lucene search

DellCVELIST:CVE-2022-34425

HistoryOct 10, 2022 - 8:55 p.m.

CVE-2022-34425

2022-10-1020:55:10

CWE-321

dell

www.cve.org

dell enterprise sonic os

ssh

key vulnerability

unauthorized access

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.003

Percentile

68.4%

JSON

Dell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication.

CNA Affected

[
  {
    "vendor": "Dell",
    "product": "Enterprise SONiC OS",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "4.0.2",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000203395/dsa-2022-257-dell-emc-enterprise-sonic-security-update-for-ssh-cryptographic-key-vulnerability

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.003

Percentile

68.4%

JSON

Related for CVELIST:CVE-2022-34425