Lucene search

DellCVELIST:CVE-2023-24574

HistoryFeb 02, 2023 - 4:04 p.m.

CVE-2023-24574

2023-02-0216:04:58

CWE-400

dell

www.cve.org

dell

enterprise sonic os

uncontrolled resource consumption

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

55.7%

JSON

Dell Enterprise SONiC OS, 3.5.3, 4.0.0, 4.0.1, 4.0.2, contains an “Uncontrolled Resource Consumption vulnerability” in authentication component. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to uncontrolled resource consumption by creating permanent home directories for unauthenticated users.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Enterprise SONiC OS",
    "vendor": "Dell",
    "versions": [
      {
        "lessThanOrEqual": "3.5.3, 3.5.4, 4.0.0, 4.0.1, 4.0.2",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000208165/dsa-2023-039-dell-emc-enterprise-sonic-security-update-for-an-uncontrolled-resource-consumption-vulnerability

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

55.7%

JSON

Related for CVELIST:CVE-2023-24574