CVE-2023-32484 CRITICAL

CVE-2023-32484

Vendor Dell

Product Enterprise SONiC OS

Weakness CWE-20 · Input validation

Published February 15, 2024

Last update August 27, 2024

View on NVD All CVEs

CVSS base score

9.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Dell Networking Switches running Enterprise SONiC versions 4.1.0, 4.0.5, 3.5.4 and below contains an improper input validation vulnerability. A remote unauthenticated malicious user may exploit this vulnerability and escalate privileges up to the highest administrative level. This is a Critical vulnerability affecting certain protocols, Dell recommends customers to upgrade at the earliest opportunity.

Key dates

02Disclosure timeline

February 15, 2024 CVE published

August 27, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-32484

Related vulnerabilities

Identifiers

CVE CVE-2023-32484

CWE CWE-20

CVSS 9.8 / CRITICAL

Affected versions

Vendor Dell

Product Enterprise SONiC OS

Affected 3.5.x

Vendor Dell

Product Enterprise SONiC OS

Affected 4.0.x

Vendor Dell

Product Enterprise SONiC OS

Affected 4.1.0

CVE-2023-32484

01Description

02Disclosure timeline

03References

04Related CVE