VYPR

Enterprise SONiC OS

by Dell

CVEs (9)

  • CVE-2023-32484CriFeb 15, 2024
    risk 0.64cvss 9.8epss 0.01

    Dell Networking Switches running Enterprise SONiC versions 4.1.0, 4.0.5, 3.5.4 and below contains an improper input validation vulnerability. A remote unauthenticated malicious user may exploit this vulnerability and escalate privileges up to the highest administrative level.…

  • CVE-2024-45763CriNov 8, 2024
    risk 0.59cvss 9.1epss 0.01

    Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to…

  • CVE-2024-45765CriNov 8, 2024
    risk 0.59cvss 9.1epss 0.01

    Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to…

  • CVE-2024-45764CriNov 8, 2024
    risk 0.59cvss 9.0epss 0.01

    Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) a Missing Critical Step in Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. This is a critical severity…

  • CVE-2025-23374HigJan 30, 2025
    risk 0.52cvss 8.0epss 0.00

    Dell Networking Switches running Enterprise SONiC OS, version(s) prior to 4.4.1 and 4.2.3, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to…

  • CVE-2025-38741HigAug 4, 2025
    risk 0.49cvss 7.5epss 0.00

    Dell Enterprise SONiC OS, version 4.5.0, contains a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication.

  • CVE-2023-24574HigFeb 2, 2023
    risk 0.49cvss 7.5epss 0.01

    Dell Enterprise SONiC OS, 3.5.3, 4.0.0, 4.0.1, 4.0.2, contains an "Uncontrolled Resource Consumption vulnerability" in authentication component. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to uncontrolled resource consumption by…

  • CVE-2022-34425HigOct 10, 2022
    risk 0.49cvss 7.5epss 0.01

    Dell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication.

  • CVE-2021-36309HigOct 1, 2021
    risk 0.46cvss 7.1epss 0.01

    Dell Enterprise SONiC OS, versions 3.3.0 and earlier, contains a sensitive information disclosure vulnerability. An authenticated malicious user with access to the system may use the TACACS\Radius credentials stored to read sensitive information and use it in further attacks.