CVE-2024-45765: OS Command Injection
First published: Fri Nov 08 2024(Updated: )
Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. This is a critical severity vulnerability as it allows high privilege OS commands to be executed with a less privileged role; so Dell recommends customers to upgrade at the earliest opportunity.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dell Enterprise Sonic Distribution | >=4.1.0<4.1.6 | |
| Dell Enterprise Sonic Distribution | >=4.2.0<4.2.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/weakness
- agent/references
- agent/first-publish-date
- agent/type
- agent/description
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/severity
- agent/softwarecombine
- agent/tags
- vendor/dell
- canonical/dell enterprise sonic distribution
- version/dell enterprise sonic distribution/4.1.0
- version/dell enterprise sonic distribution/4.2.0