Cryptographic Key Vulnerability in Dell Enterprise SONiC OS
CVE-2022-34425

7.5HIGH

Key Information:

Vendor: Dell
Status: Enterprise Sonic Os
Vendor: CVE Published:; 10 October 2022

Summary

Dell Enterprise SONiC OS versions 4.0.0 and 4.0.1 have a cryptographic key vulnerability associated with the SSH service. This flaw allows unauthenticated remote attackers to exploit the weakness, resulting in unauthorized access to sensitive communications. It is important for users to apply the necessary security updates to mitigate the risk of exploitation.

Affected Version(s)

Enterprise SONiC OS < 4.0.2

References

https://www.dell.com/support/kbdoc/en-us/000203395/dsa-20...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 10, 2022
Vulnerability Reserved
Jun 23, 2022