Information Exposure Vulnerability in Dell Networking Switches Running Enterprise SONiC OS
CVE-2025-23374

4.9MEDIUM

Key Information:

Vendor: Dell
Status: Enterprise Sonic Os
Vendor: CVE Published:; 30 January 2025

What is CVE-2025-23374?

Dell Networking Switches running earlier versions of Enterprise SONiC OS are affected by a vulnerability that allows privileged attackers to exploit remote access and potentially gain sensitive information logged by the system. This issue highlights the importance of timely updates and robust security measures to protect network infrastructure.

Affected Version(s)

Enterprise SONiC OS < 4.4.1

Enterprise SONiC OS < 4.2.3

References

https://www.dell.com/support/kbdoc/en-us/000278568/dsa-20...

vendor-advisory

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 30, 2025
Vulnerability Reserved
Jan 15, 2025