Information Exposure Vulnerability in Dell Networking Switches Running Enterprise SONiC OS
CVE-2025-23374

8HIGH

Key Information:

Vendor: Dell
Status: Enterprise Sonic Os
Vendor: CVE Published:; 30 January 2025

Summary

Dell Networking Switches running earlier versions of Enterprise SONiC OS are affected by a vulnerability that allows privileged attackers to exploit remote access and potentially gain sensitive information logged by the system. This issue highlights the importance of timely updates and robust security measures to protect network infrastructure.

Affected Version(s)

Enterprise SONiC OS < 4.4.1

Enterprise SONiC OS < 4.2.3

References

https://www.dell.com/support/kbdoc/en-us/000278568/dsa-20...

vendor-advisory

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 30, 2025
Vulnerability Reserved
Jan 15, 2025