Description

Dell Enterprise SONiC OS, versions 3.3.0 and earlier, contains a sensitive information disclosure vulnerability. An authenticated malicious user with access to the system may use the TACACS\Radius credentials stored to read sensitive information and use it in further attacks.

Related CPE's

o

dell

enterprise_sonic_os

Vulnerable

References

https://www.dell.com/support/kbdoc/en-us/000191690/DSA-2021-190-Dell-Enterprise-SONiC-OS-Security-Update-for-an-information-disclosure-Vulnerability

PatchVendor Advisory

https://www.dell.com/support/kbdoc/en-us/000191690/DSA-2021-190-Dell-Enterprise-SONiC-OS-Security-Update-for-an-information-disclosure-Vulnerability

PatchVendor Advisory

Weaknesses

[email protected]

Secondary
CWE-256

[email protected]

Primary
CWE-522

CVSS impact metrics

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

7.1 · High

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-10-01T19:15:08.237Z

4 years ago

Last modified

2024-11-21T05:13:28.187Z

1 year ago